[colug-432] Fwd: Routing with KVM / OpenVPN Redux

[Joshua Kramer]

Hello All-

My home environment is set up as noted below.  For some reason,
devices on my local network cannot communicate with devices coming in
via VPN.  IP forwarding is enabled on my hardware host as well as the
VM that is the VPN server.  If I disable firewalld on the hardware
host, everything works.  I've tried to set up as noted here, and it
does not work.

https://www.centos.org/forums/viewtopic.php?t=53819  (Note that I did
not include the MASQUERADE rule as this should be direct routing, not
masquerading.)

1. The network 192.168.2.0/24 is my main "local" network.  It is
connected via a switch to my router.  On this .2 network I have a
handful of RasPi's as well as the hardware interface to my hardware
KVM host.

2. The network 192.168.4.0/24 is the network that is fully contained
within KVM.  There are a number of VM's that have .4 addresses.  All
VM's that have .4 addresses are fully available from anything on the
.2 network.

3. The network 192.168.8.0/24 is the network that terminates to my
OpenVPN server, which is at 192.168.4.36.  There are firewall rules
that forward packets appropriately... any device that connects to this
OpenVPN box has access to any server on the .4 network.

4. There is a routing rule on my hardware host that says that anything
destined for the .8 network needs to go to .4.36 for forwarding.  This
works fine for things on the .4 network, but it does not work for
anything on the .2 network.

5. The hardware host is set up for IP forwarding.

How can I determine what firewall rule I need to set up on the
hardware host to get this working?

Thanks!
-JK