Open dsferruzza opened 7 years ago
In case someone is still looking for a way to achieve this, Nixops supports passing extra VBoxManage modifyvm commands via the vmFlags
parameter (defined here and here) which can be used to define the port forwarding rules.
According to the VirtualBox manual, the Vbox machines are by default created with a network interface of type NAT attached to the network interface controller number 1 nic1
and it will by default get assigned the ip address 10.0.2.15
if the Vbox NAT engine default configuration wasn't altered. So you can directly define your port forwarding rules without having to create and to configure a new networking interface of type NAT.
I was able to configure port forwarding and to NAT some ports from the host physical machine to the guest logical VirtualBox machine by updating my deployment's nix expression as following :
deployment.virtualbox = {
headless = true;
vcpu = 2;
memorySize = 2048;
disks.disk1.size = 40000;
vmFlags = [
"--natpf1" "ssh,tcp,1.2.3.4,3322,,22"
"--natpf1" "http,tcp,1.2.3.4,3380,,80"
"--natpf1" "https,tcp,1.2.3.4,33443,,443"
];
};
In the above example, in the rule named ssh
, all TCP traffic arriving on port 3322 on the host interface with ip address 1.2.3.4
will be forwarded to port 22 in the guest (the guest ip address is not mandatory here and it wasn't mentioned in the rule to allow the VBoxManage utility to dynamically adjust it)
There are some limitations in using NAT interfaces and port forwarding. Such as the impossibility to forward host ports below 1024 (check section 6.3.3 in the VirtualBox user manual) so for example the rule "forward-ssh,1.2.3.4,22,,22" which is supposed to make the host accept all TCP traffic on port 22 and forward it to the guest on port 22 will not work !
Also, you may want to enable the host ports you used in your port forwarding rules in your firewall in case you are using a firewall.
This issue has been mentioned on NixOS Discourse. There might be relevant details there:
https://discourse.nixos.org/t/nixops-how-to-configure-network/11947/2
Hi!
I have created a NixOps network that contains a single logical machine. The network is deployed using the VirtualBox backend and the logical machine runs a web server. If I get the logical machine's IP from
nixops info
(let's say192.168.56.101
) and docurl -v 192.168.56.101
from the host machine, the web server responds as expected.Because I only have 1 public IP address (which is used by the host; let's say
1.2.3.4
) I want to be able to forward traffic from a given port of my host to another port of my logical machine.I am struggling with 2 problems here:
nixops info
and read it... I might need something more computer-friendly if I want to setup some firewall rules to send traffic to it.1.2.3.4:80
to192.168.56.101:80
. I tried to usenetworking.nat.forwardPorts
with no success...Do you have any idea on how to solve this?