Iptables based router inside KVM virtual machine

Posted by Anton on Super User See other posts from Super User or by Anton
Published on 2012-06-29T14:17:56Z Indexed on 2012/06/29 15:18 UTC
Read the original article Hit count: 272

Filed under:

linux

|

router

|

port-forwarding

|

iptables

|

linux-kvm

I have KVM virtual machine (CentOS 6.2 x64), it has 2 NIC:

eth0 - real external IP 1.2.3.4 (simplified example instead of real one)
eth1 - local internal IP 172.16.0.1

Now I'm trying to make port mapping 1.2.3.4:80 => 172.16.0.2:80

Current iptables rules:

# Generated by iptables-save v1.4.7 on Fri Jun 29 17:53:36 2012
*nat
:OUTPUT ACCEPT [0:0]
:PREROUTING ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
-A POSTROUTING -o eth0 -j MASQUERADE
-A PREROUTING -p tcp -m tcp -d 1.2.3.4 --dport 80 -j DNAT --to-destination 172.16.0.2:80
COMMIT
# Completed on Fri Jun 29 17:53:36 2012
# Generated by iptables-save v1.4.7 on Fri Jun 29 17:53:36 2012
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
COMMIT
# Completed on Fri Jun 29 17:53:36 2012
# Generated by iptables-save v1.4.7 on Fri Jun 29 17:53:36 2012
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
COMMIT
# Completed on Fri Jun 29 17:53:36 2012

But there is nothing works, I mean it does not forwards that port.

Similar configuration without virtualization seems to be working.

What am I missing?

Thanks!

© Super User or respective owner

Related posts about linux

apt-get install and update fail

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I've got a problem with apt-get update and apt-get install ... commands . every time update or installing fails and errors are : Get:1 http://dl.google.com stable Release.gpg [198B] Ign http://dl.google.com/linux/chrome/deb/ stable/main Translation-en_US Get:2 http://dl… >>> More
kernel module compiling error

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
sh@ubuntu:/home/ccpp/helloworld$ make gcc-4.6 -O2 -DMODULE -D_KERNEL_ -W -Wall -Wstrict-prototypes -Wmissing-prototypes -isystem /lib/modules/`uname -r`/build/include -c -o hello-1.o hello-1.c hello-1.c:4:0: warning: "MODULE" redefined [enabled by default] <command-line>:0:0: note: this is… >>> More
Build-Essentials installation failing

as seen on Ask Ubuntu - Search for 'Ask Ubuntu'
I am having trouble accessing the several critical header files that show to be a part of the build process. The "Ubuntu Software Center" shows "Build Essentials" as installed: Next I did the following two commands, which did not improve the problem: ~$ sudo apt-get install build-essential [sudo]… >>> More
Updating Debian kernel

as seen on Super User - Search for 'Super User'
I'm trying to update my Debian machine to 2.6.32-46 (which is the new stable). However, after doing apt-get update my apt-cache search linux-image shows me: linux-headers-2.6.32-5-486 - Header files for Linux 2.6.32-5-486 linux-headers-2.6.32-5-686-bigmem - Header files for Linux 2.6.32-5-686-bigmem linux-headers-2… >>> More
Serial connection over a single USB cable (Windows to linux, or linux to linux)

as seen on Server Fault - Search for 'Server Fault'
I'm helping out with a project for an embedded device that only has USB and no serial. This device is running Linux. These days, when we need to connect to a serial port on a device we typically use a USB to serial adapter (on something like a phone system or a load balancing device, etc). I would… >>> More

Related posts about router

cisco 2911 router vs 2811 router

as seen on Server Fault - Search for 'Server Fault'
Just wondering if anyone has experience with the cisco 2911 or 2900 series routers. I understand it is newer and similar to the 2811 but more robust. The price difference is not that much more. I am trying to determine if I should go with the 29xx or 28xx series for a small-medium sized company… >>> More
linksys wrt54g router to a Cisco router?

as seen on Super User - Search for 'Super User'
This may be a strange question but I have no clue. I currently have a basic linksys wrt54g router fo9r my home network. I am considering getting a rack/cabinet and running a home server or 2 and hooking up my home network to it. If I were to do0 this I could pick up a cisco rack mounted router… >>> More
Ubuntu 10.10 Ad-Hoc Setup (from Wireless Router, to Ubuntu Server/Desktop to Wireless Router)

as seen on Super User - Search for 'Super User'
Okay, so I know there are different approaches for this, but I will explain my story briefly before getting to the technical stuff. My fiancée and I are going through some financial issues (as I assume a lot of us are). We ended up having to move from our house and stay with some friends/family for… >>> More
Prolink 5200 modem/router connected to Linksys WRT54GS wireless router

as seen on Super User - Search for 'Super User'
Hello does any one knows how to conect prolink 5200 single port modem/router with Linksys wireless router ......i dont know how to configerat these to togather >>> More
How to Reuse Your Old Wi-Fi Router as a Network Switch

as seen on How to geek - Search for 'How to geek'
Just because your old Wi-Fi router has been replaced by a newer model doesn’t mean it needs to gather dust in the closet. Read on as we show you how to take an old and underpowered Wi-Fi router and turn it into a respectable network switch (saving your $20 in the process). Image by mmgallan… >>> More