Hi, I've configured a couple of virtual machines using libvirt with kvm-qemu. They're using tun devices (routed, not bridged).
Now I want to access some ports of these VMs from the outer world. I set up DNAT rules, restarted shorewall and everything went fine (I even have rules to access the VMs ssh servers from non-standard ports on the host public interface). After having everything set-up I rebooted and couldn't access the VMs from outside anymore... Checking "iptables -L -v" output I could see the DNAT rules being hit, but the corresponding ACCEPT rules were never hit. After a LOT of guessing and trying without any success, I simply restarted shorewall and everything was nice again... Now I think (I'm pretty sure, actually) that the problem is that shorewall is starting earlier than libvirt-bin and I suppose that since the tun devices used by qemu don't exist yet, then the rules are not generated correctly. I don't think I want to delay shorewall's startup... I want it up ASAP when I'm booting... but it seems I'd need to restart it after starting libvirt-bin... What would be the "cleanest" way to do this? I'm using ubuntu 8.10 server with stock libvirt & kvm packages. I'm using shorewall-perl 4.2.5. TIA -- Mariano Absatz - "El Baby" [email protected] www.clueless.com.ar -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Friends help you move. Real friends help you move bodies. -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- * TagZilla 0.066 * http://tagzilla.mozdev.org ------------------------------------------------------------------------------ _______________________________________________ Shorewall-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/shorewall-users
