KVM a smerovanie portov

Zdravim,

potreboval by som poradit s presmerovanim portov. Moje pokusy s nastavenim smerovania troskotaju. Za akukolvek radu budem vdacny.

Port 80 na virtualke je otvoreny, taktiez je nastaveny
hook script som pouzil z tadeto (skusal som aj z libvirt wiki):
http://www.jimscode.ca/index.php/component/content/article/19-linux/142-linux-port-forwarding-to-guest-libvirt-vms

distro: scientific linux 6

Chain PREROUTING (policy ACCEPT 83 packets, 4067 bytes)
pkts bytes target prot opt in out source destination
0 0 DNAT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 to:192.168.122.67:80

Chain POSTROUTING (policy ACCEPT 37 packets, 2653 bytes)
pkts bytes target prot opt in out source destination
0 0 MASQUERADE tcp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
1 128 MASQUERADE udp -- * * 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535
0 0 MASQUERADE all -- * * 192.168.122.0/24 !192.168.122.0/24

Chain OUTPUT (policy ACCEPT 37 packets, 2653 bytes)
pkts bytes target prot opt in out source destination
18 1080 DNAT tcp -- * lo 0.0.0.0/0 0.0.0.0/0 tcp dpt:8888 to:192.168.122.67:80




####


Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT tcp -- * * 0.0.0.0/0 192.168.122.67 state NEW,RELATED,ESTABLISHED tcp dpt:80
0 0 ACCEPT all -- * virbr0 0.0.0.0/0 192.168.122.0/24 state RELATED,ESTABLISHED
0 0 ACCEPT all -- virbr0 * 192.168.122.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr0 virbr0 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr0 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- virbr0 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- * * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-host-prohibited



[root@mail hooks]# grep forw /etc/sysctl.conf
# Controls IP packet forwarding
net.ipv4.ip_forward = 1
[root@mail hooks]#



#### no nmap z vonkajsej sieti vypluje toto:

PORT STATE SERVICE
8888/tcp filtered sun-answerbook