Here’s the setup:
- Fedora 41 Server host
- Libvirt/QEMU
- Alma 9 guest running ssh
My goal is to forward ports from the guest to the host, but change them. I set up a hook(as in the libvirt docs) and it worked on my last server. My hook looks like:
#!/bin/bash
if [ "${1}" = "Jellyfin" ]; then
# Update the following variables to fit your setup
GUEST_IP=192.168.101.4
GUEST_PORT=22
HOST_PORT=2222
if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
/sbin/iptables -D FORWARD -o virbr1 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
/sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
fi
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
/sbin/iptables -I FORWARD -o virbr1 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
fi
fi
However, when I ssh to my server:2222, it doesn’t work, “Connection refused.” I can ssh from inside my server to my guest’s ip address, so I know it’s not an issue with ssh itself. The guest’s iptables rules are:
-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
so that’s probably not the issue.
My server’s iptables rules include:
-A FORWARD -d 192.168.101.4/32 -o virbr1 -p tcp -m tcp --dport 22 -j ACCEPT
, so it appears the forwarding happened, but an nmap scan reveals the port is closed:
2222/tcp closed EtherNetIP-1
I’m baffled by this issue. Any help would be greatly appreciated!
I ended up just installing Alma Linux again. Thank you very much for your help.