sono russo così dispiaciuto per il mio inglese. I miei amici russi di forum.ubuntu.ru non possono aiutarmi.
Ho bisogno di instradare tutte le connessioni al mio IP per kvm virtual mashine
Con iptables-restore:
*filter
-N drop-and-log-it
-A drop-and-log-it -j LOG
-A drop-and-log-it -j REJECT
# allow all connections on loopback
-A INPUT -i lo -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -j ACCEPT
COMMIT
*nat
-A POSTROUTING -s 192.168.122.0/24 -o eth0 -j MASQUERADE
-A PREROUTING -i eth0 -d 192.168.0.117 -p tcp -m tcp --dport 90 -j DNAT --to-destination 192.168.122.177:80
COMMIT
192.168.122.177:80 - funziona come necessario 192.168.0.117:90 - niente
ifconfig
eth0 Link encap:Ethernet HWaddr 08:60:6e:69:6d:07
inet addr:192.168.0.117 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::a60:6eff:fe69:6d07/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:79261 errors:0 dropped:0 overruns:0 frame:0
TX packets:13014 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:8415836 (8.4 MB) TX bytes:2855090 (2.8 MB)
lo Link encap:Локальная петля (Loopback)
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:1269 errors:0 dropped:0 overruns:0 frame:0
TX packets:1269 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2444805 (2.4 MB) TX bytes:2444805 (2.4 MB)
virbr0 Link encap:Ethernet HWaddr fe:54:00:ee:98:ab
inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:135 errors:0 dropped:0 overruns:0 frame:0
TX packets:125 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:15149 (15.1 KB) TX bytes:13225 (13.2 KB)
vnet0 Link encap:Ethernet HWaddr fe:54:00:ee:98:ab
inet6 addr: fe80::fc54:ff:feee:98ab/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:135 errors:0 dropped:0 overruns:0 frame:0
TX packets:1823 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:17039 (17.0 KB) TX bytes:104538 (104.5 KB)
iptables-save
# Generated by iptables-save v1.4.21 on Mon Sep 14 10:23:01 2015
*filter
:INPUT ACCEPT [62511:4175306]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8701:2000024]
:drop-and-log-it - [0:0]
-A INPUT -i lo -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -j ACCEPT
-A drop-and-log-it -j LOG
-A drop-and-log-it -j REJECT --reject-with icmp-port-unreachable
COMMIT
# Completed on Mon Sep 14 10:23:01 2015
# Generated by iptables-save v1.4.21 on Mon Sep 14 10:23:01 2015
*mangle
:PREROUTING ACCEPT [65469:4858827]
:INPUT ACCEPT [62843:4204332]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [8716:2001632]
:POSTROUTING ACCEPT [8812:2007892]
COMMIT
# Completed on Mon Sep 14 10:23:01 2015
# Generated by iptables-save v1.4.21 on Mon Sep 14 10:23:01 2015
*nat
:PREROUTING ACCEPT [5323:998794]
:INPUT ACCEPT [2710:348676]
:OUTPUT ACCEPT [1095:89324]
:POSTROUTING ACCEPT [1095:89324]
-A PREROUTING -d 192.168.0.117/32 -i eth0 -p tcp -m tcp --dport 90 -j DNAT --to-destination 192.168.122.177:80
-A POSTROUTING -s 192.168.122.0/24 -o eth0 -j MASQUERADE
COMMIT
# Completed on Mon Sep 14 10:23:01 2015
mostra percorso ip
default via 192.168.0.1 dev eth0 proto static
192.168.0.0/24 dev eth0 proto kernel scope link src 192.168.0.117 metric 1
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
sysctl net.ipv4.ip_forward = 1
—
Александр Ефимов
Da forum.ubuntu.ru: filter: FORWARD Necessità di regole consentite per l'host virtuale. Il valore predefinito è DROP. Come posso applicarlo?
—
Александр Ефимов,
cat /proc/sys/net/ipv4/ip_forwarddovrebbe essere 1.