Libvirt by default adds some firewall rules for NAT to work, but it can be a nightmare if you have our own set of NAT/forward rules - conflicts between them are very likely. To avoid this edit /etc/libvirt/qemu/networks/default.xml and set forward mode to "open" (in my case the value here was "nat").
So, the file will look like this:
<network> <name>default</name> <uuid>4dca776c-0ca2-4826-a88a-40fcf596e888</uuid> <forward mode='open'/> <bridge name='virbr0' stp='on' delay='0'/> <mac address='52:54:00:01:22:54'/> <ip address='192.168.122.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.122.2' end='192.168.122.254'/> <host mac='52:54:00:22:33:44' name='guest01' ip='192.168.122.3'/> </dhcp> </ip> </network>
References:
- https://bugzilla.redhat.com/show_bug.cgi?id=846810
- https://serverfault.com/questions/456708/how-do-i-prevent-libvirt-from-adding-iptables-rules-for-guest-nat-networks
0 Responses
Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.
You must be logged in to post a comment.