从来宾到KVM主机的SSH

时间:2018-09-27 12:59:53

标签: iptables qemu kvm virsh

我有一个kvm服务器,来宾虚拟机由于桥接而在其中获得Internet访问权限。我想通过ssh从来宾vm访问主机,但得到“端口22:连接被拒绝”,尽管我可以在所有ip上ping主机。

brctl show
bridge name     bridge id               STP enabled     interfaces
virbr0          8000.52540097d680       yes             virbr0-nic
                                                        vnet0
                                                        vnet1
                                                        vnet2

网桥的所有流量都通过POSTROUTING在主机的可升级表中转发。 

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination
RETURN     all  --  192.168.122.0/24     base-address.mcast.net/24
RETURN     all  --  192.168.122.0/24     255.255.255.255
MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24

如何建立从访客到主机的ssh连接?

编辑:

Chain INPUT (policy DROP)
ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0

应该接受所有

Edit2:

iptables -L -n
Chain INPUT (policy DROP)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
Badflags   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x11/0x01
Badflags   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x18/0x08
Badflags   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x30/0x20
Badflags   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x05/0x05
Badflags   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x03/0x03
Badflags   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x06
Badflags   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
Badflags   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00
Badflags   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x29
Badflags   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x2B
Badflags   tcp  --  0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x37
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 0
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 3
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 11
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0            icmptype 8
ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
Firewall   icmp --  0.0.0.0/0            0.0.0.0/0
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:80
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:443
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            state RELATED,ESTABLISHED
DROP       udp  --  0.0.0.0/0            0.0.0.0/0            udp spt:137 dpt:137
Rejectwall  all  --  0.0.0.0/0            0.0.0.0/0

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0            state INVALID,NEW

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

Chain Badflags (11 references)
target     prot opt source               destination
LOG        all  --  0.0.0.0/0            0.0.0.0/0            limit: avg 10/min burst 5 LOG flags 0 level 4 prefix "Badflags: "
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain Firewall (1 references)
target     prot opt source               destination
DROP       all  --  0.0.0.0/0            0.0.0.0/0

Chain Rejectwall (1 references)
target     prot opt source               destination
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

0 个答案:

没有答案
相关问题
最新问题