System Information
Linux distribution
Centos7
Terraform version
terraform -v Terraform v1.3.9 on linux_amd64 + provider Terraform Registry v0.7.1 + provider Terraform Registry v2.2.0
Provider and libvirt versions
terraform-provider-libvirt -version libvirtd (libvirt) 4.5.0
__
Description of Issue/Question
I deployed a VM with no issues. but have issues with the network connection to it as follows:
When using Bridge mode:
- VM inbound: Traffic is only allowed from the VM subnet network to the VM server.
- VM outbound: Traffic is only allowed from the VM server to the VM subnet network
- It means that I can’t ping/SSH the VM if my source server is on a different network (but I can reach that VM host).
When using NAT mode:
- VM inbound: Traffic allowed, only from the Physical Host to VM
- VM outbound: The VM can ping/SSH to any address
- It means that I can’t ping/SSH the VM if my source server is on a different network (but I can reach that VM host).
I notice that when using “nat” mode, the physical host gets iptables roles which block the connections. but even if deleting iptables rules, the connections are still blocked.
Setup
Relevant main.tf part (in nat mode):
resource "libvirt_network" "vm_main_network" {
name = "${var.VM_HOSTNAME}_network"
mode = "nat"
domain = "${var.VM_HOSTNAME}.local"
addresses = ["${var.VM_MAIN_RANGE}"]
dhcp {
enabled = false
}
dns {
enabled = true
}
}
resource "libvirt_domain" "vm" {
count = var.VM_COUNT
name = "${var.VM_HOSTNAME}-${count.index}"
memory = var.VMEM
vcpu = var.VCPU
cloudinit = "${libvirt_cloudinit_disk.cloudinit.id}"
network_interface {
network_id = "${libvirt_network.vm_main_network.id}"
network_name = "${libvirt_network.vm_main_network.name}"
addresses = ["${var.IP_MAIN}"]
}
Additional information:
I’m trying to find a way, which will allows me to reach the new deployed VM from any server on my network (which has a route to the VM physical host) as well to be able to connect any server from inside the VM.
Appreciate any help.
Thanks,
Lavi