Am 24.07.2013 14:55, schrieb Patrick Lists: > Hi, > > I just did a fresh F19 x86_64 install on my workstation, copied a Virtual Machine to it and started the VM (has IP > addr 192.168.122.20). Now I would like to be able to ssh into the VM from another box on my local LAN like my > laptop. Thus far I can't make it work. Steps: > > Opened firewall-config > > Set the firewall zone of my Ethernet interface to Trusted: > Options -> Change Zone of Connections -> <interface> -> Edit -> General -> Firewall zone -> Trusted > Click on the reload icon > > Set the default zone to Trusted: > Options -> Change Default Zone -> Trusted > Click on the reload icon > > Results: > Can not ping VM from laptop: > > [patrick@laptop ~]$ ping 192.168.122.20 > PING 192.168.122.20 (192.168.122.20) 56(84) bytes of data. > From 10.0.0.135 icmp_seq=1 Destination Port Unreachable > > Can not ssh from the laptop to the VM: > > [patrick@laptop ~]$ ssh 192.168.122.20 > ssh: connect to host 192.168.122.20 port 22: Connection refused > > On the workstation IPv4 forwarding is on: > $ cat /proc/sys/net/ipv4/ip_forward > 1 > > So how do I make firewalld allow pings and ssh from remote hosts? no idea about firewalld, with iptables.service it is easy however you need iptables-forwarding and masquerade for NAT * vmnet8 -> virtual interface the VM's are running on * eth0 -> LAN interface of the host * 10.0.0.0/24 -> LAN network (host and other machines) * 192.168.197.0 -> Network with the VMs iptables -A FORWARD -i eth0 -o vmnet8 -s 10.0.0.0/24 -d 192.168.197.0 -j ACCEPT iptables -A FORWARD -i vmnet8 -o eth0 -s 192.168.197.0 -d 10.0.0.0/24 -j ACCEPT iptables -A POSTROUTING -o vmnet8 -t nat -s 10.0.0.0/24 -j MASQUERADE
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
