Howto make Firewalld allow remote SSH into a Virtual Machine?
Patrick Lists
fedora-list at puzzled.xs4all.nl
Thu Jul 25 21:05:13 UTC 2013
On 07/25/2013 10:46 PM, Bill Davidsen wrote:
[snip]
>> The bridged network works wonders to solve this issue:
>> http://wiki.libvirt.org/page/Networking#Host_configuration_2
>>
> If you have another IP available, you can bind that to the same NIC and
> use iptables to forward the connection.
> iptables -p tcp -d 288.41.42.43 --dport ssh -j DNAT 10.40.51.22
>
> or use a non-standard port and send it to the ssh port on the VM. That
> allows running a stock sshd on the VM.
>
> I have a script in my firewall rules, which defines a bash function to
> do all the stuff, then a one liner with parameters to do the setup. You
> can even do some (very) crude load leveling by putting multiple machines
> on the DNAT rule.
Thanks for the solution Bill. These VMs are not exposed to the Big Bad
Internet. I decided to go with a bridge and after a bit of digging it's
working fine now. The VMs all have SELinux in enforcing mode, their
firewalls enabled and ssh access only via public key authentication.
Regards,
Patrick
More information about the users
mailing list