KVM port forwarding guest to host

Hardware Hub Networking
, ,
1

So, I am trying to set up a port forwarding for my KVM and I am completely new to this topic.

I have a Fedora 30 running on my host system and I have a Ubuntu 18.04 server as a guest system which get internet access via NAT.
On the guest I have a webserver running and I want it to be accessable from localhost of my host:

Web browser on host localhost:8080 <-> Web server on guest localhost:8080

I got this configuration running on my former Windows system in VMWare Workstation. Setting this up was basically click and go.
But with KVM I am facing a completely different situation and I don’t know where to start.

What I’ve done so far is:

  • Setting up a dedicated virtual network interface for my VM
  • Configuring the firewall to forward port 8080

I did these steps as described in this guide.

That alone didn’t yield the desired result. So I went on by setting up the same port forwarding in my Ubuntu server guest as well. (Following this guide)

But that didn’t help either.

image
image.png1217Ă—591 208 KB

What am I doing wrong?
Is there anything substantial I misunderstood?

1 Like
2

its not recommended to make localhost point to anything besides the default local interface, as it can break things, but it can be done.
there are a few ways this can be accomplished.

does the host access the internet through a DHCP server running on another machine (I.E. a router)?

if so, just use SR-IOV for your VM networking, and if that isn’t an option, make a transparent bridge.
then you could forward your ports to the VM just like any other machine on that DHCP network.
this won’t itself make the guest appear as localhost, but that can be done by modifying the hosts file on the server.

if not, then how is your network setup? how does your host access the internet?

3

My router is my networks gateway to the internet and runs the DHCP server.

And my host system connects to the router via a Qualcomm Atheros QCA6174 802.11ac Wireless Network Adapter (wlp3s0).
And the Ubuntu server I mentioned runs as a VM inside on my host machine.

ip link show yields:

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp5s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN mode DEFAULT group default qlen 1000
    link/ether 10:7b:44:90:b1:a7 brd ff:ff:ff:ff:ff:ff
3: wlp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN mode DORMANT group default qlen 4000
    link/ether a6:50:2c:95:e3:82 brd ff:ff:ff:ff:ff:ff
4: wlp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DORMANT group default qlen 1000
    link/ether e0:4f:43:70:0b:a8 brd ff:ff:ff:ff:ff:ff
5: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:e2:02:25 brd ff:ff:ff:ff:ff:ff
6: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr1 state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:e2:02:25 brd ff:ff:ff:ff:ff:ff
7: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:f7:ee:93 brd ff:ff:ff:ff:ff:ff
8: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN mode DEFAULT group default qlen 1000
    link/ether 52:54:00:f7:ee:93 brd ff:ff:ff:ff:ff:ff
9: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default 
    link/ether 02:42:0c:62:dc:27 brd ff:ff:ff:ff:ff:ff
10: br-83572c696db9: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default 
    link/ether 02:42:9c:2e:5a:58 brd ff:ff:ff:ff:ff:ff
27: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master virbr0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether fe:54:00:17:42:1d brd ff:ff:ff:ff:ff:ff
156: veth0f71d98@if155: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-83572c696db9 state UP mode DEFAULT group default 
    link/ether ba:3a:ba:2b:33:ca brd ff:ff:ff:ff:ff:ff link-netnsid 0
158: veth2ba6941@if157: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-83572c696db9 state UP mode DEFAULT group default 
    link/ether 1e:1f:93:bf:37:ef brd ff:ff:ff:ff:ff:ff link-netnsid 1
160: veth11e3c01@if159: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-83572c696db9 state UP mode DEFAULT group default 
    link/ether 9a:55:c8:22:b8:ec brd ff:ff:ff:ff:ff:ff link-netnsid 2
166: vethddc2a84@if165: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-83572c696db9 state UP mode DEFAULT group default 
    link/ether ee:04:f4:9a:23:1b brd ff:ff:ff:ff:ff:ff link-netnsid 5
168: veth0f88464@if167: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-83572c696db9 state UP mode DEFAULT group default 
    link/ether 56:bb:f2:6b:40:b4 brd ff:ff:ff:ff:ff:ff link-netnsid 6
170: veth236b4a8@if169: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-83572c696db9 state UP mode DEFAULT group default 
    link/ether 3e:b1:bf:52:25:72 brd ff:ff:ff:ff:ff:ff link-netnsid 7
172: veth129f157@if171: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-83572c696db9 state UP mode DEFAULT group default 
    link/ether ea:16:9f:06:e8:ba brd ff:ff:ff:ff:ff:ff link-netnsid 8
176: veth8989549@if175: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-83572c696db9 state UP mode DEFAULT group default 
    link/ether 62:f5:59:25:cd:f7 brd ff:ff:ff:ff:ff:ff link-netnsid 9
196: vethf2c81fd@if195: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-83572c696db9 state UP mode DEFAULT group default 
    link/ether 3a:d1:73:65:8d:9c brd ff:ff:ff:ff:ff:ff link-netnsid 3
204: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master virbr0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether fe:54:00:39:0d:da brd ff:ff:ff:ff:ff:ff

image
image.png774Ă—651 92.8 KB

So I guess SR-IOV would be an option right?

How would I do that?

In this article Intel lists three different options to inject SR-IOV networks.
Since macvtap is mentioned there I assumed that I could select the wlp3s0:macvtap device for networking.
It also offers me the selection between different Device models and source modes.

I have no idea what to select but I tried a combination of the source mode “Bridge” and device model “rtl8139” but that didn’t even allow my VM to access the internet.

4

Try these commands:

# KVM NETWORK TYPE: Nat
# KVM BRIDGE NIC: virbr0
# VM NETWORK: 192.168.122.0/24
# VM IP: 192.168.122.247 
# PORT TO FORWARD: 80
# HOST ETHERNET DEVICE: enp7s0

# connections from outside
iptables -I FORWARD -o virbr0 -d  192.168.122.247 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.122.247:80

# Masquerade local subnet
iptables -I FORWARD -o virbr0 -d  192.168.122.247 -j ACCEPT
iptables -t nat -A POSTROUTING -s 192.168.122.0/24 -j MASQUERADE
iptables -A FORWARD -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i virbr0 -o enp7s0 -j ACCEPT
iptables -A FORWARD -i virbr0 -o lo -j ACCEPT

the try accessing:

http://HOST_IP

on you browser.

Currently using it to access a windows remote services on a vm