On Mon, 2019-01-28 at 06:18 +0800, Ed Greshko wrote:
If you use wireshark to monitor just vnet0 and do an ssh to the guest do you see an ARP request/response happen first? Is it correct?
[...]
Even without trying the ssh there is a constant traffic of ARP requests with no replies:
52:54:00:b0:20:88 ff:ff:ff:ff:ff:ff ARP 42 Who has 192.168.122.1? Tell 192.168.122.167
52:54:00:8b:88:60 is the vnet0 interface. 192.168.122.1 is the gateway, 192.168.122.167 is the guest.
Nothing ever comes back. IOW the guest is trying to do ARP resolution but nothing is answering it (avahi-daemon is running, as is the libvirt copy of dnsmasq). Also:
$ ip neigh|grep 122 192.168.122.167 dev virbr0 lladdr 52:54:00:b0:20:88 STALE 192.168.122.193 dev virbr0 lladdr 52:54:00:1d:55:89 STALE
Those are the two guest addresses.
[egreshko@meimei .ssh]$ sudo firewall-cmd --info-zone=public public (active) target: default icmp-block-inversion: no interfaces: enp2s0 vnet0 wlp4s0 sources: services: dhcpv6-client dns kde-connect mdns ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules:
Nothing to remark on there I think. I have some extra ports and services enabled but that's to be expected.
poc