I have two networks, an internal network 10.1.1.0 and a VM network 192.168.1.0. I have a single VM host in the VMnetwork 192.168.1.2, the network card is setup for nat and it can ping all the ip addresses in the internal network. The VM is located on a physical server (RHEL7.2 ;10.1.1.99) and I can ping the 192.168.1.2 vm from that host. However every other host in the 10.1.1.0 network cannot ping the VM (192.168.1.2).

I assume it has to do with routing. I am guessing I'll have to add something to the routing tables so that instead of going to the internal default gateway (10.1.1.1) but to 10.1.1.99 so that it can get to the VM. Am I correct? What do I need to change/add.

Thanks in advance.

Since the VM uses a NAT setup, all outbound traffic is NATed behind the IP address of the KVM hypervisor. That's why you can reach other hosts on the 10.1.1.0 network; to the other hosts, the traffic appears to originate from 10.1.1.n (where n is the address of the hypervisor), which is a local address.

If you try to ping 192.168.1.2 from a host in the 10.1.1.0 network, the host will determine 192.168.1.2 to be a non-local address and forward the request to its default gateway. Unless the gateway happens to be the KVM hypervisor, this will not work unless you alter the routing setup.

Possible solutions:

1. Add a route to 192.168.1.2 (or the entire 192.168.1.0/24 network) on every host in the 10.1.1.0/24 network, pointing to the KVM hypervisor as the next-hop router (a lot of work and not recommended)
2. Add a route to 192.168.1.0/24 on the current default gateway, pointing to the KVM hypervisor a the next-hop gateway (the "correct" solution)
3. Use the KVM hypervisor as the default gateway for the 10.1.1.0/24 network (not very elegant and introduces the hypervisor as a single-point-of-failure)
4. Switch to a bridged setup for your VMs, which will place both VMs and physical hosts in the 10.1.1.0/24 network (might have security implications)

With solutions 1-3 you can deactivate NATing of traffic from the VMs altogether.