Hi
I'm using this hook to make for example https available to the world. When an other guest want to reach the webserver this timed out. What am i doing wrong or where can i fix this.

Thanks!

The LICENSE.txt (or LICENSE.md) file is missing. According to https://help.github.com/en/github/creating-cloning-and-archiving-repositories/licensing-a-repository#what-happens-if-i-dont-choose-a-license : "[...] without a license, the default copyright laws apply, meaning that you retain all rights to your source code and no one may reproduce, distribute, or create derivative works from your work[...]". Is it what the authors indent? In other words: could you tell what's the license for the libvirt-hook-qemu, please?

Hi, I wish I could include comments in my config file. Here's an example in cjson:

{
    "mailinabox": {
        "interface": "virbr1",
        "private_ip": "192.168.122.10",
        "port_map": {
            "udp": [[53, 53]],     // dns
            "tcp": [[25, 25],      // smtp
                    [53, 53],      // dns
                    [80, 80],      // http
                    [109, 109],    // pop
                    [110, 110],    // pop3
                    [143, 143],    // imap
                    [220, 220],    // imap3
                    [443, 443],    // https
                    [993, 993],    // imaps
                    [995, 995],    // pop3s
                    [4190, 4190]]  // sieve
        }
    }
}

But I suppose you could do something like this too (don't shoot the messenger):

[443, 443], "// https",
[993, 993], "// imaps",

Great script! It saved me a ton of time. They need to link to it from http://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections . (I would have but I didn't see how to sign up)

The qemu.json file cannot be found in /etc/libvirt/hooks/.
However, hooks.json is located there. These are the contents of hooks.json:

{
    "cloud-admin": {
        "interface": "virbr1",            // you can use comments
        "private_ip": "192.168.124.10",   /* both styles */
        "source_ip": "8.8.8.8",
        "port_map": {
            "tcp": [[1100, 3000], 443]
        }
    },
    "cloud-node1": {
        "private_ip": "192.168.126.2",
        "port_map": {
            "tcp": [[1101, 80],
                    [1102, 443]]
        }
    }
}

Could anyone advise on how I can edit this file to suit my network configuration settings?
I am using an ethernet connection on the host machine(Ubuntu 16.04LTS), and a NAT configuration on Cent OS 7 VMs.

Hi,

I have been using this scripts for while and I am pretty satisfied with them, great job and so great you shared it. Anyhow some days ago I needed to open a port range so i modified a little the script and the schema in order to accept an entrance like:

"port_range": [{"range": [10000, 10128], "protocol": "udp"}]

Assuming that the mapping is done using the same port numbers. I was wondering if it would be of your interest to include such a modifications in your code, I can provide a Pull Request if you'd like. Some modifications or enhancements could be done, like provide start port number and the number of port to open (instead of min-max ports).

Thanks,
David

Hi everyone,

Is it possible to setup port forwarding just for a specific network interface?
My case: I have two NICs: eth0, eth1. I want to have port forwarding just for incoming connections to eth0, but refuse all connection attempts to the same tcp port on eth1.
I've tried to play wth "public_ip" param, but unfortunately I didn't get it work, seems that I'm doint something wrong.

Thanks!

Is there any way to support multiple IP adresses for a VM?

I would like to do this because I need to have more than one Apache virtual host on a VM and allow access to port 80 on both addresses. I need to do that because one of the vhosts needs to be configured with some insecure settings ("HttpProtocolOptions Unsafe") which I wouldn't want to apply to the default vhost.

Right now I don't think I can have two IP addresses because the hooks script assumes that there is exactly one possible value of private_ip per VM, I think.

I can't make one of the Apache vhosts a CNAME (and thus need only one IP address) because this is against best practice for Apache httpd (see https://httpd.apache.org/docs/2.4/dns-caveats.html).

Hey,

first of all, thanks for the script. Unfortunately though, it is not working for me. When starting the virtual machine it fails with error code 256. Starting the script from the shell results in the following error:

root@debiantest:/etc/libvirt/hooks# ./qemu
Traceback (most recent call last):
File "./qemu", line 96, in
vir_domain, action = sys.argv[1:3]
ValueError: need more than 0 values to unpack

This is on a debian wheezy machine with python 2.7.3.

oh, and test_qemu.py also fails:

root@debiantest:~/libvirt-hook-qemu-master# python test_qemu.py
Traceback (most recent call last):
File "test_qemu.py", line 5, in
import qemu # Our local libvirt hooks module
ImportError: No module named qemu

Could you give me a hint what is going on here?

Thanks!

If internal and external ports match, it would be nice to write:

        "tcp": [25, 53, 80],

instead of the current:

        "tcp": [[25, 25],
                [53, 53],
                [80, 80]],

(wishlist)

Hi great tool!

make clean fails on Ubuntu 16.04. Appears to be variable expansion with the {,.json,.schema.json} line.

root@ubuntu-io6-28:~/libvirt-hook-qemu# make clean
rm /etc/libvirt/hooks/hooks{.json,.schema.json}
rm: cannot remove '/etc/libvirt/hooks/hooks{.json,.schema.json}': No such file or directory
Makefile:12: recipe for target 'clean' failed
make: *** [clean] Error 1

Manually expanding those results in:
rm ${LIBVIRT_HOOKS_DIR}/hooks
rm ${LIBVIRT_HOOKS_DIR}/hooks.json
rm ${LIBVIRT_HOOKS_DIR}/hooks.schema.json
and this works as expected.

The issue seems to be tied to this assignment: https://github.com/saschpe/libvirt-hook-qemu/blob/master/hooks#L160

Hi,
I've got an issue where the host has two ips assigned, and the second of the two ips I assigned for guest's nat ports. However, some of the rules contain both the main ip and the proper nat ip, or in some cases just the main ip (and not the guest's ip). I've attached hooks.json and output of iptables-save, and as you can see, the public_ip is set properly, but the iptables rules still seem to be a bit wonky.
Any help?
-Michael.

iptables.txt

hooks.json.txt

hi, has anyone confirmed libvirt-hooks works on 18.04 ubuntu?

I'm having some issues, it looks like the iptables is getting created ok, but maybe it's getting filtered somewhere?

thanks!
Andrew

Hi,
after implementing your script and modifying hooks.json, there's not relevant entry when executing iptables -L and port redirection is not working.

I'm running SLES 12SP2.

THX

My host server only has a private ipv4 address and a global ipv6 address. I want to enable ipv6 forwarding so I can access my guest VM through global ipv6.

I have successfully defined a network with ipv6:

<ip family='ipv6' address='fd12:8848:a2a2:1::1' prefix='64'>
  <dhcp>
    <range start='fd12:8848:a2a2:1::4' end='fd12:8848:a2a2:1::ff'/>
  </dhcp>
</ip>

Then, the address of my guest VM is fd12:8848:a2a2:1::53 and I can connect to it with ssh from the host.

However, this script seemed to only add ipv4 DNAT in iptables. ip6tables -t nat -L did not have any DNAT rules. So, I added it by hand:

sudo ip6tables -t nat -A PREROUTING -p tcp --dport 4022 -j DNAT --to-destination '[fd12:8848:a2a2:1::53]:22'

And everything works perfectly.

But I still want to let this script manages it automatically and it would be appreciated if the developers of the script can add this feature.