Since the VM uses a NAT setup, all outbound traffic is NATed behind the IP address of the KVM hypervisor. That's why you can reach other hosts on the 10.1.1.0 network; to the other hosts, the traffic appears to originate from 10.1.1.
n (where
n is the address of the hypervisor), which is a local address.
If you try to ping 192.168.1.2 from a host in the 10.1.1.0 network, the host will determine 192.168.1.2 to be a non-local address and forward the request to its default gateway. Unless the gateway happens to be the KVM hypervisor, this will not work unless you alter the routing setup.
Possible solutions:
- Add a route to 192.168.1.2 (or the entire 192.168.1.0/24 network) on every host in the 10.1.1.0/24 network, pointing to the KVM hypervisor as the next-hop router (a lot of work and not recommended)
- Add a route to 192.168.1.0/24 on the current default gateway, pointing to the KVM hypervisor a the next-hop gateway (the "correct" solution)
- Use the KVM hypervisor as the default gateway for the 10.1.1.0/24 network (not very elegant and introduces the hypervisor as a single-point-of-failure)
- Switch to a bridged setup for your VMs, which will place both VMs and physical hosts in the 10.1.1.0/24 network (might have security implications)
With solutions 1-3 you can deactivate NATing of traffic from the VMs altogether.