iptables QEMU-KVM NAT

(Last Updated On: May 2, 2019)

iptables for qemu-kvm nat

 

Allow Interface

iptables -A INPUT -i virbr0 -j ACCEPT

 

SSH

DHCP IP:4022 -> 192.168.201.3:22

iptables -A INPUT -i eth0 -p tcp -m tcp --dport 4022 -j ACCEPT
iptables -t nat -I PREROUTING -p tcp -i eth0 --dport 4022 -j DNAT --to-destination 192.168.201.3:22

 

Windows Remote Desktop Protocol

DHCP IP:4389 -> 192.168.201.2:3389 TCP and UDP

iptables -A INPUT -i eth0 -p tcp -m tcp --dport 4389 -j ACCEPT

iptables -t nat -I PREROUTING -i eth0 -p tcp --dport 4389 -j DNAT --to-destination 192.168.201.2:3389

iptables -t nat -A PREROUTING -i eth0 -p udp -m udp --dport 4389 -j DNAT --to-destination 192.168.201.2:3389
iptables -t nat -A PREROUTING -i eth0 -d 192.168.201.2 -p udp --dport 4389 -j REDIRECT --to-ports 3389

 

MASQUERADE (for Dynamic Configured IP Interface)

iptables -I FORWARD -m state -d 192.168.201.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE