Problem with Internet access on kvm Code Answer

Hello Developer, Hope you guys are doing great. Today at Tutorial Guruji Official website, we are sharing the answer of Problem with Internet access on kvm without wasting too much if your time.

The question is published on by Tutorial Guruji team.

i have a question about How to enable Internet access on kvm. I have situation like that: Internet traffic going through external firewall, I have ports 5000-5004 forwarded to my machine (interface em1). On kvm I have virtual interface which NAT that em1 to my kvm guest.

On host machine I have iptables setup:

iptables -t nat -A PREROUTING -p tcp --dport 5001 -j DNAT --to-destination 192.168.100.170:22

iptables -t nat -A POSTROUTING -p tcp -d 192.168.100.170 --dport 5001 -j SNAT --to-source EXTERNAL-IP

Connection with ssh works correctly (ssh to port 5000 connect me to host, ssh to 5001 connect me to guest). I can ping from guest to host, but I cant install anything from repository, ping anything, etc. My host is sles12 and guest kvm is centos 7 Any idea?

Answer

You use SNAT in the wrong direction. There is no need for it with incoming connections. You need it when the VM initiates a connection:

iptables -t nat -A POSTROUTING -p tcp -s 192.168.100.170 -j SNAT --to-source EXTERNAL-IP

where EXTERNAL-IP is the address of em1.

In general it helps a lot to use tcpdump on both interfaces. Then you see whether the packets have the correct addresses.

We are here to answer your question about Problem with Internet access on kvm - If you find the proper solution, please don't forgot to share this with your team members.

Related Posts

Tutorial Guruji