0

I have KVM installed on Centos with one VM

Host ip: 192.168.1.108, Guest ip: 192.168.100.227, LAN: 192.168.1.4/24

here is all what i did:

i have disabled firewalld and installed iptables-services

systemctl disable firewalld 
yum install iptables-services 
systemctl enable iptables.service

here is my rules

iptables -t nat -A PREROUTING -p tcp -s 192.168.1.4/22 -d 192.168.1.108 --dport 8000 -j DNAT --to-destination 192.168.100.227:8888
iptables -t nat -A POSTROUTING -p tcp --dport 8888 -d 192.168.100.227 -j SNAT --to 192.168.100.1
iptables -I FORWARD -m state -d 192.168.100.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT

And finally save my iptable rules (with a superuser)

/usr/libexec/iptables/iptables.init save

(also tried "service iptables save")

In /etc/sysconfig/iptables-config

IPTABLES_SAVE_ON_STOP="yes"
IPTABLES_SAVE_ON_RESTART="yes"

For now everythings works well and i can get access to my python server (hosted in the VM on Port 8888) via 192.168.1.108:8000 But after a restart iptables still enabled but this rule

iptables -I FORWARD -m state -d 192.168.100.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT

does not work anymore.I have to add it again to acces to my python server.

Is there another way to do this port fowarding (maybe with FirewallD) or am i missing something ?

soupe
  • 1
  • 1
  • 1

2 Answers2

1

I think your issue come from saving ipables config. Just to clarify, can you try to cat the file: /etc/sysconfig/iptables to check the file content in order to know iptables is successfully saved or not after service iptables restart. By the way, i think you should try this to save iptables rules: iptables-save > /etc/sysconfig/iptables

Nguyễn Quang Trung
  • 21
  • 2
0

As I was facing a similar issue a month ago, my workaround was to load my iptable rules from : etc/network/interfaces with the restore command :

iptables-restore < /etc/iptables.rules

Every time I reboot my iptables keep all updates included in iptables.rules.

Alexandre Roux
  • 470
  • 1
  • 6
  • 20