Hi, I'm new to libvirt but not a complete neophite. I'm using libvirt and kvm in ubuntu with "vmbuilder". I'm creating a couple of VMs inside a host that is directly connected to internet with a public routeable address. Since I only have one public address, I won't use bridging. I'm using shorewall (www.shorewall.net) to configure my iptables rules. I intend to use DNAT to route specific ports in the host to one or other VM. With standard masquerading, I give the VMs access to the outside world. At first I used the 'default' network (with a different rfc1918 network)... everything was kinda working until I rebooted the host... at that point I lost connectivity between the outside world and the VMs. From inside the host I had no trouble connecting to the VMs. If I restarted shorewall (which actually cleans all iptables rules and regenerate them according to its configuration) everything works fine. After sending a report and some debugging in the shorewall mailing list, it was clear that libvirt was adding rules to iptables. After reading a bit (http://libvirt.org/formatnetwork.html#examplesPrivate) I created a new network called "isolated". I stopped default (and disabled its autostart), and defined and started isolated. This is the content of isolated.xml: <network> <name>isolated</name> <uuid>51cffbcc-88f5-4edc-a81c-1765c1045691</uuid> <bridge name='virbr%d' stp='on' forwardDelay='0' /> <ip address='10.3.14.1' netmask='255.255.255.0'> <dhcp> <range start='10.3.14.128' end='10.3.14.254' /> </dhcp> </ip> </network> I modified my VMs to use isolated rather than default, but rules keep being added to iptables when libvirt-bin is started. Is there a way to convince libvirt not to add these rules? Feel free to ask for any data that I didn't send here. TIA. -- Mariano Absatz - "El Baby" el.baby@gmail.com www.clueless.com.ar -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- An expert is a person who has made all the mistakes that can be made in a very narrow field. Niels Bohr Danish physicist (1885 - 1962) -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- * TagZilla 0.066 * http://tagzilla.mozdev.org