$ sudo sysctl net.ipv4.ip_forward=1
$ sudo iptables -t nat -L
$ sudo iptables -t nat -A PREROUTING -p tcp -d 10.140.15.64 --dport 8081 -j DNAT --to-destination 192.168.56.20:80
$ sudo iptables -t nat -A POSTROUTING -j MASQUERADE
* Replace -A with -D to delete the rule.
* Run this commands in baremetal node "10.140.15.64".
* 10.140.15.64 === IP of baremetal node where vagrant with virtualbox is running.
* 192.168.56.20 === Hostonly adapter IP of virtualbox VM running on baremetal node
* We can access horizon running in 192.168.56.20 from our laptop like http://10.140.15.64:8081/dashboard
1)
Example:
a)
Check IP Forwarding in bare-metal node:
$ sudo sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
b)
Enable IP Forwarding in bare-metal node:
$ sudo sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
c)
Check rules in bare-metal node:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
b)
Add your forwarding rule in bare-metal node:
$ sudo iptables -t nat -A PREROUTING -p tcp -d 10.140.15.64 --dport 8081 -j DNAT --to-destination 192.168.56.20:80
Tips:
* add multiple hostonly interfaces to Virtualbox VM and use one of the interface's IP which we can ping from bare-metal as destination IP in iptables rule.
e)
Check rules in bare-metal node:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere 10.140.15.64 tcp dpt:tproxy to:192.168.56.20:80
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
f)
Ask IPtables to Masquerade in bare-metal node:
$ sudo iptables -t nat -A POSTROUTING -j MASQUERADE
g)
Check rules in bare-metal node:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere 10.140.15.64 tcp dpt:tproxy to:192.168.56.20:80
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
h)
Access web service running in the VM from laptop.
http://10.140.15.64:8081/
$ sudo iptables -t nat -L
$ sudo iptables -t nat -A PREROUTING -p tcp -d 10.140.15.64 --dport 8081 -j DNAT --to-destination 192.168.56.20:80
$ sudo iptables -t nat -A POSTROUTING -j MASQUERADE
* Replace -A with -D to delete the rule.
* Run this commands in baremetal node "10.140.15.64".
* 10.140.15.64 === IP of baremetal node where vagrant with virtualbox is running.
* 192.168.56.20 === Hostonly adapter IP of virtualbox VM running on baremetal node
* We can access horizon running in 192.168.56.20 from our laptop like http://10.140.15.64:8081/dashboard
1)
Example:
a)
Check IP Forwarding in bare-metal node:
$ sudo sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0
b)
Enable IP Forwarding in bare-metal node:
$ sudo sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1
c)
Check rules in bare-metal node:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
b)
Add your forwarding rule in bare-metal node:
$ sudo iptables -t nat -A PREROUTING -p tcp -d 10.140.15.64 --dport 8081 -j DNAT --to-destination 192.168.56.20:80
Tips:
* add multiple hostonly interfaces to Virtualbox VM and use one of the interface's IP which we can ping from bare-metal as destination IP in iptables rule.
e)
Check rules in bare-metal node:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere 10.140.15.64 tcp dpt:tproxy to:192.168.56.20:80
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
f)
Ask IPtables to Masquerade in bare-metal node:
$ sudo iptables -t nat -A POSTROUTING -j MASQUERADE
g)
Check rules in bare-metal node:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere 10.140.15.64 tcp dpt:tproxy to:192.168.56.20:80
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- anywhere anywhere
h)
Access web service running in the VM from laptop.
http://10.140.15.64:8081/
port forwarding with ssh to access horizon running in vagrant VM which run in remote baremetal node
ReplyDeletehttp://fosshelp.blogspot.com/2016/06/port-forwarding-to-access-horizon.html
http://askubuntu.com/questions/320121/simple-port-forwarding
ReplyDeleteGood article,Need premium plugin,Click here
ReplyDelete