'QEMU hostfwd works only for some ports

I compiled qemu-system-x86_64 on aarch64 host, and was able to run a x86_64 guest with a command like

qemu-system-x86_64 -m 4096 -drive file=vmimage.qcow2,if=virtio \
           -boot once=c,menu=on -net nic,model=virtio-net-pci \
           -net user,hostfwd=tcp::8080-:80,hostfwd=tcp::22222-:22

I could ssh into the guest using

ssh -p22222 user@localhost

Meanwhile, port 80 was not forwarded successfully.

For debugging, I used nc to listen to port 80 inside the guest

nc -l 80

Then in the host, I connected to the forwarded port

nc localhost 8080

However, it was unable to connect to guest nc .

I tried the monitor interface. When the host nc command is executed, info usernet shows following:

(qemu) info usernet
Hub 0 (#net162):
  Protocol[State]    FD  Source Address  Port   Dest. Address  Port RecvQ SendQ
  TCP[SYN_SENT]      33       127.0.0.1  8080       10.0.2.15    80     0     0
  TCP[ESTABLISHED]   21       127.0.0.1 22222       10.0.2.15    22     0     0
  TCP[HOST_FORWARD]  12               *  8080       10.0.2.15    80     0     0
  TCP[HOST_FORWARD]  11               * 22222       10.0.2.15    22     0     0
...

I believe the SYN_SENT (FD 33) corresponded to the host nc command, and this matched the HOST_FORWARD line (FD 12). However, it never became ESTABLISHED. And a few seconds later, nc died with Connection reset by peer. , and the FD 33 line disappeared.

If I nc localhost 22222, I can see the OpenSSH banner.

So it seems only port 22 forwarded. Any idea about the cause or how to debug?

Both host and guest had no firewalliptables configured, and SELinux is permissive.

Thanks

Edit:

As a temporary workaround, I configured a second nic, and used port 22 of the new interface for forwarding my service. I also switch to the newer -nic option, but hostfwd still worked for port 22 only.

qemu-system-x86_64 -m 4096 -drive file=vmimage.qcow2,if=virtio \
                   -boot once=c,menu=on \
                   -nic user,model=virtio-net-pci,hostfwd=tcp::60022-:22 \
                   -nic user,model=virtio-net-pci,net=10.0.3.0/24,hostfwd=tcp::8080-10.0.3.15:22

To forward successfully, I also need to

  • Configure sshd to listen to port 22 the first nic only.
  • Configure my service to listen to port 22 of the second nic.
  • Configure the second nic to use a different network. Otherwise, both nics were assigned the same IP (10.0.2.15. I may better hardcode the IP for both nics.)
qemuportforwarding


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

Access localhost from the internet [closed]

Connecting to angular and springboot app from external IP

How to test that my router is forwarding in-bound UDP packets?

192.168.0.1 refused to connect

Can't port forward/port map from Hyper-V VM to Host IP Address via Virtual Switch NAT

How to forward ports from GitPod-container to local machine when using JetBrains Gateway?

LocalTunnel randomly crashes and subdomain no longer works

MongoDB ReplicaSet in K8S -- can't connect via port forward

3 level Port forwarding (Kubernetes Pod -> Docker Container -> Local

Wireguard Client Can't Ping Wireguard Server or Access Resource on WG's LAN

Android avd emulator - how to save "Do you want to save the current state for the next quick boot?" in config.ini file

How to emulate TrustZone in QEMU?

qemu-system-i386: Error loading uncompressed kernel without PVH ELF Note

Run a native X86 binary from inside an ARM chroot

Permission denied for virtual disk