KVM virtual machines use NAT + iptables for port ing

The KVM virtual machine uses NAT + iptables for port ing. Today, a user asked me a question. This is the case. He has a KVM host, and an Internet IP address is bound to the host server, but he wants to directly access the host using ssh.
To provide Internet services for all the VMS, the solution is as follows: The www.2cto.com environment is RHEL6.3, and the Internet IP address is 115.183.0.11. use NAT to connect to the network. The configuration file is/etc/libvirt/qemu/networks/default. xml; view the network configuration file, the following is the default # brctl show bridge name bridge id STP enabled interfaces virbr0 8000.5254005aa781 yes virbr0-nic if you need to modify, you can directly modify or create a new file, run the following command to create a new network virsh net-define [filename] 2. install VMvirt-install -- name linux-nat -- ram 2048 -- disk/data/linux. nat. raw -- graphics \ vnc, port = 5902 -- network = default, model = virtio -- vcpus = 8 -- OS-variant = rhel6 -- import #/data/linux. nat. raw: A good Linux system template. 3. view the NIC information of the host server virbr0 ifconfig virbr0 virbr0: <BROADCAST, MULTICAST, UP, LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN link/ether 52: 54: 00: 5a: a7: 81 brd ff: ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 enter the VM, change the IP address to 192.168.122.2, and the gateway to 192.168.122.1 4. configure iptables to enable the user to access port 8000 of the Host IP address, then iptables forwards the packet to port 22 of the VM # iptables-a input-p tcp -- dport 8000-j ACCEPT # iptables-t nat-a prerouting-d 115.183.0.1-p tcp-m tcp -- dport 8000-j DNAT -- to-destination 192.168.122.2: 22 # iptables-t nat-a postrouting-s 192.168.122.0/255.255.255.0-d 192.168.122.2-p tcp-m tcp -- dport 22-j SNAT -- to-source 192.168.122.1