How to forward ports to your virtual machine?

This article shows you how to forward ports from your public IP address to your internal virtual machine.

The SXL Virtual Data Center emulates a traditional office LAN. You got a router, a LAN and a bunch of servers.

The vRouter is actually a virtual machine running [[http://www.pfsense.org|pfSense]] router software. pfSense is an open source enterprise grade firewall. It can be easily managed by it's own Web UI.

== Login to firewall ==
When you subscribe to our VDC service, you will be given a URL and a set of username and password to login to the firewall (pfsense).

# Open the URL given to you (for example: https://vdc.example.com:10443).
# Accept the self-signed SSL certificate.
# Login with your username and password

# On the first "Dashboard" screen, you will found your WAN and LAN IP addresses.

# pfSense behaves exactly like a common NAT firewall, you need to forward ports from WAN to LAN to allow internet users to access your services.

== Forward http port for web server ==
If you run a web server, you probably want to open port 80 (http) to your web server. Also, you may also want to open port 443 (https) and 22 (ssh) to your server.
# Login to pfSense
# Click Firewall > NAT

# On the Port Forward tab, click the [+] sign to add a new rule.

# Assume the IP address of your internal Web server is 192.168.104.11, then we will create a rule like this:

# Scroll down the page and press [Save]
# Click Apply Changes. Now we have opened the port 80 from outside to your web server.

# On your DNS server, add a record that point www.example.com to the WAN IP address of your router.

# When a user opens your web site (www.example.com), the router will forward his request to your internal web server.
# If you wants to open https (secured http) port, repeat the above steps for port 443

== Forward ssh port for your linux servers ==
Actually, a better way to remotely login to your server is to setup a VPN connection (we will discuss it in another article). But for now, we will just forward a port to your web server.
* //SSH is a dangerous port, so we "translate" it from port 10022 (outside) to the port 22 (inside). //
# Login to pfSense.
# Click Firewall > NAT.
# Click [+] to add a new rule.
# Add a rule like this:

# This rule will forward the port 10022 on the WAN IP to the port 22 on your LAN IP.
# Click [Save] and [Apply Changes]
# Now, you can open Putty and connect to the port 10022 on your WAN IP.

# If you are using Mac or Linux, the command line to connect is:
##ssh root@vdc.example.com -p 10022##

== pfSense Documentation ==
* If you have questions about using pfSense, please feel free to ask us.
* If you want to learn more about pfSense, you can [[http://doc.pfsense.org/|read the documentation]] or [[http://forum.pfsense.org/|ask questions in the forum]].

Permanent link to this article: https://www.sxl.net/how-to-forward-ports-to-your-virtual-machine/