Port forwarding with ssh for VMs on libvirt NAT network

In my previous post I explored  port forwarding with IPTables to make VMs on a NAT Network (libvirt) accessible to the external world.

The same result can be achieved by using SSH  to forward a port to the VM on the private network(accessible only within the hypervisor). This is specially handy if you don’t have root level access to change IPTables setting on the hypervisor. This is achieved by creating a ssh tunnel to connect a port on the hypervisor to a port on the VM.

Two things to keep in mind to make this work.

  • you must have a ssh login on the VM
  • the port forwarding works as long as the ssh connection is alive

Here is the SSH command that sets up the tunnel between the hypervisor and the VM

ssh -L<hypervisor_ip>:<hypervisor_port>:<vm_ip>:<vm_port> <user_on_vm>@<vm_ip>

an example:

ssh -L0.0.0.0:10022:vm1:22 user1@vm1

I have used as the hypervisor so that the tunnel listen to all the interfaces on the hypervisor.

Execute this command on the hypervisor, this command will open a ssh connection to vm1 and prompt for password for user1. Once the connection is established, the tunnel is created from port 10022 on the hypervisor to port 22(ssh port) on the VM. In this example connecting to port 10022 on the hypervisor will actually access the port 22 on the VM. Users can now SSH to the VM from the external world by connecting to port 10022 on the hypervisor.


Published by

Chandan Dutta Chowdhury

Software Engineer

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s