On 04/28/2011 09:15 AM, Ireneusz Szcześniak wrote:
Hi,
I'm using CentOS release 5.6 (Final) and Xen 3.1. I'm writing to ask
how to configure port forwarding. With virt-manager 0.6.1 I added the
machines, but there I don't see an option for port forwarding.
I would like to reach the VM on a specific port of the host machine.
Once the machinces are running, I can configure iptables so that the
port forwarding works, but after host reboots, other rules are
inserted (put in front of my rules), which disable my rules. I guess
these rules are put by libvirt, and so I'm writing to this list.
Yes, these rules are put in by libvirt.
The iptables rules added by libvirt for virtual networks are intended to
fulfill the needs of 95% of users, but are not configurable. To do what
you want, you'll either need to construct your own bridge (rather than
relying on libvirt) and do all the iptables and routing config outside
of libvirt, or you may be able to use libvirt execution hooks to add the
rules at the appropriate time. See:
http://www.libvirt.org/hooks.html
for details on libvirt hook scripts.
These are the rules inserted:
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 anywhere
ACCEPT all -- anywhere anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
I need to have a different rules for 192.168.122.0/24: the states
RELATED,ESTABLISHED are fine, but I need the NEW state put there too,
so that the new forwards can go through.
Thanks,
Irek