Re: [fedora-virt] KVM bridge wonkiness in Fedora19

Currently, I have the following (defaults): ############## # iptables --list --numeric Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 Chain FORWARD (policy ACCEPT) target prot opt source destination ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate RELATED,ESTABLISHED ACCEPT all -- 192.168.122.0/24 0.0.0.0/0 ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable REJECT all -- 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Chain OUTPUT (policy ACCEPT) target prot opt source destination ################ This is identical to what I see on a Fedora16 host where the VMs are accessible over the network. What kind of rule would you suggest I add? On Wed, Aug 7, 2013 at 1:52 AM, Daniel Sanabria <sanabria.d(a)gmail.com&gt; wrote: > can you share your iptables config (iptables --list --numeric)? > > make sure you have a forward rule that matches when the physical device is > bridge. > > Cheers, > > Daniel > > > On 7 August 2013 06:19, Udayendu Sekhar kar <udayendu.kar(a)gmail.com&gt; wrote: >> >> Hi there, >> >> I am using Fedora 19 and configured the bridge when my "NetworkManager" is >> enabled. I am configuring the VPN through "NetworkManager", so I have to >> keep it on. Here is the configuration from my test system which is working >> absolutely fine. >> >> >> =========== >> # brctl show >> bridge name bridge id STP enabled interfaces >> br0 0080.5c260a8373dd no em1 >> virbr0 8000.5254004f366e yes virbr0-nic >> >> # cat /etc/sysconfig/network-scripts/ifcfg-em1 >> # Generated by dracut initrd >> DEVICE="em1" >> ONBOOT=yes >> UUID="61632098-7161-42da-b97f-9e60148f589c" >> BOOTPROTO="dhcp" >> HWADDR="xx:xx:xx:xx:xx:xx" >> TYPE=Ethernet >> NAME="em1" >> BRIDGE="br0" >> >> # cat /etc/sysconfig/network-scripts/ifcfg-br0 >> DEVICE="br0" >> BOOTPROTO="dhcp" >> TYPE="Bridge" >> HWADDR="xx:xx:xx:xx:xx:xx" >> MTU=9000 >> ONBOOT="yes" >> >> >> # systemctl status NetworkManager.service >> NetworkManager.service - Network Manager >> Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; >> enabled) >> Active: active (running) since Wed 2013-08-07 10:21:41 IST; 15min ago >> Main PID: 736 (NetworkManager) >> CGroup: name=systemd:/system/NetworkManager.service >> ├─ 736 /usr/sbin/NetworkManager --no-daemon >> └─1165 /sbin/dhclient -d -sf /usr/libexec/nm-dhcp-client.action >> -pf /var/run/dhclient-br0.pid -lf >> /var/lib/NetworkManager/dhclient-d2d68553-f97e-7549-7a26-b34a26f29318-br0.lease >> -cf /var/lib/Ne... >> >> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> domain search >> 'pnq.redhat.com.' >> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> domain search >> 'redhat.com.' >> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> Activation (br0) >> Stage 5 of 5 (IPv4 Configure Commit) scheduled... >> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> Activation (br0) >> Stage 5 of 5 (IPv4 Commit) started... >> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> (br0): device >> state change: ip-config -> secondaries (reason 'none') [70 90 0] >> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Activation (br0) >> Stage 5 of 5 (IPv4 Commit) complete. >> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> (br0): device >> state change: secondaries -> activated (reason 'none') [90 100 0] >> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Policy set 'Bridge >> br0' (br0) as default for IPv4 routing and DNS. >> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Activation (br0) >> successful, device activated. >> ============ >> >> This configuration will help you to configure the bridge interface over >> your em1 device while NetworkManager is on and also you can use the >> NetworkManager to configure the VPN. >> >> >> Thanks, >> Uday ! >> >> >> >> >> >> >> >> On Wed, Aug 7, 2013 at 4:30 AM, Lonni J Friedman <netllama(a)gmail.com&gt; >> wrote: >>> >>> Greetings, >>> I'm attempting to get several virtual machines setup on a Fedora19 >>> host system, with the traditional bridge network devices (br0, br1, >>> etc). I've done this many times before with older versions of Fedora >>> (16, 14, etc), and it just works. However, for reasons that I cannot >>> figure out, the bridge doesn't seem to be working in Fedora19. While >>> I can successfully connect to the outside world (local network + >>> internet) from inside a VM, nothing can communicate with the VM from >>> outside (local network). I'm referring to something as trivial as >>> pinging. From inside the VM, I can ping anything successfully (0% >>> packet loss). However, from outside the VM (on the host, or any other >>> system on the same network), I see 100% packet loss when pinging the >>> IP address of the VM. >>> >>> My first question is simply, does anyone else have this working >>> successfully in F19? And if so, what steps did you need to follow? >>> >>> I'm not using NetworkManager at all, its all the network service. >>> There are no firewalls involved anywhere (iptables & firewall services >>> are currently disabled). Here's the current host configuration: >>> >>> # brctl show >>> bridge name bridge id STP enabled interfaces >>> br0 8000.38eaa792efe5 no em2 >>> vnet1 >>> br1 8000.38eaa792efe6 no em3 >>> br2 8000.38eaa792efe7 no em4 >>> vnet0 >>> virbr0 8000.525400db3ebf yes virbr0-nic >>> >>> # more /etc/sysconfig/network-scripts/ifcfg-em2 >>> TYPE=Ethernet >>> BRIDGE="br0" >>> NAME=em2 >>> DEVICE="em2" >>> UUID=aeaa839e-c89c-4d6e-9daa-79b6a1b919bd >>> ONBOOT=yes >>> HWADDR=38:EA:A7:92:EF:E5 >>> NM_CONTROLLED="no" >>> >>> # more /etc/sysconfig/network-scripts/ifcfg-br0 >>> TYPE=Bridge >>> NM_CONTROLLED="no" >>> BOOTPROTO=dhcp >>> NAME=br0 >>> DEVICE="br0" >>> ONBOOT=yes >>> >>> # ifconfig em2 ;ifconfig br0 >>> em2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 >>> inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid >>> 0x20<link> >>> ether 38:ea:a7:92:ef:e5 txqueuelen 1000 (Ethernet) >>> RX packets 100093 bytes 52354831 (49.9 MiB) >>> RX errors 0 dropped 0 overruns 0 frame 0 >>> TX packets 25321 bytes 15791341 (15.0 MiB) >>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >>> device memory 0xf7d00000-f7e00000 >>> >>> br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 >>> inet 10.31.99.226 netmask 255.255.252.0 broadcast >>> 10.31.99.255 >>> inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid >>> 0x20<link> >>> ether 38:ea:a7:92:ef:e5 txqueuelen 0 (Ethernet) >>> RX packets 19619 bytes 1963328 (1.8 MiB) >>> RX errors 0 dropped 0 overruns 0 frame 0 >>> TX packets 11 bytes 1074 (1.0 KiB) >>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >>> >>> Relevant section from /etc/libvirt/qemu/foo.xml (one of the VMs with >>> this problem): >>> >>> <interface type='bridge'> >>> <mac address='52:54:00:26:22:9d'/> >>> <source bridge='br0'/> >>> <model type='virtio'/> >>> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' >>> function='0x0'/> >>> </interface> >>> >>> I can provide additional information, if requested. thanks! _______________________________________________ virt mailing list virt(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/virt