On Mon, 10 Sep 2012, Steve Thompson wrote: > On Mon, 10 Sep 2012, Steve Thompson wrote: > >> On Mon, 10 Sep 2012, Dale Dellutri wrote: >> >>> This looks like it should work for Client A, but maybe not for Client B (see >>> below). So maybe it's a firewall problem (iptables chain FORWARD) on the >>> host? > > Let me expand on this. There is no issue with a client on net1 > communicating with a client on net2; the host passes packets from one > subnet to the other as it should. The only issue is when the client is a > virtual machine on the host. For those following along at home, the solution to this turned out to be related to the change in the function of the net.ipv4.conf.default.rp_filter parameter in the CentOS 6 kernels; it had nothing to do with KVM. Changing the value of rp_filter from 1 to 2 resolved all issues. Steve