我的 qemu 钩子脚本如下所示:
#!/bin/bash
# IMPORTANT: Change the "VM NAME" string to match your actual VM Name.
# In order to create rules to other VMs, just duplicate the below block and configure
# it accordingly.
if [ "${1}" = "win2k16" ]; then
# Update the following variables to fit your setup
GUEST_IP=192.168.122.100
GUEST_PORT=3389
HOST_PORT=49305
if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
/sbin/iptables -D FORWARD -o virbr0 -d $GUEST_IP -j ACCEPT
/sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
fi
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
/sbin/iptables -I FORWARD -o virbr0 -d $GUEST_IP -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
fi
fi
if [ "${1}" = "win2k16" ]; then
# Update the following variables to fit your setup
GUEST_IP=192.168.122.100
GUEST_PORT=25
HOST_PORT=25
if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
/sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
fi
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
/sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
fi
fi
if [ "${1}" = "win2k16" ]; then
# Update the following variables to fit your setup
GUEST_IP=192.168.122.100
GUEST_PORT=443
HOST_PORT=443
if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
/sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
fi
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
/sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
fi
fi
我现在的问题是,如果我将该 SSL(端口 443)转发到我的 Windows VM,在 Windows VM 上我只能通过 https 访问 Google,无法打开使用 https 的任何其他网页。http 工作正常。删除钩子脚本中 443 转发的行后,VM 中的互联网可以再次用于 https 页面。我这里遗漏了什么?
答案1
我自己解决了。
我的 eth0 接口只有一个外部 IP,所以我添加了“-d [外部 IP]/32”,现在它运行正常。
这条线看起来像这样
/sbin/iptables -t nat -A PREROUTING -p tcp -d [external IP]/32 --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT