How to use one host server public IP to access multiple guest VMs?

Question

I have a bare metal host server with multiple guest VMs made with QEMU/KVM using Virtual network "default":NAT option. There is only one public IP available.

For better illustration:

BM host server (Ubuntu), IP 89.185.xx.xx
VM guest server (Ubuntu) no.1, IP 192.168.122.101

VM guest server (Ubuntu) no.2, IP 192.168.122.102

VM guest server (Ubuntu) no.3, IP 192.168.122.103

...

Now I'd like to run the same application using different port on each VM and be able to connect to each instance from outside through the same public IP. E.g.:

89.185.xx.xx:30334
89.185.xx.xx:30335
89.185.xx.xx:30336

...

Similar setup like running the application in multiple docker containers. How could I set this up please?

Reverse proxy for HTTP/HTTPS and port forwarding for other purposes. — Tero Kilkanen, Jan 04 '22 at 21:33

score 3 · Accepted Answer · edited Jan 13 '22 at 16:45

3

Taken from https://www.systutorials.com/port-forwarding-using-iptables/

to port forward from public IP to local one for VM1:

# iptables -A PREROUTING -t nat -i eth0 -p tcp --dport 30334 -j DNAT --to 192.168.122.101:30334
# iptables -I FORWARD 1 -p tcp -d 192.168.122.101 --dport 30334 -j ACCEPT

This example assumes local and remote port both are 30334 and public interface name is eth0.

edited Jan 13 '22 at 16:45

Curu

15
5

answered Jan 07 '22 at 14:22

Roman Spiak

583
3
11

thanks for the answer! but can't make it work though (must apologize in advance as I don't have IT background so maybe some lame mistakes are overlooked) I tried this with ssh first: `$ sudo iptables -A PREROUTING -t nat -i eno2 -p tcp --dport 2222 -j DNAT --to 192.168.122.101:2222` `$ sudo iptables -A FORWARD -p tcp -d 192.168.122.101 --dport 2222 -j ACCEPT` (eno2 - network interface on BM host server connected to the public IP 89.185.xx.xx) – Curu Jan 08 '22 at 15:31
I changed ssh port on VM guest 192.168.122.101 to 2222, made sure ufw is inactive on both host and guest and tested ssh connection from BM host server which was working: `bmhost@89.185.xx.xx:~$ ssh vmguest@192.168.122.101 -p 2222` Now I tried to ssh from my local pc to the VM: `curu@desktop:~$ ssh vmguest@89.185.xx.xx -p 2222` but it says: ssh: connect to host 89.185.xx.xx port 2222: Connection refused – Curu Jan 08 '22 at 15:31
1

the problem was solved with putting the forward rule at the first place in iptables: `iptables -I FORWARD 1 -p tcp -d 192.168.122.101 --dport 2222 -j ACCEPT` (I edited the original answer) – Curu Jan 10 '22 at 15:27

How to use one host server public IP to access multiple guest VMs?

1 Answers1