On 04/28/2011 09:15 AM, Ireneusz Szcze?niak wrote:> Hi,
>
> I'm using CentOS release 5.6 (Final) and Xen 3.1. I'm writing to
ask
> how to configure port forwarding. With virt-manager 0.6.1 I added the
> machines, but there I don't see an option for port forwarding.
>
> I would like to reach the VM on a specific port of the host machine.
> Once the machinces are running, I can configure iptables so that the
> port forwarding works, but after host reboots, other rules are
> inserted (put in front of my rules), which disable my rules. I guess
> these rules are put by libvirt, and so I'm writing to this list.
Yes, these rules are put in by libvirt.
The iptables rules added by libvirt for virtual networks are intended to
fulfill the needs of 95% of users, but are not configurable. To do what
you want, you'll either need to construct your own bridge (rather than
relying on libvirt) and do all the iptables and routing config outside
of libvirt, or you may be able to use libvirt execution hooks to add the
rules at the appropriate time. See: http://www.libvirt.org/hooks.html
for details on libvirt hook scripts.
>
> These are the rules inserted:
>
> Chain FORWARD (policy ACCEPT)
> target prot opt source destination
> ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
> ACCEPT all -- 192.168.122.0/24 anywhere
> ACCEPT all -- anywhere anywhere
> REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
> REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
>
> I need to have a different rules for 192.168.122.0/24: the states
> RELATED,ESTABLISHED are fine, but I need the NEW state put there too,
> so that the new forwards can go through.
>
>
> Thanks,
> Irek
>