使用firewalld将端口转发到VM

2024-6-16 • tag-icon

我一直在寻找，但找不到任何关于如何解决这个问题的方法。我正在尝试在 CentOS 7 服务器上设置到 VM (qemu) 的端口转发。

尝试将 8050 上的所有传入内容转发至 192.168.100.50:8080。
尝试了防火墙配置，并在网上搜索了好几天。

我找不到任何能够不依靠 iptables 就能解决这个问题的人。

主机操作系统：

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP qlen 1000
    link/ether f0:4d:a2:09:c9:87 brd ff:ff:ff:ff:ff:ff
    inet XXX.XXX.49.99/29 brd XXX.XXX.49.103 scope global em1
       valid_lft forever preferred_lft forever
    inet6 :::f24d:a2ff:fe09:c987/64 scope link
       valid_lft forever preferred_lft forever
6: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN
    link/ether 52:54:00:b8:57:fb brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
    link/ether 52:54:00:b8:57:fb brd ff:ff:ff:ff:ff:ff
21: virbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP
    link/ether 52:54:00:35:6f:b2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.1/24 brd 192.168.100.255 scope global virbr1
       valid_lft forever preferred_lft forever
22: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN qlen 500
    link/ether 52:54:00:35:6f:b2 brd ff:ff:ff:ff:ff:ff
34: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master virbr1 state UNKNOWN qlen 500
    link/ether fe:54:00:32:25:24 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fe32:2524/64 scope link
       valid_lft forever preferred_lft forever
35: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master virbr1 state UNKNOWN qlen 500
    link/ether fe:54:00:6c:bf:44 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fe6c:bf44/64 scope link
       valid_lft forever preferred_lft forever

虚拟机：

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 52:54:00:6c:bf:44 brd ff:ff:ff:ff:ff:ff
    inet 192.168.100.50/24 brd 192.168.100.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe6c:bf44/64 scope link
       valid_lft forever preferred_lft forever

答案1

我认为 Serverfault 上的这个答案可以回答您的问题：

https://serverfault.com/questions/170079/forwarding-ports-to-guests-in-libvirt-kvm

就你的情况而言：

iptables -t nat -I PREROUTING -p tcp -d XXX.XXX.49.99 --dport 8050 -j DNAT --to-destination 192.168.100.50:8080

iptables -I FORWARD -m state -d 192.168.100.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT

答案1

相关内容