Hello, Have you tried this and get this to work?
I think I have the same problem just can not get the Guest VM to access outbound by the V-router vm. my guest NIC is eth0, the public NIC is eth2. Here is the default rules in the Router VM. How to apply the rules to get the Guest VM can access outbound? Could you help me to show how? I have tried many times, just no luck of it. Thank you very much. root@r-7-VM:~# cat /etc/iptables/rules # Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. *nat :PREROUTING ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] :OUTPUT ACCEPT [0:0] COMMIT *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A INPUT -d 224.0.0.18/32 -j ACCEPT -A INPUT -d 225.0.0.50/32 -j ACCEPT -A INPUT -i eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -i eth2 -m state --state RELATED,ESTABLISHED -j ACCEPT -A INPUT -p icmp -j ACCEPT -A INPUT -i lo -j ACCEPT -A INPUT -i eth0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i eth0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i eth1 -p tcp -m state --state NEW --dport 3922 -j ACCEPT -A INPUT -i eth0 -p tcp -m state --state NEW --dport 8080 -j ACCEPT -A INPUT -i eth0 -p tcp -m state --state NEW --dport 80 -j ACCEPT -A FORWARD -i eth0 -o eth1 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o eth2 -j ACCEPT -A FORWARD -i eth2 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT -A FORWARD -i eth0 -o eth0 -m state --state NEW -j ACCEPT -A FORWARD -i eth0 -o eth0 -m state --state RELATED,ESTABLISHED -j ACCEPT COMMIT *mangle :PREROUTING ACCEPT [0:0] :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :POSTROUTING ACCEPT [0:0] -A PREROUTING -m state --state ESTABLISHED,RELATED -j CONNMARK --restore-mark -A POSTROUTING -p udp --dport bootpc -j CHECKSUM --checksum-fill COMMIT root@r-7-VM:~# ifconfig On Mon, May 20, 2013 at 5:29 PM, Jayapal Reddy Uradi <jayapalreddy.ur...@citrix.com> wrote: > > Currently we don't have the configurable option. > > 1. You can add egress rule on network with protocol 'all' to allow all > outbound traffic once the network is created. > > 2. If you want to allow traffic by default when ever router is created > One work around will be add the below line into the iptables-router file > after the this line -I FW_OUTBOUND -m state --state RELATED,ESTABLISHED -j > ACCEPT > > -A FW_OUTBOUND -j ACCEPT > > > Thanks, > Jayapal > > > On 20-May-2013, at 2:18 PM, Len Bellemore <len.bellem...@controlcircle.com> > wrote: > >> Hi Guys >> >> Anyone know if it's possible to change some of the default options on a >> virtual router, so that every time it gets created it has particular rules? >> >> My main issue is that I want to allow outbound access by default to every >> account. >> >> Thanks >> Len >> >
