On 05/01/2012 08:46 AM, Tait Clarridge wrote:
On Tue, 2012-05-01 at 02:08 -0500, Cbulist wrote:
On 05/01/2012 02:03 AM, Barry Brimer wrote:
Yes, I thought the same but my confusion is that I don't see any rules of PREROUTING and POSTROUTING in the /etc/sysconfig/iptables file.
[root@VS01]# cat /etc/sysconfig/iptables # Firewall configuration written by system-config-firewall # Manual customization of this file is not recommended. *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d 224.0.0.251 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 631 -j ACCEPT -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with icmp-host-prohibited COMMIT
But when I check the command iptables -L -t nat I can see the NAT rules
[root@VS01]# iptables -L -t nat Chain PREROUTING (policy ACCEPT) target prot opt source destination
Chain POSTROUTING (policy ACCEPT) target prot opt source destination MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24 MASQUERADE tcp -- 192.168.100.0/24 !192.168.100.0/24 masq ports: 1024-65535 MASQUERADE udp -- 192.168.100.0/24 !192.168.100.0/24 masq ports: 1024-65535 MASQUERADE all -- 192.168.100.0/24 !192.168.100.0/24
Chain OUTPUT (policy ACCEPT) target prot opt source destination
am I missing something?
Maybe .. do you have IPv4 forwarding enabled? What is the output of "cat /proc/sys/net/ipv4/ip_forward" ?? If it is 0, then edit /etc/sysctl.conf .. find net.ipv4.ip_forward .. set it to 1 and then run (as root) sysctl -p
In the Host machine the ip_forward is 1
If you restart libvirtd it should add in the IPTABLES rules you are missing.
Hi Tait,
Thanks for share your point!...It worked and explained what was happened. For everyone that is looking for more information about it I left this link:
http://libvirt.org/firewall.html
Thanks again!