[libvirt] Routed Networking - Ubuntu Hardy KVM and LibVirt

Barry Robinson brobinson at linseed.com.au
Tue Oct 7 07:03:52 UTC 2008


I have been searching for information on how to configure KVM guest OS' to do simple routing from their associated vnetX address to the host machine's ethernet network subnet (lets say eth0/ I understand that by default the clients are NAT'ed to the Host's adapter. This is a handy feature, but it does not suit the setup I am trying to apply.

Basically, I am trying to do simple routing from the host subnet ( to the client's subnet (, and back again. So I can talk to addresses and they can talk to (routing rule has been added so this is possible). There should be no NAT involved.

The following is about as close as I have come to getting this solution. However, I still need to add in the iptables -A FORWARD -i vnetX -o eth0 -j ACCEPT rule in after the machine is booted. Is it possible to do this as part of the script process, or is there a post-ifup script that can be run?


  <bridge name="virbr%d" />
  <ip address="" netmask="">
      <range start="" end="" />

I have tried using the <forward='routed' /> option (under the bridge name option). This does add the forward rules, but for some reason still applies the MASQUERADE rule to the network. (eg. 0     0 MASQUERADE  all  --  *      * )

libvirtd seems to hide it's firewall rulesets pretty well, cause I can't even find them to manually add/remove rules. Not in any place obvious (that I can find), like /etc.

Any help would be appreciated. Apologies if this topic has been covered... can't find it anywhere using Google.


Linseed Technologies
Open Source IT Solutions
Phone: 0415131452
Email: brobinson at linseed.com.au
Website: http://www.linseed.com.au

More information about the libvir-list mailing list