On Fri, Jun 26, 2020 at 02:12:20AM +0800, Ed Greshko wrote:
On 2020-06-26 00:49, Eric Garver wrote:
> There are two things:
>
> 1) the libvirt zone
> - these are managed through firewalld and visible in firewalld UIs
>
> 2) libvirt's iptables rules
> - there are completely separate and independent from firewalld
> - this is what's blocking the traffic to your VM
And there is no way to see what those rules are and verify this? I'd like to
submit
a bugzilla, so would you know what component it should be filed against?
I'm not sure what you're planning to file. I think it's working as
designed. If you want to open a port for you VM, then you need to do
that through libvirt.
See here:
https://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections
>> Also, wouldn't one expect the rules to be the same for
IPv4 and
>> IPv6?ÃÂ Hope the network diagram attachment
>> makes it.
> I don't recall what libvirt does for IPv6. But it's a different matter
> because IPv6 likely is using NAT/masquerade.
>
Well, all of my IPv6 addresses are public and assigned by my ISP. I don't think
there
is NAT/masquerading needed/involved.
There shouldn't be.