libvirtd and public access to guests
Pavel Lisy
pali at tmapy.cz
Thu Oct 8 10:02:01 UTC 2009
Hello
I've started playing with libvirt and I have question?
What is proper way to make guest accessible from net.
I have mode=nat /var/lib/libvirt/network/default.xml.
libvirtd makes this rules in FORWARD chain
-A FORWARD -d 192.168.231.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.231.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
If I add
iptables -I FORWARD -i eth0 -o virbr0 -j ACCEPT
guests are accessible
My question is:
Is is possible write this somewhere to configuration?
I've tried to put it in /etc/sysconfig/iptables but it libvirtd put his
rules before mine.
I've found two directories
/var/lib/libvirt/iptables/filter
/var/lib/libvirt/iptables/nat
I suppose I can write my rules here but I haven't find any docs about
format. Can somebody help me with it?
Pavel
More information about the fedora-list
mailing list