Find the answer to your Linux question:
Results 1 to 5 of 5
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1

    NAT and IP Forwarding.


    I've got the following KVM environment:

    Debian Wheezy host
    2 Centos 6.3 virtual machines

    The first virtual machine (centos1) has two network interfaces connected: one is a NAT connection to the host (virbr0) with access to the Internet, and the other is a private network I created in the (isolated network).

    The second virtual machine (centos2) only has got one configured network interface, in the private network, no Internet access.

    I wonder If it's posible to set up another NAT in the guests so that I can manage to get centos2 to connect to the Internet... I've tried the following but It's not working:

    - I set the private network interface of centos1 ( as default gateway in centos2 (

    - Enabled IP Forwarding in the first guest, centos1:

    # grep -i ip_forward /etc/sysctl.conf
    net.ipv4.ip_forward = 1

    - Applied the following iptables rules in centos1:

    eth0 Link encap:Ethernet
    inet addr: Mask:

    eth1 Link encap:Ethernet
    inet addr: Mask:

    #iptables -I FORWARD -i eth1 -o eth0 -j ACCEPT
    #iptables -I FORWARD -i eth0 -o eth1 -j ACCEPT
    #iptables -t nat -I POSTROUTING -o eth0 -j MASQUERADE
    #service iptables save

    ... but I'm not able to get this working and centos2 connecting to the Internet. Help me out please :/

  2. #2
    Linux Guru Lazydog's Avatar
    Join Date
    Jun 2004
    The Keystone State
    Can centos1 ping centos2 and centos2 ping centos1?
    Have you configured centos2 default gateway to be centos1?


    The adventure of a life time.

    Linux User #296285
    Get Counted

  3. #3

    I had the default gateway correctly configured in centos2 but I hadn't changed the /etc/hosts so the entry of centos was related to instead of so centos2 couldn't ping the other one :/

    Now it's working. Many thanks Lazydog!

  4. $spacer_open
  5. #4
    Linux Engineer
    Join Date
    Apr 2012
    Virginia, USA
    Also, make sure you have firewall open for DNS on all servers. Often times the packets are getting routed, but DNS can't resolve because one of the systems is blocking it.

    If it's not a production machine, I always suggest temporarily disabling IPtables on all servers in question, then test. If it works, turn IPtables on one system at a time, and check. Fix, repeat.

  6. #5
    Ok, I'll remember that.
    Well, it's not anything related to servers at my work... just a environment I've set up for studying for the RHCE.

    Thanks mizzle.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts