I haven't been able to find a solution this as of yet. I'm not very experienced in IPTables so any support you can provide will be appreciated.
I have a server with a few VMs on there. The main node has a remote IP and a subnet. Each VM is created using Linux Virtualisation and a Routed Network, and is assigned a local IP. I am then using IP Tables to assign them a remote IP by forwarding all traffic from their dedicated remote IP to their local IP. This seems to be working for the most part, but it seems any traffic that is sent out from each VM comes from the nodes primary IP rather than the remote IP I have forwarded to the VM.
Here are my IPTables Rules:
iptables -t nat -A POSTROUTING -s 192.168.123.0/24 ! -d 192.168.123.0/24 -j MASQUERADE
iptables -A FORWARD -d 192.168.123.0/24 -o virbr1 -m state --state RELATED,ESTABLISHED -j ACCEPT iptables -A FORWARD -s 192.168.123.0/24 -i virbr1 -j ACCEPT iptables -A FORWARD -i virbr1 -o virbr1 -j ACCEPT
And then for each VM:
iptables -t nat -A PREROUTING -d {Their-remote-IP} -j DNAT --to-destination 192.168.123.3
iptables -A FORWARD -p tcp -d 192.168.123.3 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -m udp -p udp -d 192.168.123.3 -j ACCEPT
iptables -A FORWARD -m icmp -p icmp -d 192.168.123.3 -j ACCEPT
Example setup
Primary Node IP: X.X.X.172
Additional IP X.X.X.173 1 (NATed to VM 1) to local address 192.168.123.2
Additional IP X.X.X.174 1 (NATed to VM 2) to local address 192.168.123.3
Additional IP X.X.X.175 1 (NATed to VM 3) to local address 192.168.123.4
However, all outbound traffic from the VMs is going out via X.X.X.172
Any suggestions you can provide will be much appreciated.
Aucun commentaire:
Enregistrer un commentaire