[转] IPTables for KVM Host
IPTables for KVM HostJanuary 26, 2012
By Andrew Galdes
Use the following IPTables rules “/etc/sysconfig/iptables” on a Redhat/CentOS system where this system is a KVM host with KVM guests running. It’s a test script which is known to work. KVM guests often have networking troubles through the fault of the host.
First backup your IPTables firewall:
cp /etc/sysconfig/iptables /etc/sysconfig/iptables.backup
Now apply the following to your “/etc/sysconfig/iptables” file:
*nat
:PREROUTING ACCEPT
:POSTROUTING ACCEPT
:OUTPUT ACCEPT
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
COMMIT
*filter
:INPUT ACCEPT
:FORWARD ACCEPT
:OUTPUT ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
COMMIT
Don’t forget to restart the IPTables firewall:
/etc/init.d/iptables restart
- See more at: http://agix.com.au/blog/?p=2743#sthash.k8tvF4bp.dpuf
页:
[1]