On Fri, Jul 05, 2019 at 07:26:41PM +0300, Nikolai Zhubr wrote: > Hi Daniel and Laine, > > [...] > > > -A POSTROUTING -o br0 -j MASQUERADE > > > -A POSTROUTING -o enp0s25 -j MASQUERADE > > > -A POSTROUTING -o virbr2_nic -j MASQUERADE > > > -A POSTROUTING -o vnet0 -j MASQUERADE > > > > *None* of those rules were added by libvirt (unless your build of > [...] > > You can verify my "counter-claim" by running "virsh net-destroy" for all > > of your libvirt networks, and seeing that the offending rules haven't > > been removed. > > > > In short, you need to look elsewhere for the culprit. > > Yes, found it. You were both right, essentially. > The offending rules were added by a firewall in response to new interfaces > created by libvirt dynamically, due to some dubious relict settings left in > the firewall. (Silly me.) > > So this it not an issue of libvirt indeed! > > Tons of thanks for the quick and precise hit! No worries, thanks for confirming the root cause you found too. Regards, Daniel -- |: https://berrange.com -o- https://www.flickr.com/photos/dberrange :| |: https://libvirt.org -o- https://fstop138.berrange.com :| |: https://entangle-photo.org -o- https://www.instagram.com/dberrange :| _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users
