物理機 CentOS 7.2 10.127.158.46
虛擬機 CentOS 6.7 192.168.122.233
kvm網絡配置爲NAT方式
關閉firewalld,安裝iptables
[root@NC2-WAFXJS-SEV158-46 ~]# yum install iptables-services
[root@NC2-WAFXJS-SEV158-46 ~]# iptables -F
[root@NC2-WAFXJS-SEV158-46 ~]# service iptables save
配置dnat和snat
[root@NC2-WAFXJS-SEV158-46 ~]# iptables -t nat -A PREROUTING -p tcp -m tcp --dport 2222 -j DNAT -to-destination 192.168.122.233:22
[root@NC2-WAFXJS-SEV158-46 ~]# iptables -t nat -A POSTROUTING -p tcp -m tcp -d 192.168.122.233/32 --dport 22 -j SNAT --to-source 10.127.158.46
[root@NC2-WAFXJS-SEV158-46 ~]# iptables -nL -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222 to:192.168.122.233:22
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
SNAT tcp -- 0.0.0.0/0 192.168.122.233 tcp dpt:22 to:10.127.158.46
[root@NC2-WAFXJS-SEV158-46 ~]# iptables -nL -t filter
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:2222
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
在物理機上配置sshd監聽22端口與2222端口
[root@NC2-WAFXJS-SEV158-46 ~]# vim /etc/ssh/sshd_config
...
#Port 22
#AddressFamily any
ListenAddress 0.0.0.0:22
ListenAddress 10.127.158.46:2222
#ListenAddress ::
...
[root@NC2-WAFXJS-SEV158-46 ~]# systemctl reload sshd.service
測試時不能在物理機上實驗,要在另一臺機器上執行ssh -p 2222 10.127.158.46測試是否直接進入kvm虛擬機。