Bug 240924 - iptables forward rules for kvm networking not saved
iptables forward rules for kvm networking not saved
Status: CLOSED RAWHIDE
Product: Fedora
Classification: Fedora
Component: libvirt (Show other bugs)
rawhide
All Linux
medium Severity medium
: ---
: ---
Assigned To: Daniel Veillard
bzcl34nup
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-05-22 17:30 EDT by Jeremy West
Modified: 2009-01-01 08:09 EST (History)
3 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-04-03 21:05:23 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Jeremy West 2007-05-22 17:30:05 EDT
Description of problem:

During my initial startup of virt-manager with KVM, I was pleased to see that
once ip_forward has been enabled, networking works great (NAT).  I'm assuming
that something in libvirt adds the iptables forward rules?  The problem is that
they aren't saved to /etc/sysconfig/iptables, and so if the user shuts down
iptables and then tries to get reach the outside world from one of the guest
OS's nothing works.  Restarting iptables doesn't work, however if you reboot the
machine and restart virt-manager and restart your guest, then it works.  There
should be some intuition behind the scenes to get these rules saved so that the
casual user doesn't have to continue rebooting their machine.

Adding documentation isn't the best answer either.  IMHO it doesn't make Linux
any more useable ... just more frustrating.

Additional info:
Comment 1 Bug Zapper 2008-04-03 20:50:29 EDT
Based on the date this bug was created, it appears to have been reported
against rawhide during the development of a Fedora release that is no
longer maintained. In order to refocus our efforts as a project we are
flagging all of the open bugs for releases which are no longer
maintained. If this bug remains in NEEDINFO thirty (30) days from now,
we will automatically close it.

If you can reproduce this bug in a maintained Fedora version (7, 8, or
rawhide), please change this bug to the respective version and change
the status to ASSIGNED. (If you're unable to change the bug's version
or status, add a comment to the bug and someone will change it for you.)

Thanks for your help, and we apologize again that we haven't handled
these issues to this point.

The process we're following is outlined here:
http://fedoraproject.org/wiki/BugZappers/F9CleanUp

We will be following the process here:
http://fedoraproject.org/wiki/BugZappers/HouseKeeping to ensure this
doesn't happen again.
Comment 2 Daniel Berrange 2008-04-03 21:05:23 EDT
Sending SIGHUP to libvirtd re-creates the rules. Alternatively do 'service
libvirtd reload'. Finally, libvirt also now registers the rules with lokkit, so
they are persisted when the iptables service is stoppped/started.

Note You need to log in before you can comment on or make changes to this bug.