I followed this guide for setting up persistent iptables forwarding rules for various KVM guests:
https://wiki.libvirt.org/page/Networking (Forwarding Incoming Connections - Using Hooks Script)
While the above guide works perfectly in CentOS 7, I am unable to get the forwarding to work in CentOS 8. I cannot figure out why. The setup is nearly identical to the working version I have on my CentOS 7 server. The iptables rules are there on my CentOS 8 server:
Code: Select all
iptables -t nat -L -n -v
Code: Select all
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:29901 to:192.168.122.10:29901
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:29901 to:192.168.122.10:29901
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:29900 to:192.168.122.10:29900
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:29900 to:192.168.122.10:29900
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:29899 to:192.168.122.10:29899
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:29899 to:192.168.122.10:29899
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:28901 to:192.168.122.10:28901
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:28901 to:192.168.122.10:28901
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:28900 to:192.168.122.10:28900
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:28900 to:192.168.122.10:28900
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:28899 to:192.168.122.10:28899
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:28899 to:192.168.122.10:28899
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:27900 to:192.168.122.10:27900
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:27900 to:192.168.122.10:27900
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:27899 to:192.168.122.10:27899
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:27899 to:192.168.122.10:27899
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:13139 to:192.168.122.10:13139
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:13139 to:192.168.122.10:13139
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12310 to:192.168.122.10:12310
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12310 to:192.168.122.10:12310
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12309 to:192.168.122.10:12309
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12309 to:192.168.122.10:12309
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12308 to:192.168.122.10:12308
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12308 to:192.168.122.10:12308
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12307 to:192.168.122.10:12307
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12307 to:192.168.122.10:12307
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12306 to:192.168.122.10:12306
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12306 to:192.168.122.10:12306
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12305 to:192.168.122.10:12305
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12305 to:192.168.122.10:12305
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12304 to:192.168.122.10:12304
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12304 to:192.168.122.10:12304
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12303 to:192.168.122.10:12303
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12303 to:192.168.122.10:12303
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12302 to:192.168.122.10:12302
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12302 to:192.168.122.10:12302
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12301 to:192.168.122.10:12301
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12301 to:192.168.122.10:12301
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12300 to:192.168.122.10:12300
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12300 to:192.168.122.10:12300
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12299 to:192.168.122.10:12299
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12299 to:192.168.122.10:12299
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12210 to:192.168.122.10:12210
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12210 to:192.168.122.10:12210
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12209 to:192.168.122.10:12209
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12209 to:192.168.122.10:12209
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12208 to:192.168.122.10:12208
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12208 to:192.168.122.10:12208
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12207 to:192.168.122.10:12207
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12207 to:192.168.122.10:12207
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12206 to:192.168.122.10:12206
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12206 to:192.168.122.10:12206
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12205 to:192.168.122.10:12205
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12205 to:192.168.122.10:12205
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12204 to:192.168.122.10:12204
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12204 to:192.168.122.10:12204
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:12203 to:192.168.122.10:12203
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:12203 to:192.168.122.10:12203
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:6667 to:192.168.122.10:6667
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6667 to:192.168.122.10:6667
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:6515 to:192.168.122.10:6515
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6515 to:192.168.122.10:6515
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:6500 to:192.168.122.10:6500
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6500 to:192.168.122.10:6500
0 0 DNAT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:3783 to:192.168.122.10:3783
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:3783 to:192.168.122.10:3783
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
3 207 RETURN all -- * * 192.168.122.0/24 224.0.0.0/24
0 0 RETURN all -- * * 192.168.122.0/24 255.255.255.255
0 0 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24
Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Anyone know what might be going on?
I've disabled selinux and am NOT using firewalld (it's disabled). I'm using iptables directly.