On 07/25/2013 10:46 PM, Bill Davidsen wrote: [snip]
The bridged network works wonders to solve this issue: http://wiki.libvirt.org/page/Networking#Host_configuration_2If you have another IP available, you can bind that to the same NIC and use iptables to forward the connection. iptables -p tcp -d 288.41.42.43 --dport ssh -j DNAT 10.40.51.22 or use a non-standard port and send it to the ssh port on the VM. That allows running a stock sshd on the VM. I have a script in my firewall rules, which defines a bash function to do all the stuff, then a one liner with parameters to do the setup. You can even do some (very) crude load leveling by putting multiple machines on the DNAT rule.
Thanks for the solution Bill. These VMs are not exposed to the Big Bad Internet. I decided to go with a bridge and after a bit of digging it's working fine now. The VMs all have SELinux in enforcing mode, their firewalls enabled and ssh access only via public key authentication.
Regards, Patrick -- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
