virt-manager (or libvirt) fails to set proper iptables routing rules for a virtual network
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
virt-manager (Ubuntu) |
New
|
Undecided
|
Unassigned |
Bug Description
I needed to access a service (RDP) running on a kvm guest, but I didn't want to have to modify iptables nat rules or allow the guest on my local network by bridging it on a phisical interface, so I created a virtual network, let's call it 'VirtNetLO50', with address 192.168.100.0/24 and routing torwards the interface 'lo50'
I had created the lo:50 alias beforehand, as 192.168.50.1/24
I expected virt-manager/
After further controls, it appears that virt-manager/
Chain FORWARD (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere 192.168.100.0/24
ACCEPT all -- 192.168.100.0/24 anywhere
those rules are, in my hopinion, too broad. virt-manager gui allows me to select which interface/network route to, and I'd expect to be able to route ONLY with that network, not with 'anywhere'
a more reasonable roule should have been:
target prot opt source destination
ACCEPT all -- 192.168.50/24 192.168.100.0/24
ACCEPT all -- 192.168.100.0/24 192.168.50/24
or, since that would require to be aware of the interface configuration and subsequent variation, it would have made sense making use of iptables' --in-interface and --out-interface parameters