You are looking at NAT using IPTables/Firewall to forward the incoming traffic to the Windows OS? If you are looking at just internet access from the Windows Server than using the NAT feature on the KVM should be fine. If you are looking at forwarding internet traffic to your window OS. Check out the following it is an example to forward RDP traffic to the Server in the KVM but you will need to change the network type . dracocybersecurity.com/configure-iptables-port-forwarding-to-nested-guest-vm-in-kvm-default-nat-virtual-bridge-ubuntu-20-04/
I successfully installed win2022 on KVM, the machine works well. Could you share how to configure the network between ubuntu and the virtual machine? I used CyberPanel on Ubuntu for hosting sites The KVM used the same IP address. But I can't set-up the IIS to recognize that public IP. It always connects to Cyberpanel first. How could I run websites on IIS? Do I need another public IP? Thanks
For exposing your IIS to the public internet having a public IP address to bridge to IIS server might be the easiest way to do it or you can use iptables to do port forwarding. however you will need to understand how the various bridge function or DNAT and maybe SNAT depending on your setup to expose the web service. I have not done cyberpanel or even cockpit configuration. I usually do it through the command line for iptables configuration and virt-manager for bridge config.
This is a very special use case, and actually one that I am now needing. How do I expose the ports to the windows ADD that is running inside an Ubuntu KVM? I have tried Socat and this didn't work, the public address on the Linux machine is working fine, I have a QOS to the Ubuntu server, but cannot get the Windows machine inside to be reached from the outside. Any help will be greatly appreciated.
For my lab environment I use iptables. using dnat to forward port 3389 to the internal windows ip address. there are a few configurations you need to do if you know iptables then it is easy. be mindful of opening up RDP directly to the internet as it opens up the server to direct attacks.
You can also check out my post on what the 2 rules might look like. dracocybersecurity.com/how-to-configure-iptables-to-port-forward-rdp-3389-to-windows-machine-in-kvm/ I use the -I XXXX 1 to insert the rule in front to the top of the nat table, but can you just use -A add depending on our config. Do not the rules in IPTABLES are executed top down.
Yes it is possible. you just need to know that it exposes your window server directly to the internet which is not advisable. For testing you can get additional public ip address from the service provider and assign the public ip address to the windows server. In my test environment I use the bridge function to bridge the public ip to my device that I want to assign the public ip. which is usually the firewall, but u can do it for Windows or Linux as well.
Yes it can support RDP, just need to make sure that the firewall allows that. For my lab setup I utilized this windows server as a AD and only allow RDP through local vpn.
Hi this is really helpful for use case at work. This is pretty uncommon setup so I never thought I would find a video on this. Thank you very much!!
Great to hear!
12:10 Completely lose on the port forwarding. How can I do that if using Windows OS?
You are looking at NAT using IPTables/Firewall to forward the incoming traffic to the Windows OS? If you are looking at just internet access from the Windows Server than using the NAT feature on the KVM should be fine. If you are looking at forwarding internet traffic to your window OS. Check out the following it is an example to forward RDP traffic to the Server in the KVM but you will need to change the network type . dracocybersecurity.com/configure-iptables-port-forwarding-to-nested-guest-vm-in-kvm-default-nat-virtual-bridge-ubuntu-20-04/
I successfully installed win2022 on KVM, the machine works well.
Could you share how to configure the network between ubuntu and the virtual machine?
I used CyberPanel on Ubuntu for hosting sites
The KVM used the same IP address. But I can't set-up the IIS to recognize that public IP. It always connects to Cyberpanel first.
How could I run websites on IIS? Do I need another public IP? Thanks
For exposing your IIS to the public internet having a public IP address to bridge to IIS server might be the easiest way to do it or you can use iptables to do port forwarding. however you will need to understand how the various bridge function or DNAT and maybe SNAT depending on your setup to expose the web service. I have not done cyberpanel or even cockpit configuration. I usually do it through the command line for iptables configuration and virt-manager for bridge config.
This is a very special use case, and actually one that I am now needing. How do I expose the ports to the windows ADD that is running inside an Ubuntu KVM? I have tried Socat and this didn't work, the public address on the Linux machine is working fine, I have a QOS to the Ubuntu server, but cannot get the Windows machine inside to be reached from the outside. Any help will be greatly appreciated.
For my lab environment I use iptables. using dnat to forward port 3389 to the internal windows ip address. there are a few configurations you need to do if you know iptables then it is easy. be mindful of opening up RDP directly to the internet as it opens up the server to direct attacks.
You can also check out my post on what the 2 rules might look like. dracocybersecurity.com/how-to-configure-iptables-to-port-forward-rdp-3389-to-windows-machine-in-kvm/
I use the -I XXXX 1 to insert the rule in front to the top of the nat table, but can you just use -A add depending on our config. Do not the rules in IPTABLES are executed top down.
Can I make windows server have a public ip? that is reachable over internet?
Yes it is possible. you just need to know that it exposes your window server directly to the internet which is not advisable. For testing you can get additional public ip address from the service provider and assign the public ip address to the windows server. In my test environment I use the bridge function to bridge the public ip to my device that I want to assign the public ip. which is usually the firewall, but u can do it for Windows or Linux as well.
Can use in remote desktop connection?
Yes it can support RDP, just need to make sure that the firewall allows that. For my lab setup I utilized this windows server as a AD and only allow RDP through local vpn.
walau that accent strong leh ;-D
but a great video! ;-)
haha sorry no slang, but glad it’s useful