Antsle Forum
Welcome to our Antsle community! This forum is to connect all Antsle users to post experiences, make user-generated content available for the entire community and more.
Please note: This forum is about discussing one specific issue at a time. No generalizations. No judgments. Please check the Forum Rules before posting. If you have specific questions about your Antsle and expect a response from our team directly, please continue to use the appropriate channels (email: [email protected]) so every inquiry is tracked.
Forum Navigation
Port forwarding to LXC antlet stopped working
#1 · November 28, 2018, 4:48 pm
Hi,
I successfully set up port forwarding (antsle port 8443 to antlet port 443), which was working fine...until it wasn't. As far as I can tell nothing changed, the script is still setting up the forwarding, iptables still shows the rules. But no packets are getting through.
$ cat /etc/libvirt/hooks/lxc
#!/bin/bash
# update: 10/24/2018
antlet_type=`basename "$0"`
echo `date` hook/${antlet_type} "antlet ${1}" "${2}" >>/var/log/libvirt/hook.log
# Update the following variables to fit your setup
# Use an equal number of host and guest ports
antlet_name=antstore
antlet_ipaddr=10.1.1.16
host_ipaddr=10.0.0.50
host_ports=( '8443' )
antlet_ports=( '443' )
# Update iptables
length=$(( ${#host_ports[@]} - 1 ))
if [ "${1}" = "${antlet_name}" ]; then
if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
for i in `seq 0 $length`; do
echo "`date` hook/${antlet_type} antlet $antlet_name Closing port ${host_ports[$i]} -> ${antlet_ports[$i]} " >>/var/log/libvirt/hook.log
iptables -t nat -D PREROUTING -d ${host_ipaddr} -p udp --dport ${host_ports[$i]} -j DNAT --to ${antlet_ipaddr}:${antlet_ports[$i]}
iptables -D FORWARD -d ${antlet_ipaddr}/32 -p udp -m state --state NEW,ESTABLISHED,RELATED --dport ${antlet_ports[$i]} -j ACCEPT
iptables -t nat -D PREROUTING -d ${host_ipaddr} -p tcp --dport ${host_ports[$i]} -j DNAT --to ${antlet_ipaddr}:${antlet_ports[$i]}
iptables -D FORWARD -d ${antlet_ipaddr}/32 -p tcp -m state --state NEW,ESTABLISHED,RELATED --dport ${antlet_ports[$i]} -j ACCEPT
done
fi
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
for i in `seq 0 $length`; do
echo "`date` hook/${antlet_type} antlet $antlet_name Mapping port ${host_ports[$i]} -> ${antlet_ports[$i]} " >>/var/log/libvirt/hook.log
iptables -t nat -A PREROUTING -d ${host_ipaddr} -p tcp --dport ${host_ports[$i]} -j DNAT --to ${antlet_ipaddr}:${antlet_ports[$i]}
iptables -I FORWARD -d ${antlet_ipaddr}/32 -p tcp -m state --state NEW,ESTABLISHED,RELATED --dport ${antlet_ports[$i]} -j ACCEPT
iptables -t nat -A PREROUTING -d ${host_ipaddr} -p udp --dport ${host_ports[$i]} -j DNAT --to ${antlet_ipaddr}:${antlet_ports[$i]}
iptables -I FORWARD -d ${antlet_ipaddr}/32 -p udp -m state --state NEW,ESTABLISHED,RELATED --dport ${antlet_ports[$i]} -j ACCEPT
done
fi
fi
My hook.log:
Fri Nov 23 14:26:18 PST 2018 hook/lxc antlet antstore release Fri Nov 23 14:26:28 PST 2018 hook/lxc antlet antstore prepare Fri Nov 23 14:26:28 PST 2018 hook/lxc antlet antstore start Fri Nov 23 14:26:28 PST 2018 hook/lxc antlet antstore Mapping port 8443 -> 443 Fri Nov 23 14:26:28 PST 2018 hook/lxc antlet antstore Mapping port 9001 -> 9001 Fri Nov 23 14:26:29 PST 2018 hook/lxc antlet antstore started
Things were still working at this point.
Not sure what this is all about. I am assuming that's from when I had to reboot the antsle itself:
Sun Nov 25 21:55:27 PST 2018 hook/lxc antlet node prepare Sun Nov 25 21:55:27 PST 2018 hook/lxc antlet node start Sun Nov 25 21:55:27 PST 2018 hook/lxc antlet node started Sun Nov 25 21:57:31 PST 2018 hook/lxc antlet node stopped Sun Nov 25 21:57:31 PST 2018 hook/lxc antlet node release Sun Nov 25 21:57:32 PST 2018 hook/lxc antlet node prepare Sun Nov 25 21:57:32 PST 2018 hook/lxc antlet node start Sun Nov 25 21:57:32 PST 2018 hook/lxc antlet node started Sun Nov 25 21:59:20 PST 2018 hook/lxc antlet node stopped Sun Nov 25 21:59:20 PST 2018 hook/lxc antlet node release Sun Nov 25 21:59:26 PST 2018 hook/lxc antlet node prepare Sun Nov 25 21:59:26 PST 2018 hook/lxc antlet node start Sun Nov 25 21:59:26 PST 2018 hook/lxc antlet node started Sun Nov 25 22:05:05 PST 2018 hook/lxc antlet node stopped Sun Nov 25 22:05:05 PST 2018 hook/lxc antlet node release Sun Nov 25 22:05:05 PST 2018 hook/lxc antlet node prepare Sun Nov 25 22:05:05 PST 2018 hook/lxc antlet node start Sun Nov 25 22:05:06 PST 2018 hook/lxc antlet node started Sun Nov 25 22:16:01 PST 2018 hook/lxc antlet node stopped Sun Nov 25 22:16:01 PST 2018 hook/lxc antlet node release Sun Nov 25 22:16:01 PST 2018 hook/lxc antlet node prepare Sun Nov 25 22:16:01 PST 2018 hook/lxc antlet node start Sun Nov 25 22:16:02 PST 2018 hook/lxc antlet node started
And from here on out, no more working port forwarding, even though it's still being set up.
Wed Nov 28 08:50:20 PST 2018 hook/lxc antlet antstore stopped Wed Nov 28 08:50:20 PST 2018 hook/lxc antlet antstore Closing port 8443 -> 443 Wed Nov 28 08:50:20 PST 2018 hook/lxc antlet antstore release Wed Nov 28 08:50:59 PST 2018 hook/lxc antlet antstore prepare Wed Nov 28 08:50:59 PST 2018 hook/lxc antlet antstore start Wed Nov 28 08:50:59 PST 2018 hook/lxc antlet antstore Mapping port 8443 -> 443 Wed Nov 28 08:51:00 PST 2018 hook/lxc antlet antstore started
$ sudo iptables -L -t nat|grep 443 Password: DNAT tcp -- anywhere antsle.home.lan tcp dpt:8443 to:10.1.1.16:443 DNAT udp -- anywhere antsle.home.lan udp dpt:8443 to:10.1.1.16:443
Any thoughts how to debug this further?
Thanks,
Markus