On Wed, Jul 30, 2008 at 03:44:33PM -0400, Bryan Kearney wrote: > > > I think this is the voodoo. > > 1) Add the following lines to /etc/sysconfig/iptables in the OUTPUT > chain of the *filter table: No, no, no no. > --insert FORWARD --destination 192.168.122.0/255.255.255.0 > --out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump > ACCEPT > -A INPUT -j REJECT --reject-with icmp-host-prohibited > -A FORWARD -j REJECT --reject-with icmp-host-prohibited > > 2) Restart iptables Don't do this. > 3) Restart libvirtd Don't do this. > By doing (1), future reboots seem to work. But not doing (3) causes it > to appear not to work. Do any of the virt tools do (1) magically for you? The libvirt default networking capability will automatically setup the correct iptables rules to allow outbound NAT based connectivity for guest VMs. If this wasn't working there are two likely causes: - You run 'service iptables stop' which blew away the rules libvirt added - The 'net.ipv4.ip_forward' sysctl has been reset to 0 For the first problem you can do 'service libvirt reload' and it'll re-create its iptables rules. For the second problem edit /etc/sysctl.conf to make sure its set to '1' and reload the sysctl settings. Daniel -- |: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :| |: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :| -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list