[libvirt-users] IPv4 routed virtual networks

Hristo Deshev hristo at deshev.com
Wed Oct 3 20:14:38 UTC 2012

On 10/03/2012 10:08 PM, Gene Czarcinski wrote:
> OK, either I have taken a stupid pill and am missing something basic
> or routed network do not work.
> I assume that, if they did work, it would be in more or less that same
> manner as a nat network as far as ping'ing, ssh'ing, etc. to another
> real host on the same real LAN as the virtualization host. At least
> that is what I believe I should expect.

I use routed networks, but they require some extra work. The docs [1]
say that "This is a variant on the default network which routes traffic
from the virtual network to the LAN _without applying any NAT_. It
requires that the IP address range be _pre-configured in the routing
tables of the router on the host network_." (emphasis mine) The way I
read into this is that you are responsible for routing packets yourself.
The docs say that you have to use IP addresses that are visible by the
host and external machines and configure your routing table, so that it
forwards packets to the VMs. I am not sure how to do that, but I have a
different solution -- I use a pair of IP addresses for each VM: external
(real and configured on the host) and internal. Then I have a SNAT +
DNAT pair of iptables rules that expose the VM to the outside world in a
manner similar to the one used in DMZ setups:

ubuntu at thehost:~$ sudo iptables -t nat -L -n
target     prot opt source               destination        
DNAT       all  --            X.Y.Z.120           to:


target     prot opt source               destination        
SNAT       all  --               to:X.Y.Z.120

I am not sure if anyone else is doing the SNAT/DNAT thing to routed
networks, but it's been working quite nicely for me so far.


[1] http://libvirt.org/formatnetwork.html#examplesRoute
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20121003/b4b34a95/attachment.htm>

More information about the libvirt-users mailing list