In my previous post I explored port forwarding with IPTables to make VMs on a NAT Network (libvirt) accessible to the external world.
The same result can be achieved by using SSH to forward a port to the VM on the private network(accessible only within the hypervisor). This is specially handy if you don’t have root level access to change IPTables setting on the hypervisor. This is achieved by creating a ssh tunnel to connect a port on the hypervisor to a port on the VM.
Two things to keep in mind to make this work.
- you must have a ssh login on the VM
- the port forwarding works as long as the ssh connection is alive
Here is the SSH command that sets up the tunnel between the hypervisor and the VM
ssh -L<hypervisor_ip>:<hypervisor_port>:<vm_ip>:<vm_port> <user_on_vm>@<vm_ip>
ssh -L0.0.0.0:10022:vm1:22 user1@vm1
I have used 0.0.0.0 as the hypervisor so that the tunnel listen to all the interfaces on the hypervisor.
Execute this command on the hypervisor, this command will open a ssh connection to vm1 and prompt for password for user1. Once the connection is established, the tunnel is created from port 10022 on the hypervisor to port 22(ssh port) on the VM. In this example connecting to port 10022 on the hypervisor will actually access the port 22 on the VM. Users can now SSH to the VM from the external world by connecting to port 10022 on the hypervisor.