1

I currently am able to ssh into the host machine, that has a static ip of 1.2.3.4. I used it to make a VM with a separate static ip using br0 on the host machine, using this reference

This works VM works fine. Using virt-manager I am able to get the vnc console up and login to the vm with root user and password. It is able to connect to the internet and the ifconfig show's it's ip, say 1.2.3.5

The problem I have is when I try and ssh into it from a public ip or from the host I get Connection closed by 1.2.3.5 port 22

As I'm trying to make more than one VM each with its own static ip that can be ssh'ed into, is there something I am required to either add to the /etc/network/interfaces on the host or the VM's to fix this? Looking at this reference maybe a pre-up or post-up?

nadermx
  • 545
  • Honestly, it is easier to SSH to the host system, then SSH to each VM after that. That way your router can be forwarded to one IP address instead of many. – Terrance May 09 '18 at 05:58
  • @terrance Maybe I'm not explaining my self well enough, I am not sure that pre-up or post-up are even necessary on the VM level, maybe it's something required on the host level. But give my specific use case it is necessary to have each one have it's own IP – nadermx May 09 '18 at 08:00
  • You can give every VM its own IP. You have stated that you can ssh from the host to the VM. But you stated that when you try ssh to the public IP, which to me says that you are remote off your internal network, that will not work. You would have to ssh to the host first. On the internal network as long as the IP address is within the proper subnet you can ssh directly to it from any system on the same subnet (internal) network. If you are putting them on their own subnet (VLAN) then you need another type router that helps route to where they are. – Terrance May 09 '18 at 13:03
  • @Terrance I can not ssh from the host to the vm unless I am using virt-manager. If I am in terminal and try ssh via the host it gives me the same error as when I try from another computer not in the network – nadermx May 09 '18 at 17:00
  • So, you're not trying to access these from remote meaning a completely different network then? You are only trying to access them from your internal network? Do you have the routes setup on each remote host so that they know that the IP address of that VM is on the specific host that it is installed on? – Terrance May 09 '18 at 17:02
  • @Terrance I do want to be able to access it remotely, and no, do I have to white list the specific domain? – nadermx May 09 '18 at 17:04
  • You shouldn't have to whitelist a domain, but that can be helpful if you are accessing from a specific domain. Your network usually has 1 public IP available on your router. You would have to configure the router to point to some type of server within the network. You can configure port forwarding for each different VM, but they would have to have their own port that you can point it to externally like eg 77.249.25.163:1001 would forward to 192.168.1.1:22 and 77.249.25.163:1002 would forward to 192.168.1.25:22. – Terrance May 09 '18 at 17:11
  • You would also have to have some sort of internal routing if your VM IPs are not in the same subnet as the host network. Say VMs are 172.16.xxx.xxx and host network is 192.168.1.xxx the need to know where the 172.16.xxx.xxx is. – Terrance May 09 '18 at 17:12
  • @Terrance it seems I still can not get this to work. The VM has access to the internet, shows its static ip, but all ssh attempts show connection closed. I can ping the ip and it responds. I have tried doing this on the https://askubuntu.com/a/951583/525195 as well, and still nothing – nadermx May 09 '18 at 23:06
  • I don't know if it is going to allow it as NAT has its own firewall. I work in a data center and we have to go through another server that allows us firewall access, then we have to ssh or tunnel our connection from there. That can be very confusing to setup. For my home network, I have ssh port 22 forwarded to one system, I access it externally without problems. Then from that one I can ssh to any of my systems on the inside. That is why I suggested originally for you to ssh to the host (parent) system then to the VMs. – Terrance May 09 '18 at 23:16
  • You should use RFC 1918 addresses for your VMs. The addresses you have used here are owned by someone else, and are being actively used on the Internet. – Michael Hampton May 10 '18 at 09:05
  • @MichaelHampton I'm trying to have the VM's be able to be used on the internet and be able to be ssh'd to them – nadermx May 10 '18 at 15:12

0 Answers0