[libvirt-users] Networking with qemu/kvm+libvirt

[Andre Goree]

I have some questions regarding the way that networking is handled via 
qemu/kvm+libvirt -- my apologies in advance if this is not the proper 
mailing list for such a question.


I am trying to determine how exactly I can manipulate traffic from 
a _guest's_ NIC using iptables on the _host_.  On the host, there is a 
bridged virtual NIC that corresponds to the guest's NIC.  That interface 
does not have an IP setup on it on the host, however within the vm 
itself the IP is configured and everything works as expected.

During my testing, I've seemingly determined that traffic from the vm 
does NOT traverse iptables on the host, but I _can_ in fact see the 
traffic via tcpdump on the host.  This seems odd to me, unless the 
traffic is passed on during interaction with the kernel, and thus never 
actually reaches iptables.  I've gone as far as trying to log via 
iptables any and all traffic traversing the guest's interface on the 
host, but to no avail (iptables does not see any traffic from the 
guest's NIC on the host).

Is this the way it's supposed to work?  And if so, is there any way I 
can do IP/port redirection silently on the _host_?

Thanks in advance for any insight that anyone can share :)



-- 
Andre Goree
-=-=-=-=-=-
Email     - andre at drenet.net
Website   - http://www.drenet.net
PGP key   - http://www.drenet.net/pubkey.txt
-=-=-=-=-=-