iptables & libvirt

To: debian-user@lists.debian.org
Subject: iptables & libvirt
From: Kurt Flex <flxkrt@aol.com>
Date: Sun, 24 Jul 2011 23:15:36 +0200
Message-id: <[🔎] 20110724211536.GA24653@nuts>

Hi,

i've configured a few virtual machines with libvirt-bin. The VMs
live behind a virtual network.

    $ sudo virsh net-dumpxml default
    <network>
      <name>default</name>
      <uuid>0c2cb263-e12b-8bf5-54af-1da612561cc0</uuid>
      <forward mode='nat'/>
      <bridge name='virbr0' stp='on' delay='0' />
      <ip address='192.168.122.1' netmask='255.255.255.0'>
        <dhcp>
          <range start='192.168.122.2' end='192.168.122.128' />
        </dhcp>
      </ip>
    </network>

libvirt maintains some iptable rules to make NAT work. My problem is,
maintaining my own set of additional rules. I'd like to use something
like `ferm', but when I change something in ferm.conf and reload the
rules, the rules of libvirt are deleted.

I've tried:

    $ virsh net-destroy default
    $ firm
    $ virsh net-start default

    But the VMs remain unreachable after the destroy. (I've to restart
    them)

Another approach would be telling virtsh to write iptables rules to
stdout. So one could do:

    $ frim
    $ virtsh iptables-rules | sh

But I haven't found something like that.

Any ideas on how to integrate libvirt with my own set of iptable rules?

Bye,
Kurt

Reply to:

Prev by Date: Re: problem with ISA SB 16
Next by Date: Re: udisks and devices [was cannot mount floppy]
Previous by thread: Re: Wine questions
Next by thread: sound problem with lenny
Index(es):
- Date
- Thread