[CentOS] KVM/NAT help requested

Fri Feb 21 19:55:17 UTC 2014
david <david at daku.org>

Dear Linux Gurus

I'm having problems with KVM and networking.  My guest cannot use NAT 
through the host's connection.  This is what I've done:

I installed a new version of Centos 6.5 on the hardware.  Starting 
with a Net-Install, I selected the Virtual Hosting, and later added 
"Desktop".  I ran "yum update" with some reboots until nothing needed updating.

The host networking is IPV4 only, using DHCP.  (A different box on my 
home network provides DHCP and is a gateway to the internet.  I have 
a reservation in that DHCP so that the host always gets a known IP address)

Using a Gnome desktop, as a non-root user, I installed Windows 7 Pro 
from an image of an ISO I had copied onto the host.  In the 
"Networking" configuration, I chose "DEFAULT".  The documentation of 
KVM seems to imply that it should give me a NAT'ted interface to my 
host's connection (I wasn't worried about performance at this point).

When the installation was complete, Windows tries to configure the 
network.  Running the Windows command line "IPCONFIG" program, the 
Windows guest program does get an IP address from the host 
(192.168.122.xxx), but the guest cannot communicate to the outside 
world.  I can ping the host, but nothing else.

Is there some other magic sauce, perhaps in the IPTABLES of the host, 
that will allow the guest to use the internet?  I'm baffled.

On the KVM host, this is the result of  "iptables -L"

--------------------------------------

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state 
NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere 
reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24    state 
RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere 
reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere 
reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere 
reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

-------------------------------------

Thanks for your help.

David