Routing your virtual machine network

Virtualizing your servers is pretty cool. But having a server in a hosted environment brings some restrictions with networking. To get around this, you can use a virtual network and configure some internal routing.

Enabling routing

To route our network we use IP-Forward. But as it is usually disabled, we have to first enable it.

Forwarding packets

You can either forward all packets directed a specific ip address or only the ones targeting a given port. In the following example, all packets targeting the external address 123.123.123.10 will be forwarded to the internal address 192.168.1.11.

Forward only tcp packets from the external port 80 to the internal port 8080.

Changing internal to external ip address

Now having your VMs connect to the outer world or sending responses, you probably don’t want the internal but the external address exposed. In this example, the address within the packet will be changed from the internal 192.168.1.11 to the external 123.123.123.10 when leaving the network over the interface eth0.

Blocking requests to certain ports

IP tables also offers the possibility to block certain ports. In the following example, all requests to an FTP server (port 21) on network interface eth0 will be dropped.

Saving the rules

In order to store the configured iptables settings permanently, you simply have to run the following command.

 References

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.