I have got a VMware Server 2 on a CentOS 5.6 host. I can access my virtual machines from the host machine, but I can not access it from other machines.
I have configured NAT port forwarding. But somehow I have no access to the VM using ssh. I have checked all firewall settings and they seem right.
What can cause this problem?
If you are able to ssh into host from remote, than you need to check the firewall on host, if ssh ports (22) are forwarded to vm.
There is a similar question here.
There, it is the ufw firewall, which needs to have a rule like
ufw route allow 2222/tcp to 192.168.130.128 port 22
to allow connection to host on port 2222 and forward tcp to vm guest at ip 192.168.130.128:22
And this User mentioned, that ufw is a frontend to iptables, so go to your frontend or edit your iptables in that kind.
iptables -t nat -A PREROUTING -m tcp -p tcp --dport 2222 -j DNAT --to-destination 192.168.130.128:22
Short version
You told iptables to add a PREROUTING rule to your nat table.
The missing part is:
#---------------------------------------------------------------
# After DNAT, the packets are routed via the filter table's
# FORWARD chain.
# Connections on port 22 to the target machine on the private
# network must be allowed.
#---------------------------------------------------------------
# The `\` masks the `linebreak` in the `bash command`
# You can `copy & paste` all the lines at once
# From the manual
# Changing to specific IP and Interfaces
# being:
# `eth0` your host adapter and
# `vmnet8` your guest adapter
This is the connection into the target machine:
iptables -A FORWARD -p tcp -i eth0 -o vmnet8 -d 192.168.130.128 \
--dport 22 --sport 2222 -m state --state NEW -j ACCEPT
And these are the filter from host interface to your guest interface
and vice versa.
iptables -A FORWARD -t filter -o eth0 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -t filter -i vmnet8 -m state \
--state ESTABLISHED,RELATED -j ACCEPT
There are two separate networks you are dealing with here. I'll give you an example:
IP your ISP gives you = 22.24.42.44
IP of your router = 192.168.2.1
Host System IP = 192.168.2.2
IP of your VM = 10.5.5.4
This configuration is how my virtual environment's networking looks. So you actually have two networks you would have to port forward across to get Public access to your VM. Think of it like your hypervisor (host system) IS a router for your VM.
I followed this how-to to setup my config, but you may have a more complex configuration.. it depends on what application you want to run - RDC, apache, ssh. There is more good information here. You'll have to give more detail than I would want to ask for on a public site for me to help with specifics. The principles are always the same -- make a localhost:<> connection to your physical system forward through VMware Server 2 to the VM port you want to access (22 for SSH).
192.168.2.x in the example above)?
Does your host have a virtual NIC in the NAT network?
When using VMware Workstation 9 on Win7, you need to open the network manager and tick the box "Connect a host virtual adapter to this network" before your Host is connected to the NAT network. There's probably a similar process for Linux.
This is intentional, and allows the creation of a secure virtual network that has no "no route to host" to the Hypervisor.
on the centOS 5.6 host service iptables stop
Under most circumstances backend hosts do not need iptables running and this could / will block your connections.
Are you forwarding ALL the ports? 80/443/902/903/
