hey, neal! thanks for your response, though unfortunately not the solution yet, i am afraid... root@RoX0R /home/aztec # cat /proc/sys/net/ipv4/ip_forward 1 cat says it is in there... i set: net.ipv4.ip_forward=1 in /etc/sysctl.conf without that, I also previously couldn't connect to the debian servers for the missing packets form within the guest. now i only need to figure out the other way around... sorry, i forgot to mention that one parameter... it is a systemd OS now, not sysVinit anymore, unfortunately. On 08/01/2015 05:05 PM, Neal P. Murphy wrote: > > > On Sat, 01 Aug 2015 10:23:56 +0200 > azteca <azteca@xxxxxxxxx> wrote: > >> Good day, Ladies and Gentlemen! >> >> If I might politely ask you, to assist an utter noob to the subject of >> iptables with the following issue: >> >> Currently, I am in the process of setting up a KVM host with several >> virtual machines, each of them has an own public IP. >> That means, that four different IP-addresses are being routed to the >> host's eth0. >> >> What I am trying to achieve, is to let the host have one IP, under which >> it is reachable, and to forward each of the remaining three addresses, >> each with an own DNS record, to one of three according KVM guests via NAT. >> >> What I have accomplished so far, is the following: >> .) The KVM host is reachable per ssh through an enabled net-filter, >> whose INPUT and FORWARD policy are otherwise set to DROP. That the >> net-filter does work properly, is verifiable through /var/log/messages. >> .) The KVM host is able to connect to a DNS Server properly. >> .) The KVM host can send mails via nullmailer. >> .) Also could I set up a KVM guest with Debian 8.1 Linux per >> net-install, meaning, the installation inside the virtual machine was >> able to reach the source mirrors from a minimal start-up CD-image, and >> to download the missing installation packets from there. >> >> What I am failing with, is, to connect to the single first setup KVM >> guest in which ever way. > You may have overlooked: > echo 1 > /proc/sys/net/ipv4/ip_forward > > Without that, your system won't route packets. > -- To unsubscribe from this list: send the line "unsubscribe netfilter" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
