I was trying to access a windows virtual guest remote desktop running on RHEL 6 kvm host using the different virtual nat network called windows (192.168.100.0) from my fedora box which is completely on different subnet (10.69.69.0) but i don't know how to achieve it .
Then strikes iptables, a very powerfull firewall which handles packets based on the type of packet activity and enqueues the packet in one of its builtin ‘tables’. In Linux box, iptables is implemented in Linux kernel as some kernel modules.
Follow the below steps on your kvm host
Flush the Forward Chain (Add appropriate rule to allow 3389 if you have any working FORWARD chain rule)
#iptables -F FORWARD
Verfiy rules are flushed on FORWARD chain using
#iptables -L -n
Write a NAT rule on Prerotuing chain to redirect 3389 traffic on host public ip to the virtual machines running on a virtual nat network of 192.168.100.181
#iptables -t nat -A PREROUTING -p tcp -d 10.69.69.83 --dport 3389 -j DNAT --to-destination 192.168.100.181:3389
where
10.69.69.83 -- host kvm bridge
192.168.100.181 -- windows netowrk vm1 ip
3389 -- rdesktop port
Check the NAT table once you added the above command using
#iptables -L -n -t nat
#iptables -L -n -t nat
Save the rule using the below commands
/etc/init.d/iptables save
Then restart iptables and libvirtd service
#service iptables restart
#service libvirtd restart
Thats it Now you can access the remote desktop of the windows virtual machine from any of your 10.69.69.0 network by pointing to 10.69.69.83 on 3389 port .
/etc/init.d/iptables save
Then restart iptables and libvirtd service
#service iptables restart
#service libvirtd restart
Thats it Now you can access the remote desktop of the windows virtual machine from any of your 10.69.69.0 network by pointing to 10.69.69.83 on 3389 port .
You can looked at nf_conntrack proc file during a connection attempt
#cat /proc/net/nf_conntrack | grep 3389
ipv4 2 tcp 6 118 SYN_SENT src=4.79.142.206 dst=192.168.3.1 sport=43142 dport=3389 packets=6 bytes=264 [UNREPLIED] src=192.168.3.5 dst=4.79.142.206 sport=3389 dport=43142 packets=0 bytes=0 mark=0 secmark=0 zone=0 use=2
or
you can run simple tcpdump to monitor the traffic flow between the kvm host on port 3389
# tcpdump port 3389
2 comments:
I love you for this.
I love you too, flushing the FORWARD chain was my missing step....
Post a Comment