NAT not working for KVM

NethServer Version: NethServer release 7.3.1611 (Final)
Module: OpenLDAP, Basic firewall, Email, File Server, Instant messaging, SMTP Proxy & Virtual machines manager

I probably miss something but I have no communication between my host and my VM when I’m using the NAT configuration in WebVirtMgr

I tought it was in the firewall so I make a zone called vm
then open the traffic in both way

If I try to ping from the host I have Destination Host Unreachable + ping: sendmsg: Operation not permitted
and from the VM to the host the Host is Unreachable.

###my host have an IP
45: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN qlen 1000
link/ether 52:54:00:6d:b5:f0 brd ff:ff:ff:ff:ff:ff
inet 192.168.240.241/28 brd 192.168.240.255 scope global virbr0

###and my route looks ok
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.224.254 0.0.0.0 UG 0 0 0 br0
169.254.0.0 0.0.0.0 255.255.0.0 U 1003 0 0 br0
192.168.224.224 0.0.0.0 255.255.255.224 U 0 0 0 br0
192.168.240.240 0.0.0.0 255.255.255.240 U 0 0 0 virbr0

I look in KVM documentation, everything seems ok
so I just down know and need help

Sorry I cry too fast too hard

I forget the net.ipv4.ip_forward = 1 in /etc/sysctl.conf

If it is not written in the documentation… or automatic by a template, for me it is a bug

Thoughts ?

AFAIK shorewall already does it

Yes, shorewall sets net.ipv4.ip_forward to 1, thanks to IP_FORWARDING=On in /etc/shorewall/shorewall.conf (hardcoded).

But I found one system where that setting was not honored.
I never succeeded in replicating the problem. A single shorewall restart fixed the setting.

@JOduMonT, can you reproduce the problem?
I mean: leave /etc/sysctl.conf as is (ip_forward = 0), restart the system, check that /proc/sys/net/ipv4/ip_forward is 0. Then run shorewall restart and check that now it is 1.

I take a note and will be aware when I reply with this setting.