1

I have an old HP ProLiant DL385 G5p server that I used to use only as a glorified NAS, but now I'd like to do something more with it, such as set up a caching DNS server for my network.

I'd like to be able to run my fileserver and the DNS (and anything else I may think of) on seperate virtual machines via the XCP-ng hypervisor.

I had started to set this up over the past couple of days, got two of my Debian VMs up and running and I even managed to get my caching DNS working. However, my problem came when I tried to connect via SSH to the Debian VM that I wanted to use for my fileserver. I put the IP of that VM into PuTTY (I had two ethernet connections to the server; one for the fileserver and one for everything else), and it connected fine - to the hypervisor. This is the problem and I'm really not sure whats going on here. How do I make PuTTY, and therefore SFTP Drive which I will be using for file transfers to my main PC, connect to the VM instead of the hypervisor.

One of my friends mentioned that I may need to use port forwarding on the hypervisor to be able to SSH into them and I've looked into this but not found anything that seems like it would help, although I'm not 100% sure what I'm looking for.

I have since reinstalled XCP-ng and set up the caching DNS and a tor relay node on one ethernet connection, but still need to create another Debian install for the fileserver.

Thanks in advance.

Edit: This is the output I get when I run route on the hypervisor:

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default gateway 0.0.0.0 UG 0 0 0 xenbr0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 xenbr0

And this is the VM output:

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface default 192.168.0.1 0.0.0.0 UG 0 0 0 eth1 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 eth1

Hope this can be of use.

Edit(1): This is the output of running route -n on the hypervisor:

Kernel IP routing table Destination Gateway Genmask Flags Metric Ref Use Iface 0.0.0.0 192.168.0.1 0.0.0.0 UG 0 0 0 xenbr0 192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 xenbr0

Improve this question

2 Answers 2

Reset to default
1

We have to understand the network model that you are using in the hypervisor.

If the VMs run in the same IP network as the hypervisor, i.e., the hypervisor performs no IP network routing, there should be no need to do port forwarding.

However, this is not the most common situation. Usually when you set up VMs you keep them in a separate network and use some kind of port forwarding on the hypervisor to improve security a little by minimizing the number of machines exposed.

So, most likely you need to setup a port forwarding rule in iptables to map say port 2022 in the IP of the hypervisor to port 22 of the VM.

In the following example, suppose your hypervisor sets up a sub-network 192.168.1.0 with netmask 255.255.255.0 (24 bits, class C). Also, suppose that your VM has the address 192.168.1.2. Then, if you have a properly set up firewall on the hypervisor that denies all connections by default, the following two lines should perform the task:

$ iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 2022 -j DNAT --to 192.168.1.2:22
$ iptables -A FORWARD -p tcp -d 192.168.1.2 --dport 22 -j ACCEPT

References:

[1] https://www.systutorials.com/816/port-forwarding-using-iptables/

Improve this answer
7
  • Frankly I have no idea what the hypervisor is doing, however, as mentined in the question, one of my friends suggested that I would need to do some port forwarding to be able to access the VM, so I'm guessing that I'll need the iptables route. If this is the case, would I just insert the above code in the hypervisor shell with my IP adresses inserted? Will I have to set up a VLAN? I have not set up this kind of network before so please excuse my lack of knowledge. Thanks.
    – James Stone
    Commented Sep 29, 2018 at 16:19
  • You can just try these commands substituting the IP address of your VM and see if it works. But it would certainly help a lot if you posted some detail of the network configuration, taking care not to expose any real IP. The output of the command route should be a good starting point.
    – Marcelo Roberto Jimenez
    Commented Sep 30, 2018 at 12:33
  • I will make an edit and include what the hypervisor outputs when I run route.
    – James Stone
    Commented Oct 1, 2018 at 9:30
  • Do the same for the VM.
    – Marcelo Roberto Jimenez
    Commented Oct 1, 2018 at 9:41
  • That's all been added to the question, I hope it's what you're looking for.
    – James Stone
    Commented Oct 1, 2018 at 10:00
1

Okay, so after quite a lot of digging around and help from Marcelo who tried to answer my question, I've found out what the problem was as to why I couldn't connect to my VM.

Spoiler: it's embarrassingly simple.

Long story short, I found a way to check the IP address that was assigned to the ethernet port I was trying to use by using ip a show eth1, which would have been a handy thing to know existed.

Turns out that for some reason - probably due to the hypervisor doing something complicated - even when I set the IP to use in /etc/network/interfaces as static, it was deciding to give it a different one. Once I knew the IP that it was using, I could SSH into the VM with no hassle at all.

Improve this answer

You must log in to answer this question.

Not the answer you're looking for? Browse other questions tagged .