I Googled a little more and found firewalld has created the basic rules on fc19.

Does someone use libvirt with many vms on many external ips with firewalld?

Would you advise to better remove firewalld and work with my own scripts?


On 5 mars 2014 17:14:27 GMT+02:00, Patrick Chemla <patrick.chemla@performance-managers.com> wrote:

I am an experienced libvirt user on Fedora versions from F15 to F17.

I have developped scripts to route trafic from outside on multiple
interfaces/multiples IPs to multiple VMs, and back to affect each VM the
required external IP address.

I have servers with more than hundreds external IPs, and up to 4 VMs,
each of them route trafic on different external IPs.

I have servers with Fedora F17 which work very fine with this.

Now libvirt- comes to Fedora 19 with many iptables default rules
that refrain me to use my scripts.

So I put in /etc/libvirt/hooks /qemu the right rules to get trafic to my
VMs, but I can't set trafic back to external with the right external IP.

The -j SNAT --to-source ot -j MASQUERADE dont work, are ignored, and I
dont see any packet through these rules in iptables -tnat -L POSTROUTING.!

I used tcpdump to trace packet on the physical server on virbr0
interface and on eth0 interface. I see the packets on outgoing route.

But, the ougoing packets are presented to the external interface with
the internal address 10.0.0.x instead of the address specified in the -j
SNAT rule.

Am I the only one in this case?

Somebody could help?


Envoyé de mon téléphone Android avec K-9 Mail. Excusez la brièveté.