[libvirt-users] port forwarding

Laine Stump laine at laine.org
Thu Apr 28 14:41:11 UTC 2011


On 04/28/2011 09:15 AM, Ireneusz Szcześniak wrote:
> Hi,
>
> I'm using CentOS release 5.6 (Final) and Xen 3.1. I'm writing to ask 
> how to configure port forwarding. With virt-manager 0.6.1 I added the 
> machines, but there I don't see an option for port forwarding.
>
> I would like to reach the VM on a specific port of the host machine. 
> Once the machinces are running, I can configure iptables so that the 
> port forwarding works, but after host reboots, other rules are 
> inserted (put in front of my rules), which disable my rules. I guess 
> these rules are put by libvirt, and so I'm writing to this list.

Yes, these rules are put in by libvirt.

The iptables rules added by libvirt for virtual networks are intended to 
fulfill the needs of 95% of users, but are not configurable. To do what 
you want, you'll either need to construct your own bridge (rather than 
relying on libvirt) and do all the iptables and routing config outside 
of libvirt, or you may be able to use libvirt execution hooks to add the 
rules at the appropriate time. See: http://www.libvirt.org/hooks.html 
for details on libvirt hook scripts.

>
> These are the rules inserted:
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
> ACCEPT all -- 192.168.122.0/24 anywhere
> ACCEPT all -- anywhere anywhere
> REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
> REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
>
> I need to have a different rules for 192.168.122.0/24: the states 
> RELATED,ESTABLISHED are fine, but I need the NEW state put there too, 
> so that the new forwards can go through.
>
>
> Thanks,
> Irek
>




More information about the libvirt-users mailing list