<html><head></head><body><div>On Tue, 2015-06-02 at 20:04 -0400, Narahari 'n' Savitha wrote:</div><blockquote type="cite"><div>I setup KVM and have created two VM's. I also setup the NAT way of connecting (uffffff)</div><div><br></div><div>Now I have some confusion.</div><div><br></div><div>On the host, I can do </div><div><br></div><div>ssh <a href="mailto:user@192.168.100.101">user@192.168.100.101</a></div><div><br></div><div>It connects.</div><div><br></div><div>I also do </div><div><br></div><div>ssh <a href="mailto:user@192.168.100.102">user@192.168.100.102</a><br></div><div><br></div><div>It connects</div><div><br></div><div><br></div><div>As you can see both connect on port 22, How is that possible ? should I have to do some kind of port forwarding ? How does KVM allow both VM's to run on port 22 ?</div></blockquote><div><br></div><div>It'd seem that you're using a host-local network, with NAT in addition to that. This is why you need not have port forwarding enabled: your computer is using a bridged device and on that device, only the virtual machines are attached. Since your Ethernet or WiFi hardware isn't attached to the bridge, the segments are not joined. This means that the only way that packets can be made to travel between your Ethernet/WiFi and the guests would be if you were to employ NAT (allowing masquerading to occur when that network wants to send packets which have to be routed to the next hop) or to employ routing (establishing a route to the VM network segment through the bridge device, which can be done automatically by adding an address with the appropriate subnet mask to the bridge device).</div><div><br></div><div>With host-local+NAT, you have effectively a limited form of both: when a connection from within the VM wants to talk to the "outside" world (outside being anything starting at your "real" network hardware or beyond), packets NAT'd and therefore rewritten. Your <b>local</b> system has a route to the subnetwork, but that route is not known to the network to which you're attached (the Ethernet or WiFi network). Therefore, <b>you</b> can reach it, but peers on your local network segment cannot. (This also means that if the VMs wanted to talk to other peers on your segment, it <i>could do so</i>, but those communications would appear to the LAN to be originating from your host's IP on an ephemeral port.)</div><div><br></div><div><span class="Apple-tab-span" style="white-space:pre"> </span>— Mike</div><div><br></div></body></html>