[Firehol-support] Help : port forwarding to virtual machine (vmware)

Harry Sufehmi sufehmi at gmail.com
Fri Mar 21 14:44:02 GMT 2008 

Sorry Gmail failed sending this at first, retrying ...


On 3/21/08, Harry Sufehmi <sufehmi at gmail.com> wrote:
> I've been messing around with this for close to a week, I figure this
>  is probably about time I ask for help  :-)
>
>  What I'm trying to do :
>  I need to have traffic to a port (of the VMware Host machine)  to be
>  forwarded to another IP address (the vmware guest).
>
>  Should be pretty simple isn't it ? But I must have got it wrong,
>  because it's still not working.
>
>  My current firehol.conf is shown at the end of this email.
>  With that configuration, whenever I typed "ssh -p 211 203.66.123.34",
>  I should be forwarded to port 211 of 172.16.228.128. But instead, ssh
>  was not able to connect at all.
>
>  A bit more info:
>
>  203.66.123.34 = my server's public IP address
>
>  172.16.228.128 = the machine where the port will be forwarded to.
>  This is actually a VMware virtual machine in the same machine, setup
>  with networking on vmnet8 (NAT) interface. Its gateway (vmnet8) has IP
>  address of 172.16.228.1
>
>  What I have done :
>
>  1. confirmed /proc/sys/net/ipv4/ip_forward always 1 on both host & guest
>
>  2. Tried shutting down firehol (firehol.sh stop or iptables -F),
>  then I tried this guy's iptables commands :
>  http://communities.vmware.com/thread/126470 (the last post)
>
>  It works.
>
>  But it also means that my server is not protected by Firehol, only the
>  port forwarding is working.
>
>  3. Enabled VMware NAT's port forwarding on said port and restarted
>  vmware services to activate it.
>
>  4. Looked around the Internet, but couldn't find any sample for  this
>  kind of situation.
>
>  5. Many other stupidities not worth mentioning here :-)
>
>
>  Currently I'm out of any other ideas to try. If anyone can give me
>  some more hints to try, that would be very much appreciated.
>
>  Thanks in advance.
>
>
>  Cheers,
>  Harry
>
>  ==============
>  version 5
>
>  server_altssh_ports="tcp/4567"
>  client_altssh_ports="default"
>
>  server_altssh2_ports="tcp/211"
>  client_altssh2_ports="default"
>
>  ###nat to-destination 172.16.228.128 proto tcp dport 211 dst 203.66.123.34/32
>  dnat to 172.16.228.128 dst 203.66.123.34 proto tcp dport 211
>  ###snat to 203.66.123.34 outface eth0 src 192.168.254.0/24 dst 192.168.254.0/24
>
>  ### this is VMware's host-only virtual interface
>  interface "vmnet1" LAN1
>          policy accept
>         server all accept
>          client all accept
>
>  ### this is the VMware's NAT virtual interface
>  interface "vmnet8" LAN8
>          policy accept
>         server all accept
>          client all accept
>
>  interface eth0 internet
>        protection strong
>         server "icmp altssh altssh2 smtp dns http https pop3 " accept
>  #       server all accept   ---> still doesn't work with this
>         client all accept
>
>  router net2svr3
>         server altssh2  accept  inface eth0 outface vmnet8
>

More information about the Firehol-support mailing list