[libvirt-users] fedora 19 + libvirt-1.0.5.9 routing problems

Wed Mar 5 15:48:50 UTC 2014

Hi,

I Googled a little more and found firewalld has created the basic rules on fc19.

Does someone use libvirt with many vms on many external ips with firewalld?

Would you advise to better remove firewalld and work with my own scripts?

Thanks
Patrick

On 5 mars 2014 17:14:27 GMT+02:00, Patrick Chemla <patrick.chemla at performance-managers.com> wrote:
>Hi,
>
>I am an experienced libvirt user on Fedora versions from F15 to F17.
>
>I have developped scripts to route trafic from outside on multiple 
>interfaces/multiples IPs to multiple VMs, and back to affect each VM
>the 
>required external IP address.
>
>I have servers with more than hundreds external IPs, and up to 4 VMs, 
>each of them route trafic on different external IPs.
>
>I have servers with Fedora F17 which work very fine with this.
>
>Now libvirt-1.0.5.9 comes to Fedora 19 with many iptables default rules
> 
>that refrain me to use my scripts.
>
>So I put in /etc/libvirt/hooks /qemu the right rules to get trafic to
>my 
>VMs, but I can't set trafic back to external with the right external
>IP.
>
>The -j SNAT --to-source ot -j MASQUERADE dont work, are ignored, and I 
>dont see any packet through these rules in iptables -tnat -L
>POSTROUTING.
>
>I used tcpdump to trace packet on the physical server on virbr0 
>interface and on eth0 interface. I see the packets on outgoing route.
>
>But, the ougoing packets are presented to the external interface with 
>the internal address 10.0.0.x instead of the address specified in the
>-j 
>SNAT rule.
>
>
>Am I the only one in this case?
>
>Somebody could help?
>
>Thanks
>Patrick

-- 
Envoyé de mon téléphone Android avec K-9 Mail. Excusez la brièveté.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20140305/5e2fbdb7/attachment.htm>