Comment 25 for bug 447442

Description of problem:

Starting libvirtd with its default configuration creates a bridge interface virbr0 with IP 192.168.122.1. It also adds iptables rules to the nat table to allow VMs connected to this bridge to access the external network. These rules catch any incoming packet whose destination is not on the 192.168.122.0/24 subnet, even multicast packets.

As a result, the host sees mDNS datagrams from its guests coming from its own IP address with a (more or less) random source port, whereas avahi expects them to come from port 5353.

The obvious workaround (add a static nat rule like "iptables -t nat -A POSTROUTING -d 224.0.0.0/4 -j RETURN" to /etc/sysconfig/iptables) does not work, as libvirt inserts its rules before the existing ones.

Version-Release number of selected component (if applicable):

libvirt-0.8.2-1.fc13.x86_64

How reproducible:

Always.

Steps to Reproduce:
1. service libvirtd start
2. virsh start myguest
      (here myguest is a guest VM with avahi-daemon enabled)
3. getent hosts myguest.local

Actual results:

The last command times out. Here is the relevant line from /var/log/messages:

Nov 28 12:11:51 carrosse avahi-daemon[22764]: Received response from host 192.168.122.1 with invalid source port 1025 on interface 'virbr0.0'

Expected results:

% getent hosts myguest.local
192.168.122.157 myguest.local