On 06/12/2015 11:29 AM, BJ wrote:
So should I go ahead and make the changes to the script that I suggested?

I wanted to verify that it worked okay with your changed, but got a bit sidetracked by the fact that the redirection no longer works at all on my Fedora system as of F22. Since I don't have time to figure out what the problem is there, and you say that it works for you with this addition, I guess go ahead and make the change.

You may want to look into the following though:

1) using the "network" hook instead of the "qemu" hook (the network hook didn't exist at the time this hook was written)

2) installing rinetd and having the hook script add/remove a line in rinetd.conf and signal it. This would eliminate all the potential points of failure related to doing it with iptables DNAT rules. (I've been meaning to try that out since someone suggested it a month or two ago, but it is *way* down on my list).

Thanks for taking the time/effort to follow up on this!



Thanks,
BJ

On Mon, Jun 8, 2015 at 3:21 PM, Eric Blake <eblake@redhat.com> wrote:
On 06/08/2015 02:43 PM, Laine Stump wrote:
>> However, if I changed the destination address from "anywhere" to the
>> IP of the host machine, the problem resolved. So I change the script
>> to as follows. (Changes are highlighted. For some reason the original
>> script didn't work using /bin/sh, but it did with /bin/bash, so I
>> changed that too).
>
> I don't know for sure, but my guess is that this line:
>
>   length=$(( ${#Host_port[@]} - 1 ))

Correct - that line is a bashism, and is not portable when /bin/sh is dash.

>
> which was added by vgerris in order to support forwarding of multiple
> ports, could be what's causing the incompatibility (that wasn't in the
> original, simpler version of the script, written by me.)
>
>>
>> *#!/bin/bash*
>> # used some from advanced script to have multiple ports: use an equal
>> number of guest and host ports
>>
>> Guest_name=xxxxxxx
>> Guest_ipaddr=xxx.xxx.xxx.xx
>> *Host_ipaddr=xxx.xxx.xxx.xx*
>> Host_port=( '80' '443' )
>> Guest_port=( '80' '443' )

In fact, these two lines are also bashisms.  All the more reason to
require bash.

>> length=$(( ${#Host_port[@]} - 1 ))
>> if [ "${1}" = "${Guest_name}" ]; then
>>    if [ "${2}" = "stopped" -o "${2}" = "reconnect" ]; then

test ... -o ... (also spelled [ ... -o ... ]) is not portable, even on
bash.  There are some expressions that are completely ambiguous on how
to be parsed, when -o is in the mix.  It is better to spell it: [ ... ]
|| [ ... ] (that is, use the shell's || instead of test's -o to do the
conjunction).

>>        for i in `seq 0 $length`; do

seq is not portable outside of GNU/Linux systems.

>> Lastly, I should note that I am using Ubuntu 14.04, both for the host
>> and guest.

Yep, that's a system that uses dash for /bin/sh.

>>
>> I'm also curious as to why this is considered a hack method. It states
>> in the wiki that "This method is a hack", but it doesn't express why.
>
> I consider it a hack because:
>
> 1) It requires the IP address of the guest to be known before the guest
> is started, so either you need to guess the guest's IP (if the guest is
> getting its IP address via dhcp) or configured the guest IP address in
> multiple places.

Although recent work has been made to get libvirt to add an API that
queries the guest for its IP address, once the guest is running.

--
Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library http://libvirt.org