KVM and Ubuntu 11 i686 and iptables

I was creating virtual guests in KVM on my Ubuntu 11 host. The problem I was experiencing was not having the ability to connect to the guest from outside the host’s console.

The guest was a Window’s Server 2008 Standard. I needed to connect to the server via RDP. Here were the two lines I ran against iptables to get it to work:

sudo iptables -t nat -I PREROUTING -p tcp –dport 3389 -j DNAT –to-destination 192.168.122.187:3389

sudo iptables -I FORWARD -m state -d 192.168.122.0/24 –state NEW,RELATED,ESTABLISHED -j ACCEPT

The first line is telling iptables what to do with any connections coming in on port 3389. That means if you are adding other guests to iptables that you want to use RDP to connect, you should use other ports like 3390, etc.

The second line is basically telling the iptables to forward requests to the 192.168.122 gateway.

I would recommend staying away from default ports with guests. Take for example SSH, which by default listens on port 22. I would find and unused port and forward SSH requests to the guest via that port.

If you would like to have these setting work when the server boots you need to consider running them after libvirtd runs. You can place the settings in the rc.local file on your system. The rc.local file is the last file that runs during the OS start-up process. Here is how to add the lines to the rc.local file:

/sbin/iptables -t nat -I PREROUTING -p tcp –dport 3389 -j DNAT –to-destination 192.168.122.187:3389

/sbin/iptables -I FORWARD -m state -d 192.168.122.0/24 –state NEW,RELATED,ESTABLISHED -j ACCEPT

Remember to add the full path of the iptables application, because during the start-up process there are no environmental variables active.

Hope that helps.

Comments are closed.