Red Hat Bugzilla – Full Text Bug Listing
|Summary:||iptables forward rules for kvm networking not saved|
|Product:||[Fedora] Fedora||Reporter:||Jeremy West <jwest>|
|Component:||libvirt||Assignee:||Daniel Veillard <veillard>|
|Status:||CLOSED RAWHIDE||QA Contact:|
|Version:||rawhide||CC:||madko, triage, xen-maint|
|Fixed In Version:||Doc Type:||Bug Fix|
|Doc Text:||Story Points:||---|
|Last Closed:||2008-04-03 21:05:23 EDT||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
Description Jeremy West 2007-05-22 17:30:05 EDT
Description of problem: During my initial startup of virt-manager with KVM, I was pleased to see that once ip_forward has been enabled, networking works great (NAT). I'm assuming that something in libvirt adds the iptables forward rules? The problem is that they aren't saved to /etc/sysconfig/iptables, and so if the user shuts down iptables and then tries to get reach the outside world from one of the guest OS's nothing works. Restarting iptables doesn't work, however if you reboot the machine and restart virt-manager and restart your guest, then it works. There should be some intuition behind the scenes to get these rules saved so that the casual user doesn't have to continue rebooting their machine. Adding documentation isn't the best answer either. IMHO it doesn't make Linux any more useable ... just more frustrating. Additional info:
Comment 1 Bug Zapper 2008-04-03 20:50:29 EDT
Based on the date this bug was created, it appears to have been reported against rawhide during the development of a Fedora release that is no longer maintained. In order to refocus our efforts as a project we are flagging all of the open bugs for releases which are no longer maintained. If this bug remains in NEEDINFO thirty (30) days from now, we will automatically close it. If you can reproduce this bug in a maintained Fedora version (7, 8, or rawhide), please change this bug to the respective version and change the status to ASSIGNED. (If you're unable to change the bug's version or status, add a comment to the bug and someone will change it for you.) Thanks for your help, and we apologize again that we haven't handled these issues to this point. The process we're following is outlined here: http://fedoraproject.org/wiki/BugZappers/F9CleanUp We will be following the process here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this doesn't happen again.
Comment 2 Daniel Berrange 2008-04-03 21:05:23 EDT
Sending SIGHUP to libvirtd re-creates the rules. Alternatively do 'service libvirtd reload'. Finally, libvirt also now registers the rules with lokkit, so they are persisted when the iptables service is stoppped/started.