search for: prerouting_direct

...ugh about that ever. Thanks a lot! Best Sam On 29.12.18 06:51, Yalan Zhang wrote: > Hi Sam, > > You can find the rules by below command, and it looks as below: > # ebtables -t nat --list > Bridge table: nat > > Bridge chain: PREROUTING, entries: 2, policy: ACCEPT > -j PREROUTING_direct > -i vnet0 -j libvirt-I-vnet0 > > Bridge chain: OUTPUT, entries: 1, policy: ACCEPT > -j OUTPUT_direct > > Bridge chain: POSTROUTING, entries: 2, policy: ACCEPT > -j POSTROUTING_direct > -o vnet0 -j libvirt-O-vnet0 > > Bridge chain: PREROUTING_direct, entries: 0, pol...

Hello, I'm recently stumbled over the libvirt network filter capabilities and got pretty excited. Unfortunately I'm not able to get the the "clean-traffic" filterset working. I'm using a freshly installed Debian Stretch with libvirt, qemu and KVM. My config snippet looks as follows: sudo virsh edit <VM> [...] <interface type='bridge'> <mac

Hi Sam, You can find the rules by below command, and it looks as below: # ebtables -t nat --list Bridge table: nat Bridge chain: PREROUTING, entries: 2, policy: ACCEPT -j PREROUTING_direct -i vnet0 -j libvirt-I-vnet0 Bridge chain: OUTPUT, entries: 1, policy: ACCEPT -j OUTPUT_direct Bridge chain: POSTROUTING, entries: 2, policy: ACCEPT -j POSTROUTING_direct -o vnet0 -j libvirt-O-vnet0 Bridge chain: PREROUTING_direct, entries: 0, policy: RETURN Bridge chain: POSTROUTING_direct, ent...

...-8"?> <direct> <rule priority="0" table="nat" ipv="ipv4" chain="POSTROUTING_direct">-s 192.168.1.5 -o eth0 -j SNAT --to 153.153.xxx.xxx</rule> <rule priority="0" table="nat" ipv="ipv4" chain="PREROUTING_direct">-s 153.153.xxx.xxx -o eth0 -j DNAT --to 192.168.1.5</rule> </direct> # firewall-cmd --zone=external --list-all external (active) interfaces: eth0 sources: services: dns ftp http https imaps pop3s smtp ssh ports: 110/tcp 21/tcp 106/tcp 53/tcp 990/tcp 5432/tcp 8447/tcp 1...