pierre/VirtWeb
1
0
Fork 0
Code Issues Pull Requests 5 Packages Projects Releases Wiki Activity

Update README

Browse Source
This commit is contained in:
Pierre HUBERT 2023-12-12 00:53:18 +01:00
parent 5d6cd10572
commit 2a52b5c035
1 changed files with 4 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
README.md
View File

@ -39,13 +39,12 @@ net.ipv4.ip_forward=1
sudo sysctl -p /etc/sysctl.conf sudo sysctl -p /etc/sysctl.conf
``` ```
* WIP * Create the following IPTables rules:
``` ```
export UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 | UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 |
tr -d ' ') tr -d ' ')
export LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ') LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ')
echo "$UP_DEV -> $LOCAL_DEV" echo "$UP_DEV -> $LOCAL_DEV"
GUEST_IP=192.168.25.189 GUEST_IP=192.168.25.189
@ -55,16 +54,9 @@ GUEST_PORT=8085
# connections from outside # connections from outside
sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT
sudo iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT sudo iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
# TODO: try to ignore Masquerade local subnet
sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT
sudo iptables -t nat -A POSTROUTING -s 192.168.25.0/24 -j MASQUERADE
sudo iptables -A FORWARD -o $LOCAL_DEV -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i $LOCAL_DEV -o $UP_DEV -j ACCEPT
sudo iptables -A FORWARD -i $LOCAL_DEV -o lo -j ACCEPT
``` ```
* Theses rules can be persisted using `iptables-save` then, or using a libvirt hook.
### Manual port forwarding with a LibVirt HOOK ### Manual port forwarding with a LibVirt HOOK