diff --git a/README.md b/README.md index b4d0ec1..d162259 100644 --- a/README.md +++ b/README.md @@ -39,13 +39,12 @@ net.ipv4.ip_forward=1 sudo sysctl -p /etc/sysctl.conf ``` -* WIP - +* Create the following IPTables rules: ``` -export UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 | +UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ') -export LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ') +LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ') echo "$UP_DEV -> $LOCAL_DEV" GUEST_IP=192.168.25.189 @@ -55,16 +54,9 @@ GUEST_PORT=8085 # connections from outside sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT sudo iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT - -# TODO: try to ignore Masquerade local subnet -sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT -sudo iptables -t nat -A POSTROUTING -s 192.168.25.0/24 -j MASQUERADE -sudo iptables -A FORWARD -o $LOCAL_DEV -m state --state RELATED,ESTABLISHED -j ACCEPT -sudo iptables -A FORWARD -i $LOCAL_DEV -o $UP_DEV -j ACCEPT -sudo iptables -A FORWARD -i $LOCAL_DEV -o lo -j ACCEPT - ``` +* Theses rules can be persisted using `iptables-save` then, or using a libvirt hook. ### Manual port forwarding with a LibVirt HOOK