Hi,
I have two SUSE(2.6) virtual machines running in the same subnet with two
network cards each as shown below.
VM1------------------------------------------------------------------------------
appstage1:~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:22:5A:24
inet addr:192.168.128.12 Bcast:192.168.128.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe22:5a24/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:139025 errors:0 dropped:0 overruns:0 frame:0
TX packets:131513 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:29084764 (27.7 Mb) TX bytes:110846633 (105.7 Mb)
eth1 Link encap:Ethernet HWaddr 00:0C:29:22:5A:2E
inet addr:192.168.200.10 Bcast:192.168.200.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe22:5a2e/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5410 errors:0 dropped:0 overruns:0 frame:0
TX packets:197 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:593563 (579.6 Kb) TX bytes:13289 (12.9 Kb)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:34308 errors:0 dropped:0 overruns:0 frame:0
TX packets:34308 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:2648218 (2.5 Mb) TX bytes:2648218 (2.5 Mb)
VM2------------------------------------------------------------------------------
dbstage1:~ # ifconfig
eth0 Link encap:Ethernet HWaddr 00:0C:29:43:D8:A2
inet addr:192.168.128.13 Bcast:192.168.128.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe43:d8a2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:9940 errors:0 dropped:0 overruns:0 frame:0
TX packets:4650 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:988186 (965.0 Kb) TX bytes:1040930 (1016.5 Kb)
eth1 Link encap:Ethernet HWaddr 00:0C:29:43:D8:AC
inet addr:192.168.200.11 Bcast:192.168.200.255 Mask:255.255.255.0
inet6 addr: fe80::20c:29ff:fe43:d8ac/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:8936 errors:0 dropped:0 overruns:0 frame:0
TX packets:4272 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1626915 (1.5 Mb) TX bytes:887984 (867.1 Kb)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:2104 errors:0 dropped:0 overruns:0 frame:0
TX packets:2104 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:115180 (112.4 Kb) TX bytes:115180 (112.4 Kb)
The firewall is switched off in both machines. eth1 is an internal LAN between VM1
and VM2 as shown below.
LAN<------eth0(192.168.128.12)-VM1-(192.168.200.10)eth1------/
-----eth1(192.168.200.11)-VM2-(192.168.128.13)eth0------>LAN
I have enabled port forwarding in port 2055 of VM1 to same port in VM2
via the commands.
>echo “1” > /proc/sys/net/ipv4/ip_forward
>iptables -A PREROUTING -t nat -p tcp -i eth0 --dport 2055 -j DNAT --to 192.168.200.11:2055
>iptables -A FORWARD -p tcp -i eth0 -d 192.168.200.11 --dport 2055 -j ACCEPT
Now from a third machine(VM3) if I connect to port 2055 of VM1 via command :
netcat -v 192.168.128.12 2055 , I thought I should get the connection in VM2 because of the forwarded port. This is not happening. I am listening in VM2 via command : netcat -lv -p 2055.
If I flush the iptables and then try to netcat I am able to connect to
VM1 and VM2 from VM3. With port forwarding it does not seem to send the standard input from VM3 to either VM1 or VM2. I tried listening on VM1 as well.
I enabled the INPUT chain also thinking that could be the reason. But it is not.
My nat and filter tables in VM1 looks like this.
appstage1:~ # iptables -nL
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:2055
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT tcp – 0.0.0.0/0 192.168.200.11 tcp dpt:2055
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
appstage1:~ # iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp – 0.0.0.0/0 0.0.0.0/0 tcp dpt:2055 to:192.168.200.11:2055
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Ultimately my DB will run in VM2 and any DB requests coming in at 2055 of VM1 should be forwarded to port 2055 of VM2. Since I do not yet have a DB running I am trying to test with netcat. If anyone knows where I am wrong please enlighten me.
Thanks.