[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] kvm port forwarding confusion, kindly help



On Tue, 2015-06-02 at 20:04 -0400, Narahari 'n' Savitha wrote:
> I setup KVM and have created two VM's.  I also setup the NAT way of
> connecting (uffffff)
> 
> Now I have some confusion.
> 
> On the host, I can do 
> 
> ssh user at 192.168.100.101
> 
> It connects.
> 
> I also do 
> 
> ssh user at 192.168.100.102
> 
> It connects
> 
> 
> As you can see both connect on port 22,   How is that possible ? 
>  should I have to do some kind of port forwarding ?  How does KVM
> allow both VM's to run on port 22 ?
It'd seem that you're using a host-local network, with NAT in addition
to that.  This is why you need not have port forwarding enabled: your
computer is using a bridged device and on that device, only the virtual
machines are attached.  Since your Ethernet or WiFi hardware isn't
attached to the bridge, the segments are not joined.  This means that
the only way that packets can be made to travel between your
Ethernet/WiFi and the guests would be if you were to employ NAT
(allowing masquerading to occur when that network wants to send packets
which have to be routed to the next hop) or to employ routing
(establishing a route to the VM network segment through the bridge
device, which can be done automatically by adding an address with the
appropriate subnet mask to the bridge device).
With host-local+NAT, you have effectively a limited form of both: when
a connection from within the VM wants to talk to the "outside" world
(outside being anything starting at your "real" network hardware or
beyond), packets NAT'd and therefore rewritten. Your local system has a route to the subnetwork, but that route is not known to the network to which you're attached (the Ethernet or WiFi network). Therefore, you can reach it, but peers on your local network segment cannot. (This also means that if the VMs wanted to talk to other peers on your segment, it could do so, but those communications would appear to the LAN to be originating from your host's IP on an ephemeral port.)
        ? Mike
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20150602/1b00a579/attachment.html>