D
D
Drno2019-10-15 17:38:02
KVM
Drno, 2019-10-15 17:38:02

Set up NAT KVM?

Good day.
We have Cenots 7 latest version, fully updated.
Selinux and firewalld are disabled.
Net_forwarding is registered in sysctl
Installed qemu-kvm and virt-manager for it (it is done through vnc machine, so it is necessary)
NAT does not work in any way. Tried to create a new bridge - the situation does not change.
Everything was done according to the instructions, on which, with version 7.3 of cenots 7, several months ago everything worked. this is not the first time this has happened, and it's not the first year with Linux .. but I can't catch up. Have there
been any changes with new releases? iptables -L -n -v
output

Chain INPUT (policy ACCEPT 37278 packets, 3285K bytes)
 pkts bytes target     prot opt in     out     source               destination
  247 15940 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
   14  4805 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
 1382 70360 ACCEPT     all  --  virbr0 *       192.168.122.0/24     0.0.0.0/0
    0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0
    0     0 REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     all  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 41331 packets, 18M bytes)
 pkts bytes target     prot opt in     out     source               destination
   14  4748 ACCEPT     udp  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            udp dpt:68

Answer the question

In order to leave comments, you need to log in

1 answer(s)
M
Michael, 2019-10-15
@MikeDeblin

iptables -vnL -t nat see if there is a rule with the word MASQUERADE:
if not, in the simplest case
iptables -t nat -A POSTROUTING -j MASQUERADE
well, check
sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question