How can I access Gitlab installed on KVM VM externally with a static IP address

ubuntu
debian
iptables
kvm
nat

#1

I have made two VM’s(LInux 16.04 LTS) on a physical host which has Debian Server. I Have installed GItlab on VM1 now I want to access it externally with a Static IP outside my local network. I have the IP but I am stuck I made bridge connection with that IP but nothing happens.help


#2

Share more about your VM networking. Is it bridged based networking? Are you using VMware, KVM, OR XEN? Is static public IP assigned to Debian server too? Maybe give us output of commands

brctl show

#3

Hey! Thank you for the swift reply

actually, I am using KVM on my Debian Server. My Vm1 is running Ubuntu 16.04 , as libvrtd uses dnsmasq it has given my VM1 192.168.122.248 IP…and YES Debain server has Static Public IP

Debian server’s result :

$ brctl show
bridge name       bridge id                       STP enabled               interfaces
virbr0          8000.525400f6e948                yes                            virbr0-nic
                                                                 vnet0
                                                               vnet1
virbr1          8000.525400e7096b              yes                            virbr1-nic

Running brctl show command on VM1 gives the null result.
now the thing is on local IP Gitlab is working fine I tried to change the external address in GITLAB.rb file and tried different configurations but it did not work. My VM’s can access internet via my Debain server. I tried making bridge on Server but the internet connectivity gets lost on my VMs due to conflict. Now tell me how can I access Gitlab in my home with external IP.I want to do that so anyone can access it.Plus after this task I want to configure LDAP with it. I am kinda new to this Sys Admin stuff so don’t mind if I have bad concepts about networking and VMs


#4

You need to install firewall to redirect all incoming traffic using DNAT. Something like follows will redirect all public traffic coming on port 80 of 1.2.3.4 public IP to internal KVM 192.168.122.248:80

## syntax ##
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -d {PUBLIC_IP} --dport 80 -j DNAT --to {INTERNAL_IP}:80
## example ##
/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -d 1.2.3.4 --dport 80 -j DNAT --to 192.168.122.248:80 

You must replace IP and ports as per your setup. Next you need to talk back from private IPs to public IP back:

 /sbin/iptables -t nat -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE

If you find this is hard, try using UFW. Still need to edit files tho. It is well documented here:


#5

I am trying to follow the steps but when I am typing

/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -d {public ip} --dport 80 -j DNAT --to
{INTERNAL_IP}:80

it is giving me an error on Internal IP

IPTABLES V1.6.0: Bad IP address "{192.168.122.248}"
this is the IP my VM is using so I guess this is the internal IP. Physical host is using 130.83.162.84 and I want to give public IP 130.83.162.69 to access gitlab externally


#6

Try:

/sbin/iptables -t nat -A PREROUTING -i eth0 -p tcp -d 130.83.162.84 --dport 80 -j DNAT --to 192.168.122.248:80 

Of course replace 80 with actual gitlab port.


#7

Now I can access Gitlab on others PC In my Network now I want to access it from anywhere! what is the best solution?