October 01, 2013

Forward Ports to a Virtual Machine (KVM)

To make this easier to understand, I’ll show you an example.

KVM Guest has running Apache on eth0 KVM Host – wlan0

Idea is to let clients (external network/Internet) access your KVM Guest’s Apache straight via your KVM Host. When the traffic from outside will go to your Host, your Host will need to have iptables rules set for DNAT redirection of PREROUTING connections to your KVM Guest.

To do so, run on KVM Host following

iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to-destination
iptables -t nat -I PREROUTING -p tcp --source -j ACCEPT
iptables -I FORWARD -m state -d --state NEW,RELATED,ESTABLISHED -j ACCEPT

That’s it! Now your KVM Host will act as a web server.