I have a frontend host that is also a node (i.e. it’s hosting VMs). On this host I modified the iptables to configure NAT, I also had to configure some forwarding rules:
iptables -tnat -A POSTROUTING -s 172.16.0.0/16 ! -d 172.16.0.0/16 -j MASQUERADE
iptables -A FORWARD -d 172.16.0.0/16 -o virbr1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
iptables -A FORWARD -s 172.16.0.0/16 -i virbr1 -j ACCEPT
iptables -A FORWARD -i virbr1 -o virbr1 -j ACCEPT
This works, any VM created on this node can ping everything up to and including public IP addresses.
I have two other nodes as well that I can configure VMs on but when I do that they can only ping IPs in the virtual network and the physical IP of the frontend server, nothing else.
Am I supposed to configure these iptables rules on the remote nodes as well? I’ve tried but I keep hitting the same problem, that VMs on the remote nodes are not able to access the internet.