View previous topic :: View next topic |
Author |
Message |
silverchris Tux's lil' helper
Joined: 04 Oct 2003 Posts: 142 Location: Orangeville, Ont, Canada
|
Posted: Thu Aug 01, 2013 11:26 pm Post subject: Routing problems |
|
|
Hi all,
I have a bit of a weird routing issue, and was wondering if anyone around here could give me a hand.
I have a gentoo server running in a data center, that has 2 IPs, one is assigned to eth0, and the other I would like to route to a virtualbox guest.
I have been trying to figure out how to do this using a host only adapter on the guest, and adding in a few routes on the host... Currently the host is recieving my packets, but I can't send anything from the guest.
routing table on the host looks like:
Code: |
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 142.4.210.254 0.0.0.0 UG 3 0 0 eth0
10.9.0.0 * 255.255.255.0 U 0 0 0 vboxnet0
loopback localhost 255.0.0.0 UG 0 0 0 lo
142.4.210.0 * 255.255.255.0 U 0 0 0 eth0
192.95.37.37 * 255.255.255.255 UH 0 0 0 vboxnet1
192.168.0.0 * 255.255.255.0 U 0 0 0 vboxbridge
192.168.1.0 * 255.255.255.0 U 0 0 0 vboxnet1
|
iptables on the host looks like
Code: |
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 192.95.37.37 anywhere
ACCEPT all -- anywhere 192.95.37.37
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:25565
ACCEPT udp -- anywhere anywhere ctstate NEW udp dpt:4569
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT tcp -- 10.8.0.0/24 anywhere ctstate NEW tcp dpt:bacula-sd
ACCEPT tcp -- 10.8.0.0/24 anywhere ctstate NEW tcp dpt:bacula-dir
ACCEPT tcp -- 10.8.0.0/24 anywhere ctstate NEW tcp dpt:bacula-fd
ACCEPT tcp -- 192.168.0.0/24 anywhere ctstate NEW tcp dpt:bacula-fd
ACCEPT tcp -- 192.168.0.0/24 anywhere ctstate NEW tcp dpt:bacula-dir
ACCEPT tcp -- 192.168.0.0/24 anywhere ctstate NEW tcp dpt:bacula-sd
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:11194
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:2778
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:ircd
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:9090
ACCEPT icmp -- anywhere anywhere icmp echo-request ctstate NEW,RELATED,ESTABLISHED
DROP all -- anywhere anywhere
ACCEPT all -- 192.168.1.0/24 anywhere
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:9090
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:25565
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ircd ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:9090 ctstate NEW
ACCEPT icmp -- anywhere anywhere icmp echo-reply ctstate RELATED,ESTABLISHED
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 192.95.37.37 anywhere
ACCEPT all -- anywhere 192.95.37.37
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:25565
ACCEPT udp -- anywhere anywhere ctstate NEW udp dpt:4569
ACCEPT all -- 192.168.0.0/24 anywhere
ACCEPT tcp -- 10.8.0.0/24 anywhere ctstate NEW tcp dpt:bacula-sd
ACCEPT tcp -- 10.8.0.0/24 anywhere ctstate NEW tcp dpt:bacula-dir
ACCEPT tcp -- 10.8.0.0/24 anywhere ctstate NEW tcp dpt:bacula-fd
ACCEPT tcp -- 192.168.0.0/24 anywhere ctstate NEW tcp dpt:bacula-fd
ACCEPT tcp -- 192.168.0.0/24 anywhere ctstate NEW tcp dpt:bacula-dir
ACCEPT tcp -- 192.168.0.0/24 anywhere ctstate NEW tcp dpt:bacula-sd
ACCEPT all -- anywhere anywhere
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:11194
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:ftp
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:http
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:2778
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:ircd
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:9090
ACCEPT icmp -- anywhere anywhere icmp echo-request ctstate NEW,RELATED,ESTABLISHED
DROP all -- anywhere anywhere
ACCEPT all -- 192.168.1.0/24 anywhere
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:9090
ACCEPT tcp -- anywhere anywhere ctstate NEW tcp dpt:25565
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ftp ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:http ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:ircd ctstate NEW
ACCEPT tcp -- anywhere anywhere tcp dpt:9090 ctstate NEW
ACCEPT icmp -- anywhere anywhere icmp echo-reply ctstate RELATED,ESTABLISHED
|
Guest routing table looks like
Code: |
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
142.4.210.254 0.0.0.0 255.255.255.255 UH 0 0 0 eth1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.95.37.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1
0.0.0.0 142.4.210.254 0.0.0.0 UG 0 0 0 eth1
|
Any ideas? |
|
Back to top |
|
|
quilosaq Veteran
Joined: 22 Dec 2009 Posts: 1522
|
Posted: Fri Aug 02, 2013 12:13 am Post subject: |
|
|
You need iptables do nat. You need nat table and masquerade. |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21624
|
Posted: Fri Aug 02, 2013 1:37 am Post subject: |
|
|
Please post the output of iptables-save on the host so that we can see what, if any, NAT rules you have written. |
|
Back to top |
|
|
silverchris Tux's lil' helper
Joined: 04 Oct 2003 Posts: 142 Location: Orangeville, Ont, Canada
|
Posted: Fri Aug 02, 2013 1:39 am Post subject: |
|
|
There were not NAT rules.
Solved my issue using bridge mode for the network adapter in guest mode. (that didn't work the first time, turns out my hosting provider was filtering by mac address) |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|