Sunday, June 26, 2016

port forwarding with iptables to access horizon running in vagrant VM which run in remote baremetal node

$ sudo sysctl net.ipv4.ip_forward=1
$ sudo iptables -t nat -L
$ sudo iptables -t nat -A PREROUTING -p tcp -d 10.140.15.64 --dport 8081 -j DNAT --to-destination 192.168.56.20:80
$ sudo iptables -t nat -A POSTROUTING -j MASQUERADE


* Replace -A with -D to delete the rule.
* Run this commands in baremetal node "10.140.15.64".
* 10.140.15.64 === IP of baremetal node where vagrant with virtualbox is running.
* 192.168.56.20 === Hostonly adapter IP of virtualbox VM running on baremetal node
* We can access horizon running in 192.168.56.20 from our laptop like http://10.140.15.64:8081/dashboard

1)
Example:


a)
Check IP Forwarding in bare-metal node:

$ sudo sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

b)
Enable IP Forwarding 
in bare-metal node:
$ sudo sysctl net.ipv4.ip_forward=1
net.ipv4.ip_forward = 1

c)
Check rules 
in bare-metal node:
$ sudo iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination        

Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

b)
Add your forwarding rule in
 bare-metal node:
$ sudo iptables -t nat -A PREROUTING -p tcp -d 10.140.15.64 --dport 8081 -j DNAT --to-destination 192.168.56.20:80

Tips:
* add multiple hostonly interfaces to Virtualbox VM and use one of the interface's IP which we can ping from bare-metal as destination IP in iptables rule.

e)
Check rules 
in bare-metal node:
$ sudo iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination        
DNAT       tcp  --  anywhere             10.140.15.64         tcp dpt:tproxy to:192.168.56.20:80

Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination

f)
Ask IPtables to Masquerade 
in bare-metal node:
$ sudo iptables -t nat -A POSTROUTING -j MASQUERADE

g)
Check rules 
in bare-metal node:
$ sudo iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination        
DNAT       tcp  --  anywhere             10.140.15.64         tcp dpt:tproxy to:192.168.56.20:80

Chain INPUT (policy ACCEPT)
target     prot opt source               destination        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination        

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination        
MASQUERADE  all  --  anywhere             anywhere

h)
Access web service running in the VM from laptop.

http://10.140.15.64:8081/


3 comments:

  1. port forwarding with ssh to access horizon running in vagrant VM which run in remote baremetal node

    http://fosshelp.blogspot.com/2016/06/port-forwarding-to-access-horizon.html

    ReplyDelete
  2. http://askubuntu.com/questions/320121/simple-port-forwarding

    ReplyDelete