Running KVM on Fedora 20 and firewall issue

This should be straight forward, isn’t it. But….

You will probablly use NAT and yes you can ping 192.168.120.1 (because of virbr0). But you can’t reach host from guest’s internet browser, something like http://192.168.120.1:8080 won’t work. That’s because libvirt-daemon-config-network package use iptables. Fedora 20 by default uses Firewalld and not iptables. Simple, change to iptables.

But. If you check iptables status.

Then if you check loadded iptables, you get this, whereas 192.168.120.0/24 is added by libvirt-daemon-config-network package.

There is missing file /etc/sysconfig/iptables. So let’s generate it from legacy init script. A couple of way.

There you go! Start the iptables service again without a hiccup. Now yon can use internet browser from guest to host app server, say http://192.168.122.1:8080/javaeeapp

Alternatively, by adding firewalld allow rule for 192.168.120.0/24 might work as well. But I feel more comfortable with iptables and, Shorewall or old-school /usr/bin/system-config-firewall or gShield front end.