Hello Sean, ok, I think we understand what you mean.
There are two things here: (1) Getting the host to forward the port with iptables (2) doing it automatically with OpenNebula using customized network drivers: Let's start by achieving this manually and we can move on later on to doing it automatically with OpenNebula: To do this you need to do the following in the host that's running the gateway VM: * add an iptables rule to forward to the desired vm: iptables -t nat -I PREROUTING -p tcp --dport <PORT> -j DNAT --to-destination <guest_vm_ip>:<PORT> * allow forwarding: echo "1" > /proc/sys/net/ipv4/ip_forward iptables -I FORWARD -m state -d <libvirt_nat_network>/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT * add a static route: route add -net <libvirt_nat_network> netmask 255.255.255.0 dev <BRIDGE> Can you try this and let us know if it works? Cheers, Jaime On Fri, May 11, 2012 at 7:08 PM, Sean Abbott <[email protected]> wrote: > The hosts connect to each other through a backend network. They're all > on the same switch, and they use a bridge to that backend network to > provide inter-vm connectivity. > > So, in the templates below, fullbackend is connected to a bridge that > goes to a private network. natnet0 is connected to virbr0, which does > IP masquerading out to the world via libvirt's default nat with > libvirt's default iptables rules. As I said, all that's working fine. > So regardless of whether opennebula truly SUPPORTS it, it does work. :-) > > All I need to go is get one port to forward to one vm and my setup will > work wonderfully. > > On 05/11/2012 11:01 AM, Jaime Melis wrote: > > Dear Sean, > > > > OpenNebula does not support Libvirt's NAT-network(192.168.122.0/24). > > You have to create a network environment as described here: > > http://opennebula.org/documentation:rel3.4:plan#networking > > > > How are your hosts connected to each other? > > > > Regards, > > Jaime > > > > On Fri, May 11, 2012 at 4:40 PM, Sean Abbott <[email protected]> > wrote: > >> Hello, > >> > >> I have a setup intended for selenium grid. I'll have a bunch of > >> machines using the default NAT for internet access and a management > >> network for communication between each other. The template for these > >> VMs is: > >> > >> NIC=[ > >> MODEL=virtio, > >> NETWORK="natnet0", > >> NETWORK_UNAME=oneadmin ] > >> NIC=[ > >> MODEL=virtio, > >> NETWORK="fullbackend", > >> NETWORK_UNAME=oneadmin ] > >> > >> > >> That's all working. I need one VM to be able to communicate with the > >> outside world on a single port (4444). I've set up template as follows: > >> > >> NIC=[ > >> MODEL=virtio, > >> NETWORK="natnet0", > >> NETWORK_UNAME=oneadmin, > >> IP=192.168.122.100, > >> WHITE_PORTS_TCP=4444 ] > >> NIC=[ > >> MODEL=virtio, > >> NETWORK="fullbackend", > >> NETWORK_UNAME=oneadmin ] > >> > >> The resulting VM can still use the internet and it can still communicate > >> with the other VMs. I can communicate with it on port 4444 from the > >> host that it's on, but not from outside. > >> > >> Is this what WHITE_PORTS_TCP is intended for? Am I doing something > wrong? > >> > >> Thanks! > >> > >> sean > >> _______________________________________________ > >> Users mailing list > >> [email protected] > >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > > > > > > -- Jaime Melis Project Engineer OpenNebula - The Open Source Toolkit for Cloud Computing www.OpenNebula.org | [email protected]
_______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
