Gday, I have been searching for information on how to configure KVM guest OS' to do simple routing from their associated vnetX address to the host machine's ethernet network subnet (lets say eth0/192.168.0.0/24). I understand that by default the clients are NAT'ed to the Host's adapter. This is a handy feature, but it does not suit the setup I am trying to apply. Basically, I am trying to do simple routing from the host subnet (192.168.0.0/24) to the client's subnet (192.168.17.0/24), and back again. So I can talk to 192.168.0.0/24 addresses and they can talk to 192.168.17.0/24 (routing rule has been added so this is possible). There should be no NAT involved. The following is about as close as I have come to getting this solution. However, I still need to add in the iptables -A FORWARD -i vnetX -o eth0 -j ACCEPT rule in after the machine is booted. Is it possible to do this as part of the script process, or is there a post-ifup script that can be run? /etc/libvirt/qemu/network/routed-net.xml: <network> <name>routed-net</name> <uuid></uuid> <bridge name="virbr%d" /> <ip address="192.168.32.1" netmask="255.255.255.0"> <dhcp> <range start="192.168.32.33" end="192.168.32.63" /> </dhcp> </ip> </network> I have tried using the <forward='routed' /> option (under the bridge name option). This does add the forward rules, but for some reason still applies the MASQUERADE rule to the 192.168.17.0/24 network. (eg. 0 0 MASQUERADE all -- * * 192.168.32.0/24 0.0.0.0/0 ) libvirtd seems to hide it's firewall rulesets pretty well, cause I can't even find them to manually add/remove rules. Not in any place obvious (that I can find), like /etc. Any help would be appreciated. Apologies if this topic has been covered... can't find it anywhere using Google. Cheers, Barry Linseed Technologies Open Source IT Solutions Phone: 0415131452 Email: brobinson(a)linseed.com.au Website: http://www.linseed.com.au