Am 24.07.2013 14:55, schrieb Patrick Lists:
Hi,
I just did a fresh F19 x86_64 install on my workstation, copied a Virtual Machine to it
and started the VM (has IP
addr 192.168.122.20). Now I would like to be able to ssh into the VM from another box on
my local LAN like my
laptop. Thus far I can't make it work. Steps:
Opened firewall-config
Set the firewall zone of my Ethernet interface to Trusted:
Options -> Change Zone of Connections -> <interface> -> Edit -> General
-> Firewall zone -> Trusted
Click on the reload icon
Set the default zone to Trusted:
Options -> Change Default Zone -> Trusted
Click on the reload icon
Results:
Can not ping VM from laptop:
[patrick@laptop ~]$ ping 192.168.122.20
PING 192.168.122.20 (192.168.122.20) 56(84) bytes of data.
From 10.0.0.135 icmp_seq=1 Destination Port Unreachable
Can not ssh from the laptop to the VM:
[patrick@laptop ~]$ ssh 192.168.122.20
ssh: connect to host 192.168.122.20 port 22: Connection refused
On the workstation IPv4 forwarding is on:
$ cat /proc/sys/net/ipv4/ip_forward
1
So how do I make firewalld allow pings and ssh from remote hosts?
no idea about firewalld, with iptables.service it is easy
however you need iptables-forwarding and masquerade for NAT
* vmnet8 -> virtual interface the VM's are running on
* eth0 -> LAN interface of the host
* 10.0.0.0/24 -> LAN network (host and other machines)
* 192.168.197.0 -> Network with the VMs
iptables -A FORWARD -i eth0 -o vmnet8 -s 10.0.0.0/24 -d 192.168.197.0 -j ACCEPT
iptables -A FORWARD -i vmnet8 -o eth0 -s 192.168.197.0 -d 10.0.0.0/24 -j ACCEPT
iptables -A POSTROUTING -o vmnet8 -t nat -s 10.0.0.0/24 -j MASQUERADE