libvirtd and public access to guests

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hello

I've started playing with libvirt and I have question?

What is proper way to make guest accessible from net. 

I have mode=nat /var/lib/libvirt/network/default.xml. 

libvirtd makes this rules in FORWARD chain

-A FORWARD -d 192.168.231.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT 
-A FORWARD -s 192.168.231.0/24 -i virbr0 -j ACCEPT 
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT 
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable 
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable 
-A FORWARD -j REJECT --reject-with icmp-host-prohibited 

If I add 
iptables -I FORWARD -i eth0 -o virbr0 -j ACCEPT
guests are accessible

My question is:
Is is possible write this somewhere to configuration? 

I've tried to put it in /etc/sysconfig/iptables but it libvirtd put his
rules before mine.


I've found two directories
/var/lib/libvirt/iptables/filter
/var/lib/libvirt/iptables/nat

I suppose I can write my rules here but I haven't find any docs about
format. Can somebody help me with it?

Pavel

-- 
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines

[Index of Archives]     [Current Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [Yosemite Photos]     [KDE Users]     [Fedora Tools]     [Fedora Docs]

  Powered by Linux