[fedora-virt] F-11 libvirt no longer creating firewall/iptables rules for virtual network?

Dale Bewley dlbewley at lib.ucdavis.edu
Sat Jun 27 16:21:33 UTC 2009 

On Thu, 2009-06-25 at 19:43 +0100, Jonathan Underwood wrote:
> Hi there,
> 
> I've recently installed F-11 and am having a problem with networking
> between the host and guest with the default network configuration -
> specifically that the iptables rules for virbr0 are not being inserted
> by libvirt as they used to be under F-10.
> 
> I am using the default configuration of the firewall as shipped with
> F-11. The guest instance is a windowsXP image created under F-10 - I
> simply recreated the cconfig files by "creating" a new guest under
> virt-manager and pointing it to the disk image file. The guest boots
> up fine, but no networking. The output of iptables -L doesn't contain
> any reference to virbr0 or vnet0 (the latter automatically created
> when starting the guest OS) - I have confirmed virbr0 and vnet0 are
> present using ifconfig.. In case it's relevant this machine is using
> NetworkManager and has a single wired ethernet adapter configured with
> a static IP.
> 
> Any suggestions on how I can debug further ?

# iptables --line-numbers -L -v -n

# chkconfig libvirtd --list

# virsh net-list --all
Name                 State      Autostart
-----------------------------------------
default              active     yes       

# virsh net-destroy default

# virsh net-start default

# virsh help |grep net
    attach-interface attach network interface
    detach-interface detach network interface
    domifstat       get network interface stats for a domain
    net-autostart   autostart a network
    net-create      create a network from an XML file
    net-define      define (but don't start) a network from an XML file
    net-destroy     destroy a network
    net-dumpxml     network information in XML
    net-edit        edit XML configuration for a network
    net-list        list networks
    net-name        convert a network UUID to network name
    net-start       start a (previously defined) inactive network
    net-undefine    undefine an inactive network
    net-uuid        convert a network name to network UUID

The rules that should be inserted are found
in /var/lib/libvirt/iptables.

More information about the Fedora-virt mailing list