Hi,

I Googled a little more and found firewalld has created the basic rules on fc19.

Does someone use libvirt with many vms on many external ips with firewalld?

Would you advise to better remove firewalld and work with my own scripts?

Thanks
Patrick

On 5 mars 2014 17:14:27 GMT+02:00, Patrick Chemla <patrick.chemla@performance-managers.com> wrote:
Hi,

I am an experienced libvirt user on Fedora versions from F15 to F17.

I have developped scripts to route trafic from outside on multiple 
interfaces/multiples IPs to multiple VMs, and back to affect each VM the 
required external IP address.

I have servers with more than hundreds external IPs, and up to 4 VMs, 
each of them route trafic on different external IPs.

I have servers with Fedora F17 which work very fine with this.

Now libvirt-1.0.5.9 comes to Fedora 19 with many iptables default rules  
that refrain me to use my scripts.

So I put in /etc/libvirt/hooks /qemu the right rules to get trafic to my 
VMs, but I can't set trafic back to external with the right external IP.

The -j SNAT --to-source ot -j MASQUERADE dont work, are ignored, and I 
dont see any packet through these rules in iptables -tnat -L POSTROUTING.!
 

I used tcpdump to trace packet on the physical server on virbr0 
interface and on eth0 interface. I see the packets on outgoing route.

But, the ougoing packets are presented to the external interface with 
the internal address 10.0.0.x instead of the address specified in the -j 
SNAT rule.


Am I the only one in this case?

Somebody could help?

Thanks
Patrick


--
Envoyé de mon téléphone Android avec K-9 Mail. Excusez la brièveté.