LinuxQuestions.org
Help answer threads with 0 replies.
Home Forums Tutorials Articles Register
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Virtualization and Cloud
Reload this Page Problem with libvirt and iptables on a CentOS 6 KVM physical host
User Name
Password
Linux - Virtualization and Cloud This forum is for the discussion of all topics relating to Linux Virtualization and Linux Cloud platforms. Xen, KVM, OpenVZ, VirtualBox, VMware, Linux-VServer and all other Linux Virtualization platforms are welcome. OpenStack, CloudStack, ownCloud, Cloud Foundry, Eucalyptus, Nimbus, OpenNebula and all other Linux Cloud platforms are welcome. Note that questions relating solely to non-Linux OS's should be asked in the General forum.

Notices


Reply
  Search this Thread
Old 10-01-2012, 12:38 PM   #1
philx66
LQ Newbie
 
Registered: Aug 2009
Posts: 4

Rep: Reputation: 0
Problem with libvirt and iptables on a CentOS 6 KVM physical host

I have set up the virtual lab environment as per Michael Jang's RHCSA/RHCE guide on a CentOS 6.3 system.

'default' virtual network 192.168.122.0/24
'outsider' virtual network 192.168.100.0/24

I can ping from 'default' network to 'outsider' network but not the other way round.

The issue is that libvirtd automatically adds rules to the FORWARD chain within iptables on the physical host, but these rules actually prevent proper connectivity between the virtual networks.

Here is the FORWARD chain after a service libvirtd restart.

Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
ACCEPT all -- anywhere 192.168.100.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.100.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited


Deleting all the REJECT rules apart from the last one restored the desired connectivity. See below.


Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere 192.168.100.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.100.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-host-prohibited

I saved this to /etc/sysconfig/iptables and the following line was added to /etc/rc.local

/sbin/service iptables restart

This ensures everything is okay after a reboot of the physical host, but whenever libvirtd is restarted, iptables also has to be restarted to overwrite what libvirtd just added.

Question:

How can I configure libvirtd to automatically generate FORWARD rules that allow connectivity between the two virtual networks?

philx66
 
Old 10-03-2012, 05:18 AM   #2
cultavix
Member
 
Registered: Feb 2004
Location: England
Distribution: RedHat
Posts: 39

Rep: Reputation: 15
Hello,

I am keeping an eye on your post as I have just posted my own problem which seems to be very similar.

http://www.linuxquestions.org/questi...em-4175430246/

I will post a reply if I figure anything out!
 
  


Reply



Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Physical host of KVM VMs with bonded interface - bridging necessary? slimjim Linux - Virtualization and Cloud 1 06-13-2012 03:08 PM
LXer: How To Install KVM And libvirt On CentOS 6.2 With Bridged Networking LXer Syndicated Linux News 0 03-02-2012 02:20 PM
CentOS 6 libvirt KVM Live Snapshot is Slow bjl Linux - Virtualization and Cloud 7 11-03-2011 01:43 PM
Can't create new kvm using libvirt in freshly installed Centos 6 priyana Linux - Virtualization and Cloud 2 09-16-2011 01:13 AM
LXer: Set up Ubuntu 11.04 KVM to run is spice session on Fedora 14 KVM Server ( Libvirt Preview Env) LXer Syndicated Linux News 0 03-20-2011 12:00 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Virtualization and Cloud

All times are GMT -5. The time now is 11:05 AM.

Contact Us - Advertising Info - Rules - Privacy - LQ Merchandise - Donations - Contributing Member - LQ Sitemap -
Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration