On 05/01/2012 08:46 AM, Tait Clarridge wrote: > > On Tue, 2012-05-01 at 02:08 -0500, Cbulist wrote: >> On 05/01/2012 02:03 AM, Barry Brimer wrote: >>>> Yes, I thought the same but my confusion is that I don't see any rules of >>>> PREROUTING and POSTROUTING in the /etc/sysconfig/iptables file. >>>> >>>> [root at VS01]# cat /etc/sysconfig/iptables >>>> # Firewall configuration written by system-config-firewall >>>> # Manual customization of this file is not recommended. >>>> *filter >>>> :INPUT ACCEPT [0:0] >>>> :FORWARD ACCEPT [0:0] >>>> :OUTPUT ACCEPT [0:0] >>>> -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT >>>> -A INPUT -p icmp -j ACCEPT >>>> -A INPUT -i lo -j ACCEPT >>>> -A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT >>>> -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT >>>> -A INPUT -m state --state NEW -m udp -p udp --dport 5353 -d 224.0.0.251 -j >>>> ACCEPT >>>> -A INPUT -m state --state NEW -m tcp -p tcp --dport 631 -j ACCEPT >>>> -A INPUT -m state --state NEW -m udp -p udp --dport 631 -j ACCEPT >>>> -A INPUT -j REJECT --reject-with icmp-host-prohibited >>>> -A FORWARD -j REJECT --reject-with icmp-host-prohibited >>>> COMMIT >>>> >>>> >>>> But when I check the command iptables -L -t nat I can see the NAT rules >>>> >>>> [root at VS01]# iptables -L -t nat >>>> Chain PREROUTING (policy ACCEPT) >>>> target prot opt source destination >>>> >>>> Chain POSTROUTING (policy ACCEPT) >>>> target prot opt source destination >>>> MASQUERADE tcp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: >>>> 1024-65535 >>>> MASQUERADE udp -- 192.168.122.0/24 !192.168.122.0/24 masq ports: >>>> 1024-65535 >>>> MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24 >>>> MASQUERADE tcp -- 192.168.100.0/24 !192.168.100.0/24 masq ports: >>>> 1024-65535 >>>> MASQUERADE udp -- 192.168.100.0/24 !192.168.100.0/24 masq ports: >>>> 1024-65535 >>>> MASQUERADE all -- 192.168.100.0/24 !192.168.100.0/24 >>>> >>>> Chain OUTPUT (policy ACCEPT) >>>> target prot opt source destination >>>> >>>> am I missing something? >>> Maybe .. do you have IPv4 forwarding enabled? What is the output of >>> "cat /proc/sys/net/ipv4/ip_forward" ?? If it is 0, then edit >>> /etc/sysctl.conf .. find net.ipv4.ip_forward .. set it to 1 and then run >>> (as root) sysctl -p >>> >> In the Host machine the ip_forward is 1 > If you restart libvirtd it should add in the IPTABLES rules you are > missing. > Hi Tait, Thanks for share your point!...It worked and explained what was happened. For everyone that is looking for more information about it I left this link: http://libvirt.org/firewall.html Thanks again!