[libvirt-users] port forwarding
Whit Blauvelt
whit.virt at transpect.com
Thu Apr 28 14:56:46 UTC 2011
On Thu, Apr 28, 2011 at 10:41:11AM -0400, Laine Stump wrote:
> On 04/28/2011 09:15 AM, Ireneusz Szcześniak wrote:
> >I would like to reach the VM on a specific port of the host
> >machine. Once the machinces are running, I can configure iptables
> >so that the port forwarding works, but after host reboots, other
> >rules are inserted (put in front of my rules), which disable my
> >rules. I guess these rules are put by libvirt, and so I'm writing
> >to this list.
>
> Yes, these rules are put in by libvirt.
>
> The iptables rules added by libvirt for virtual networks are
> intended to fulfill the needs of 95% of users, but are not
> configurable. To do what you want, you'll either need to construct
> your own bridge (rather than relying on libvirt) and do all the
> iptables and routing config outside of libvirt, or you may be able
> to use libvirt execution hooks to add the rules at the appropriate
> time. See: http://www.libvirt.org/hooks.html for details on libvirt
> hook scripts.
> >ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
If all you need to do is change that one rule to "NEW,RELATED,ESTABLISHED"
iptables has an option to replace a rule. Sorry I don't have the syntax at
my fingertips, but it should be simple enough to modify the rule on system
startup after libvirt has built the initial ruleset, perhaps in rc.local.
Whit
More information about the libvirt-users
mailing list