> > > > > > iptables -A FORWARD -j ACCEPT >
Are you sure your packets are forwarded via netfilter? Try to disable forwarding (with sysctl) or change rulte to -j DROP and check traffic with sniffer (no packet should be forwarded from virt machine to the Internet)
