If you are able to ssh
into host from remote, than you need to check the firewall on host, if ssh
ports (22) are forwarded to vm.
There is a similar question here.
There, it is the ufw firewall, which needs to have a rule like
ufw route allow 2222/tcp to 192.168.130.128 port 22
to allow connection to host on port 2222 and forward tcp to vm guest at ip 192.168.130.128:22
And this User mentioned, that ufw
is a frontend to iptables
, so go to your frontend or edit your iptables in that kind.
iptables -t nat -A PREROUTING -m tcp -p tcp --dport 2222 -j DNAT --to-destination 192.168.130.128:22
The missing part
Short version
You told iptables
to add a PREROUTING
rule to your nat table
.
The missing part is:
#---------------------------------------------------------------
# After DNAT, the packets are routed via the filter table's
# FORWARD chain.
# Connections on port 22 to the target machine on the private
# network must be allowed.
#---------------------------------------------------------------
# The `\` masks the `linebreak` in the `bash command`
# You can `copy & paste` all the lines at once
# From the manual
# Changing to specific IP and Interfaces
# being:
# `eth0` your host adapter and
# `vmnet8` your guest adapter
This is the connection into the target machine:
iptables -A FORWARD -p tcp -i eth0 -o vmnet8 -d 192.168.130.128 \
--dport 22 --sport 2222 -m state --state NEW -j ACCEPT
And these are the filter from host interface
to your guest interface
and vice versa.
iptables -A FORWARD -t filter -o eth0 -m state \
--state NEW,ESTABLISHED,RELATED -j ACCEPT
iptables -A FORWARD -t filter -i vmnet8 -m state \
--state ESTABLISHED,RELATED -j ACCEPT