Hi all, I'm having a lot of trouble with building a network for my virtualised OS's.

The server has two physical NICs for LAN and WAN. The host has IP I use the following iptables to bridge them.

iptables -t nat -A POSTROUTING -o wan -j MASQUERADE
iptables -A FORWARD -i wan -o lan -m state --state RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -i lan -o wan -j ACCEPT

I now also have a virtualised Windows Server. I have told the virtual server to use the virbr01 network adapter, which I define in /etc/network/interfaces as below:

# Virtual bridge dummy
auto virbr01-dummy
iface virbr01-dummy inet manual
        pre-up /sbin/ip link add virbr01-dummy type dummy
        up /sbin/ip link set virbr01-dummy address 52:54:00:77:a4:d6

# Virtual bridge
auto virbr01
iface virbr01 inet static
        bridge_ports virbr01-dummy
        bridge_stp on
        bridge_fd 2

From the linux host, I can ping successfully, and for the meantime I've set the Windows guest to have a static ip of and a default gateway of (until I move to DHCP).

I'm now having issues connecting to the guest from the host, or the wider LAN network. The iptables I have used are below:

-A FORWARD -d -o virbr01 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s -i virbr01 -j ACCEPT
-A FORWARD -i virbr01 -o virbr01 -j ACCEPT

As far as I can see, this should forward my requests from the LAN DHCP range, to the virbr01 adapter. But it doesn't. Are my iptables bridging the LAN and WAN ports getting in the way?


Edited by James_43

11 Months
Discussion Span
Last Post by James_43

Correct :) for physical LAN, and ideally for virtual LAN.

Though I also have a different subnet on my WAN adapter, At the moment the Lan and Wan are passing packets through iptables.

Edited by James_43

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.