KVM - The Linux Kernel-Based Virtual Machine
News, Blogs and Resources on the Linux (KVM) Kernel-Based Virtual Machine
connecting to the guest from the Internet
June 20, 2008 - 5:27am
Hi to everybody,
I'm a linux novice trying to run Windows Server 2003 under Debian GNU/Linux using KVM. I found several nice tutorials and I succeeded installing Windows. I assigned a random IP in the same subnetwork to the guest and I'm now able to surf the net, download software and so, from the Windows guest. I can even connect to the guest from other computers in the network (I have IIS running on it and I can see the pages it is serving). I'm happy because my Linux skill is very limited.
Now, I'd like the guest to be accessed from outside the network. Is it possible? Off course, the IP I assigned to it does not work from outside the network, and if I use the IP of the machine I go to the pages served by Apache.
Thanks in advance.
This can be done but it depends on your how your network is setup. Do you use some kind of home router? Are you doing a many to one NAT on this router?
The computer is connected to the network of a University, so I don't know exactly how the setup is...
If you guest is using bridged networking then theoretically you can. However, network policies will have to be in place ( firewall ) to allow outside access to your guest. Additionally if your guest is using a non-routable ip (under bridged networking ) then a static NAT will also have to be in place so that outside users can access services on your guest.
As far as I can tell, I'm using bridged networking (I used several tutorials in the Net to configure the network and starting kvm).
What should be the first steps? Is there any easy tutorial out there? I hope the complete process is not too much for my skills...
drfelip,
Sounds like everything is already configured on your guest/host for external access. The issue now is from the network infrastructure side of things. What you really need is your network administrator to allow external access. You have two issues:
1. Is your guest/host configured with a routable ip address?
- If yes, then your network adminstrator will have to configure your gateways/firewall to allow access to the your guest ip externally.
- If no, then your network administrator will not only have to allow access but create a NAT entry to map an external ip to your guest internal ip.
If you don't have control of your network infrastructure then you have to approach your network administrator.
First, thank you very much for your attention. You are being very helpful.
1. How can I tell if the IP address is routable?
2. I think I can contact the network administrator, but I have to know exactly what to ask for.
No problem drfelip, glad I can help and hope you get your external access working.
Private ip addresses are NON-routable ip addresses and cannot be accessed externally from your network. Anything that fall within the following ranges are considered private:
* 10.0.0.0 through 10.255.255.255
* 172.16.0.0 through 172.31.255.255
* 192.168.0.0 through 192.168.255.255
Anything OTHER than these are considered ROUTABLE and can be accessed externally. However although it can be accessed externally, your gateways/routers/firewalls that segment your subnets will have policies to either allow or block access for security reasons. I've included a link to explain private addresses below:
http://www.pku.edu.cn/academic/research/computer-center/tc/html/TC0305.html
Good luck and let me know if you have any more questions.
OK, so the IP address is routable. Thanks for your nice explanation, I'm going to approach the network administrators soon and try to sort the problem out. I'll tell you how it goes :)
Thanks a lot.
OK, so I asked the administrator for a new IP in the same subnetwork as the host and assigned it to the guest. It keeps working well inside the local network, but not from outside. Maybe there is some error in my config or kvm start script?
(I forgot to log in!)
Did you configure a default gateway on the guest machine?
I don't have access to the computer right now, but IIRC I configured guest Windows TCP/IP gateway to the same IP that's in /etc/network/interfaces in the host (gateway *.*.128.1, it's the same IP than in the line "network").
Sounds like your guest is configured correctly for default gateway. I would perform the following tests to verify everything.
- ping from machine on LAN to your guest and vice versa
- ping from guest to default and vice versa. This may be challenge if your gateway is configured to not respond to pings as you'll need your network admin to ping your guest from the gateway.
- verify that default is configured ok on guest (you've already done this)
- Verify policy on your network firewalls allows access to your guest.
OK, I'm going to contact the administrators to do this testing. By the way, could you have a look to my kvm start script command? I've omitted everything excepting the network parameters. I'd like to discard any obvious mistake.
kvm -net nic,vlan=0,model=rtl8139 -net tap,vlan=0
OK, so I tried a few combination of pings:
*From host:
to host: OK
to guest: does not respond
to default gateway: OK
*From guest:
to guest: OK
to host: OK
to default gateway: OK
As the guest did not respond to pings from the host, I did not try to ping from another computer in the LAN, I assume they are going to fail.
I'm going to ask the administrator to verify that the firewalls allow access to the guest.
I'm wondering about the Windows Firewall configuration in the guest, but as the pages served are accessible from the LAN, I assume it is OK.
Your tests look good. And yes, your guest windows firewall is probably preventing pings. If your LAN pcs can access the pages on your guest and your guest has a routable ip then you should be ok. Once your network admin verifies access to your guest, it will probably work. Let me know how it goes.
Damn universities!
As you predicted, the problem was in the network side: we had to fill a formulary asking for the services to be enabled, blah, blah blah...
Now everything works! It works very nicely (it's a low-traffic server), but if you have any advice to improve performance, I'd like to know. I owe you a beer! Maybe I can link to this site from my web, http://optimitza.com/news/
Thanks!
Hi drfelip,
I'm sincerely happy to hear that you got it resolved and I'm always open to a beer :-). As far as improving performance the only thing you can probably do is use paravirtualized network drivers. There's and article on this site about how to go about installing and using it on a windows guest here. If you haven't tried it yet, try to see if you can get it to work and let me know how that goes. I would definitely appreciate you linking to my site from yours, thank you very much.
Feel free to drop any more questions/comments you have and I will be visiting your site as well.
Hi Haydn,
Thanks for the link, I think I'm going to wait a bit before modifying the configuration :) But I'm going to use it in case performance is unsatisfactory.
Thanks a lot for you help, I've already put a link to your site in mine and told about your site in a catalan linux forum I visit sometimes.
Best regards,
Felip.
Hi Felip,
Your configuration should not have any performance issues as bridged networking provides good network performance. Virtio drivers brings performance closer to native levels but I don't think your guest really *needs* it. Take care and thanks for the link.
Haydn
Post new comment