I'm sorry... is this not the right place to ask this kind of questions? Is there another more user-oriented list or forum? TIA On Tue, Mar 31, 2009 at 16:08, Mariano Absatz <el.baby@xxxxxxxxx> wrote: > Hi, > > I'm new to libvirt but not a complete neophite. > > I'm using libvirt and kvm in ubuntu with "vmbuilder". > > I'm creating a couple of VMs inside a host that is directly connected to > internet with a public routeable address. Since I only have one public > address, I won't use bridging. > > I'm using shorewall (www.shorewall.net) to configure my iptables rules. > > I intend to use DNAT to route specific ports in the host to one or other VM. > > With standard masquerading, I give the VMs access to the outside world. > > At first I used the 'default' network (with a different rfc1918 network)... > everything was kinda working until I rebooted the host... at that point I > lost connectivity between the outside world and the VMs. From inside the > host I had no trouble connecting to the VMs. > > If I restarted shorewall (which actually cleans all iptables rules and > regenerate them according to its configuration) everything works fine. After > sending a report and some debugging in the shorewall mailing list, it was > clear that libvirt was adding rules to iptables. > > After reading a bit (http://libvirt.org/formatnetwork.html#examplesPrivate) > I created a new network called "isolated". I stopped default (and disabled > its autostart), and defined and started isolated. > > This is the content of isolated.xml: > <network> > <name>isolated</name> > <uuid>51cffbcc-88f5-4edc-a81c-1765c1045691</uuid> > <bridge name='virbr%d' stp='on' forwardDelay='0' /> > <ip address='10.3.14.1' netmask='255.255.255.0'> > <dhcp> > <range start='10.3.14.128' end='10.3.14.254' /> > </dhcp> > </ip> > </network> > > I modified my VMs to use isolated rather than default, but rules keep being > added to iptables when libvirt-bin is started. > > Is there a way to convince libvirt not to add these rules? > > Feel free to ask for any data that I didn't send here. > > TIA. -- Mariano Absatz - El Baby www.clueless.com.ar ######################### "An archaeologist is the best husband a woman can have. The older she gets the more intereste... -- Libvir-list mailing list Libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list