I have done a DevStack installation of OpenStack on a server.
I have added ICMP and SSH rules to the security group. And have made instances on it.
I can ssh and ping these instances from the host machine.
Now the problem is that I'm unable to ssh or even ping my instances from other machines on this network. And the fun part is that these instances can ssh/ping other machines and even ping my other server and ssh VM's on this server.
I hope I made sense but if you have more to ask, please let me know
ADMIN_PASSWORD=openstack
DATABASE_PASSWORD=$ADMIN_PASSWORD
RABBIT_PASSWORD=$ADMIN_PASSWORD
SERVICE_PASSWORD=$ADMIN_PASSWORD
HOST_IP=192.168.4.72
enable_service s-proxy s-object s-container s-account
SWIFT_REPLICAS=1
SWIFT_HASH=66a3d6b56c1f479c8b4e70ab5c2000f5
enable_service h-eng h-api h-api-cfn h-api-cw
enable_plugin heat git://git.openstack.org/openstack/heat
FLOATING_RANGE=192.168.4.240/29
FLAT_INTERFACE=eno1
Doing this worked out fine for me
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eno1 -j MASQUERADE
echo 1 > /proc/sys/net/ipv4/conf/eno1/proxy_arp
Related
I'm using VMware Workstation and I've two virtual machines (Ubuntu 64-bit). Both VMs are connected to the internet via Network Adapter NAT on the VMware settings.
My host machine is a classic Windows 10 with a VMware Network adapter (VMnet8) used by both VMs (from what I've understood). I'm already able to ping both VMs from each other (they're on the same subnet)
I would like to use one of the two VMs as a "gate" to access the internet (which is provided by the host machine) on the other VM but, I can't understand how do I need to link the virtual network adapter to achieve my goal.
I would like to use a VM as a "gate" to the internet because I'm testing iptables and I would like to exercise to use it as a firewall, filtering traffic on the "gate" VM
First of all you have to make sure the IP forward is active. To do that you have to go to /etc/ and edit the file sysctl.conf using:
sudo nano /etc/sysctl.conf
Remove the commend (the #) from the line net.ipv4.ip_forward=1
About the iptables rules, you need a POSTROUTING rule
sudo iptables -t nat -A POSTROUTING -s your_ip/24 -o your_network_interface -j MASQERADE
where, in your case, the your_ip could be something like 192.168.125.0 (meaning all the traffic from the 125 subnet) and your_network_interface could be eth0
I'm experimenting with mininet in ubuntu 14 in order to create a basic firewall which blocks the udp packets from one host ( h1= 10.0.0.1 ) to another ( h4= 10.0.0.4 ).
Those hosts are in the same vlan and in different switchs (if that can be of any help). Also I would like to block it the udp packets which the destination port as 5001.
To do it so, i have launch two xterm in h1(in mininet) in order to check the ping is working correctly and also launch the packets to h4. xterm h1: "iperf -u -c10.0.0.4 -p 5001 -i 5 -b 200K -t 360".
In mininet I also have open a xterm h4 to set it up as a server listening in the port 5001. xterm h4: "iperf -s -u -p 5001 -i 5".
When I guess the rule I have to introduce is this one "sh ovs-ofctl add-flow s1 udp_dst=5001,nw_proto=17,actions=drop"
But, it doesnt work due to the packets are still arriving. The ping works fine, but ( and here comes the main problem) the packet arrives at the server and it shouldn't.
Any help please?
Thank you very much
Here I leave you the screenshots of the network topology and also what I appear in the xterm windows.
I have a VM in VirtualBox with Debian 10 and I'm trying to NAT masquerade it's output interface (enp0s8) so that it's clients (VMs connected to it) can access the Internet.
All interfaces in the system have an IP. I've already enabled forwarding with:
echo 1 > /proc/sys/net/ipv4/ip_forward
sysctl -w net.ipv4.ip_forward=1
And then I executed:
iptables -t nat -A POSTROUTING -o enp0s8 -j MASQUERADE
However, whenever I execute the above, the following happens:
And no matter how many times I iptables --flush -t nat and repeat the process, the result is always the same. The rule I want to apply is never saved properly and the client's IPs are never masked.
What is the issue here? Almost all tutorials say this is the correct way for masquerading.
I've also tried using nftables, without success.
It is already showing the right output. To show the rules with the interface details, you need to use,
iptables -t nat -L -n -v
And btw, if you have setup NAT networking, it is already taken care to connect outside.
And have you set the default gateway of your clients to this box?
I installed centos 7 and cPanel; disabled/masked firewalld and installed and enabled iptables. As soon as I enabled iptables, I disconnected from WHM and SSH. When I disable iptables in rescue mode, I can connect to server via SSH and WHM.
I checked the rules in /etc/sysconfig/iptables, but there is no any rule that rejects access to SSH or WHM ports.
My next step was to install CSF.
Any idea how to fix it?
The quick solution to get rid of the issue is flushing all the Iptables rules with the command
iptables -F
However since you want to keep the Iptables running you will have to configure it to open the required ports with the command
iptables -A INPUT -p tcp --dport 22 -j ACCEPT --- 22 is for SSH , same way you will have to open other ports.
I've setup a VM on Fedora 17 with KVM and have configured a bridge network for the KVM. Both the host and the VM use manual IP configuration, with the host's IP as 192.168.0.2, the VM's 192.168.0.10.
From the VM I can connect to the host without any problems, but from the host I can't SSH to the VM,even though I still can ping the KVM from the host. Trying to ssh just gives me the result "no route to host".
Oh, I have iptables disabled so I don't think this is the problem of the firewall.
Also ensure that the kernel is configure for ip forwarding:
$ sudo sysctl -a | grep net.ipv4.ip_forward
net.ipv4.ip_forward = 1
It should have a value of 1, not 0. If needed, enable with these commands:
echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.conf
sudo sysctl -p /etc/sysctl.conf
There are two ways :
* Using proxy tunnel to create a channel for host from guest :
From guest run following command :
ssh -L 2000:localhost_ip:2000 username#hostip
explore ssh man to get the inside.
* Difficult to setup, but proper configuration while running guest :
follow
http://www.cse.iitd.ernet.in/~prathmesh/random.html#Connecting_qemu_guest_to_real_network