On Mon, 2019-01-28 at 06:18 +0800, Ed Greshko wrote:
If you use wireshark to monitor just vnet0 and do an ssh to the guest
do you see an ARP
request/response happen first? Is it correct?
[...]
Even without trying the ssh there is a constant traffic of ARP requests
with no replies:
52:54:00:b0:20:88 ff:ff:ff:ff:ff:ff ARP 42 Who has 192.168.122.1? Tell 192.168.122.167
52:54:00:8b:88:60 is the vnet0 interface. 192.168.122.1 is the gateway,
192.168.122.167 is the guest.
Nothing ever comes back. IOW the guest is trying to do ARP resolution
but nothing is answering it (avahi-daemon is running, as is the libvirt
copy of dnsmasq). Also:
$ ip neigh|grep 122
192.168.122.167 dev virbr0 lladdr 52:54:00:b0:20:88 STALE
192.168.122.193 dev virbr0 lladdr 52:54:00:1d:55:89 STALE
Those are the two guest addresses.
[egreshko@meimei .ssh]$ sudo firewall-cmd --info-zone=public
public (active)
target: default
icmp-block-inversion: no
interfaces: enp2s0 vnet0 wlp4s0
sources:
services: dhcpv6-client dns kde-connect mdns ssh
ports:
protocols:
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
Nothing to remark on there I think. I have some extra ports and
services enabled but that's to be expected.
poc