I am trying to get KVM working on my Debian server and I am having a slight problem with networking with my guest OS (also Debian). The virtual machine is using the "default" network (without a bridge). The host server gets all of the IPs and to allow the guest to serve content, I add these rules to my iptables:
/sbin/iptables -t nat -I PREROUTING -d xxx.xxx.xxx.134 -j DNAT --to 192.168.122.160
/sbin/iptables -t nat -I POSTROUTING -s 192.168.122.160 -j SNAT --to xxx.xxx.xxx.134
/sbin/iptables -t filter -I FORWARD -d 192.168.122.160 -j ACCEPT
/sbin/iptables -t filter -I FORWARD -s 192.168.122.160 -j ACCEPT
I also have several other virtual machines I want to add and give them internet access without having any public-facing servers, therefore no ports need to be forwarded to these VMs (besides, I don't have enough public IPs to give each server its own IP).
The problem is that if don't add these rules to iptables, I can only access the local network from the VM (however DNS is working fine). If I try to ping anything (e.g. google.com), it resolves the IP, but doesn't receive any response. Is there some other sort of rule I need to add to iptables or anything else I need to do so that the guest can access the internet without forwarding any ports to it?
0 Answers