Help with port forwarding

Issues related to configuring your network
Post Reply
osegarra
Posts: 2
Joined: 2017/11/10 22:32:41

Help with port forwarding

Post by osegarra » 2017/11/10 22:46:59

Hi everybody,

In my environment, I have a guest server running influxdb listening on port 8086. I'd like to forward port 8086 from the host to the guest.

This is the definition of the network:

Code: Select all

<network>
  <name>mgmt_nat</name>
  <forward dev='ens33' mode='nat'>
    <interface dev='ens33'/>
  </forward>
  <bridge name='mgmt_nat' stp='on' delay='0'/>
  <ip address='192.168.50.1' netmask='255.255.255.0'>
    <dhcp>
      <range start="192.168.50.128" end="192.168.50.254"/>
      <host mac='52:54:00:a0:50:08' name='vdicinfluxdb01' ip='192.168.50.8'/>
    </dhcp>
  </ip>
</network>
This is the configuration of the network of the guest (vdicinfluxdb01):

Code: Select all

    <interface type='network'>
      <mac address='52:54:00:a0:50:08'/>
      <source network='mgmt_nat'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>
This is the procedure I have followed:

Code: Select all

firewall-cmd --zone=public --add-rich-rule='rule family="ipv4" source address="0.0.0.0/0" accept' --permanent
firewall-cmd --zone=public --change-interface=ens33 --permanent 
firewall-cmd --zone=public --add-masquerade --permanent
firewall-cmd --zone=public --add-forward-port=port=8086:proto=tcp:toport=8086:toaddr=192.168.50.8 --permanent
But I'm not able to forward port 8086.

Thanks a lot, any help will be welcome!!!

hunter86_bg
Posts: 2019
Joined: 2015/02/17 15:14:33
Location: Bulgaria
Contact:

Re: Help with port forwarding

Post by hunter86_bg » 2017/11/11 21:05:37

Are you using KVM/qemu ?
If yes, it will be better to use 'routed' type of virtual network.

osegarra
Posts: 2
Joined: 2017/11/10 22:32:41

Re: Help with port forwarding

Post by osegarra » 2017/11/11 21:51:11

Hi hunter,

Yes, I'm using KVM/qemu.

If use a routed network, a public IP will be assigned to my guest and it will expose all published services because my guest does not have firewall configured. The initial idea was just publish one service, influxdb (port 8086) just forwarding that port from host to guest.

Can this be achieved with routed network ?

Thanks a lot!

Post Reply