Revision as of 21:48, 8 February 2023 (view source) Amanjosan2008 (talk \| contribs) (→‎Install CentOS) ← Older edit		Revision as of 23:20, 8 February 2023 (view source) Amanjosan2008 (talk \| contribs) (→‎Deploy F5 in KVM) Newer edit →
Line 168: root / default * Iptables enable Web UI access using NAT from Host VM: ~~<pre>~~ sudo iptables -t nat -I PREROUTING -p tcp -d 10.170.131.132 --dport 8443 -j DNAT --to-destination 192.168.122.109:~~8443~~443▼ ~~# config -> Assign IP address for management~~ ~~tmsh show sys management-ip --> notworking~~ ~~tmsh show running-config~~ ~~nano /etc/libvirt/hooks/qemu~~ ~~#!/bin/bash~~ ~~# Hook to insert NEW rule to allow connection for VMs~~ ~~# 192.168.122.0/24 is NATed subnet~~ ~~# virbr0 is networking interface for VM and host~~ ~~# -----------------------------------------------------------------~~ ~~# Written by Vivek Gite under GPL v3.x {https://www.cyberciti.biz}~~ ~~# -----------------------------------------------------------------~~ ~~# get count~~ ~~#################################################################~~ ~~## NOTE replace 192.168.2.0/24 with your public IPv4 sub/net ##~~ ~~#################################################################~~ ~~v=$(/sbin/iptables -L FORWARD -n -v \| /usr/bin/grep 192.168.122.109/32 \| /usr/bin/wc -l)~~ ~~# avoid duplicate as this hook get called for each VM~~ ~~[ $v -le 2 ] && /sbin/iptables -I FORWARD 1 -o virbr0 -m state -s 10.170.131.0/24 -d 192.168.122.109/32 --state NEW,RELATED,ESTABLISHED -j ACCEPT~~ ~~chmod -v +x /etc/libvirt/hooks/qemu~~ ~~vim /etc/ufw/before.rules~~ ~~# KVM/libvirt Forward Ports to guests with Iptables (UFW) #~~ nat ~~:PREROUTING ACCEPT [0:0]~~ ~~-A PREROUTING -d 10.170.131.132 -p tcp --dport 443 -j DNAT --to-destination 192.168.122.109:443 -m comment --comment "Port443 for BigIP"~~ ~~COMMIT~~ ~~</pre>~~ ▲ sudo iptables -t nat -I PREROUTING -p tcp -d 10.170.131.132 --dport 8443 -j DNAT --to-destination 192.168.122.109:8443 ~~sudo iptables -t nat -I PREROUTING -p tcp -d 10.170.131.132 --dport 80 -j DNAT --to-destination 192.168.122.109:80~~ sudo iptables -I FORWARD -m state -d 192.168.122.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT ~~sudo service netfilter-persistent save~~ ~~curl -sk -u root:kIr@t#29 -H "Content-Type: application/json" -X GET https://192.168.122.109/mgmt/tm/sys/management-ip \| jq -M .~~ Apply License tmsh install /sys license registration-key <KEY> * Save Config tmsh modify /security firewall management-ip-rules rules add { example_mgmt_rule { action accept destination { addresses add { 192.168.122.109 } ports add { 443 } } ip-protocol tcp log yes place-before first source { addresses add { 10.170.131.1-10.170.131.254 } ports none } status enabled uuid auto-generate } } save /sys config

F5: Difference between revisions

F5 (view source)

Revision as of 23:20, 8 February 2023