From mboxrd@z Thu Jan  1 00:00:00 1970
From: carlopmart <carlopmart@gmail.com>
Subject: Writting iptables rules to accept inbound connections to kvm guests
Date: Wed, 16 Sep 2009 12:18:54 +0200
Message-ID: <4AB0BB8E.8010701@gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
To: kvm@vger.kernel.org
Return-path: <kvm-owner@vger.kernel.org>
Received: from fg-out-1718.google.com ([72.14.220.159]:27322 "EHLO
	fg-out-1718.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org
	with ESMTP id S1751315AbZIPKTB (ORCPT <rfc822;kvm@vger.kernel.org>);
	Wed, 16 Sep 2009 06:19:01 -0400
Received: by fg-out-1718.google.com with SMTP id 22so1128918fge.1
        for <kvm@vger.kernel.org>; Wed, 16 Sep 2009 03:19:03 -0700 (PDT)
Sender: kvm-owner@vger.kernel.org
List-ID: <kvm.vger.kernel.org>

Hi all,

  I have installed a CentOS 5.3 x86_64 server with kvm and libvirt to do 
some tests for future virtualized deployments.

My environment:

eth0 --> 172.25.50.1/24 ("public" host ip)
virbr0 ---> 192.168.122.1/24 (natted interface installed by libvirt)
virbr1 ---> 172.26.50.0/24 (isolated internal virtualized network, 
whithout physical interface binded)

  Between 192.168.122.0/24 network and 172.26.50.0/24 network I have 
installed a virtual firewall. So to reach 172.26.50.0/24 network, all 
connections needs to go to 192.168.122.0/24 network.

  I need to insert some iptables rules to allow access to some services 
installed on 172.26.50.0/24 network like smtp,http,ftp, etc.

  How can I configure libvirt to forward and nat these services coming 
from 172.25.50.0/24 network to a specific IP under 192.168.122.0/24 
network?? Or do I need to use /etc/sysconfig/iptables configuration and 
disable libvirt's iptables rules ?? Some examples, please??.

many thanks.

-- 
CL Martinez
carlopmart {at} gmail {d0t} com