Ready the launch this server out the fecking window
OK so my KVM has a NAT, 10.0.0.0/24
One of the guests behind this NAT needs to connect to the host. It needs to connect on port 5555 (just say, for arguments sake).
Wireshark shows the packet from 10.0.0.1 > 192.168.0.5 going over ok, but the return SYNACK getting blocked (from 192.168.0.5).
How do I add a rule to iptables to allow the host to talk to the NAT subnet on a specific port?
I have tried this so far
Which I interpret to mean, please ffs could the firewall just allow all tcp traffic from 192.168.0.5 to any IP on the 10.0.0.0/24 subnet.
But it doesn't work and the packet still gets blocked
OK so my KVM has a NAT, 10.0.0.0/24
One of the guests behind this NAT needs to connect to the host. It needs to connect on port 5555 (just say, for arguments sake).
Wireshark shows the packet from 10.0.0.1 > 192.168.0.5 going over ok, but the return SYNACK getting blocked (from 192.168.0.5).
How do I add a rule to iptables to allow the host to talk to the NAT subnet on a specific port?
I have tried this so far
Code:
iptables I FORWARD 1 -p tcp -s 192.168.0.5 -d 10.0.0.0/24 -j ACCEPT
But it doesn't work and the packet still gets blocked
Comment