What are the values for the bridge-nf-call-* proc settings on your system?
[root@nexus ~]# ls -l /proc/sys/net/bridge/bridge-nf-call-*
-rw-r--r--. 1 root root 0 7. Aug 18:47
/proc/sys/net/bridge/bridge-nf-call-arptables
-rw-r--r--. 1 root root 0 7. Aug 18:47
/proc/sys/net/bridge/bridge-nf-call-ip6tables
-rw-r--r--. 1 root root 0 7. Aug 18:47
/proc/sys/net/bridge/bridge-nf-call-iptables
The bridge traffic probably gets firewalled. I see an "ACCEPT" rule with
source 192.168.122.0/24 so if you are using this network for a guest
then that would exlain why you can access the outside world but cannot
ping the VM's from elsewhere. Try to set the above three settings to 0
and test again.
Regards,
Dennis
On 07.08.2013 18:26, Lonni J Friedman wrote:
Currently, I have the following (defaults):
##############
# iptables --list --numeric
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate
RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
################
This is identical to what I see on a Fedora16 host where the VMs are
accessible over the network. What kind of rule would you suggest I
add?
On Wed, Aug 7, 2013 at 1:52 AM, Daniel Sanabria <sanabria.d(a)gmail.com> wrote:
> can you share your iptables config (iptables --list --numeric)?
>
> make sure you have a forward rule that matches when the physical device is
> bridge.
>
> Cheers,
>
> Daniel
>
>
> On 7 August 2013 06:19, Udayendu Sekhar kar <udayendu.kar(a)gmail.com> wrote:
>>
>> Hi there,
>>
>> I am using Fedora 19 and configured the bridge when my "NetworkManager"
is
>> enabled. I am configuring the VPN through "NetworkManager", so I have
to
>> keep it on. Here is the configuration from my test system which is working
>> absolutely fine.
>>
>>
>> ===========
>> # brctl show
>> bridge name bridge id STP enabled interfaces
>> br0 0080.5c260a8373dd no em1
>> virbr0 8000.5254004f366e yes virbr0-nic
>>
>> # cat /etc/sysconfig/network-scripts/ifcfg-em1
>> # Generated by dracut initrd
>> DEVICE="em1"
>> ONBOOT=yes
>> UUID="61632098-7161-42da-b97f-9e60148f589c"
>> BOOTPROTO="dhcp"
>> HWADDR="xx:xx:xx:xx:xx:xx"
>> TYPE=Ethernet
>> NAME="em1"
>> BRIDGE="br0"
>>
>> # cat /etc/sysconfig/network-scripts/ifcfg-br0
>> DEVICE="br0"
>> BOOTPROTO="dhcp"
>> TYPE="Bridge"
>> HWADDR="xx:xx:xx:xx:xx:xx"
>> MTU=9000
>> ONBOOT="yes"
>>
>>
>> # systemctl status NetworkManager.service
>> NetworkManager.service - Network Manager
>> Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service;
>> enabled)
>> Active: active (running) since Wed 2013-08-07 10:21:41 IST; 15min ago
>> Main PID: 736 (NetworkManager)
>> CGroup: name=systemd:/system/NetworkManager.service
>> ├─ 736 /usr/sbin/NetworkManager --no-daemon
>> └─1165 /sbin/dhclient -d -sf /usr/libexec/nm-dhcp-client.action
>> -pf /var/run/dhclient-br0.pid -lf
>> /var/lib/NetworkManager/dhclient-d2d68553-f97e-7549-7a26-b34a26f29318-br0.lease
>> -cf /var/lib/Ne...
>>
>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> domain search
>> 'pnq.redhat.com.'
>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> domain search
>> 'redhat.com.'
>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> Activation (br0)
>> Stage 5 of 5 (IPv4 Configure Commit) scheduled...
>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> Activation (br0)
>> Stage 5 of 5 (IPv4 Commit) started...
>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> (br0): device
>> state change: ip-config -> secondaries (reason 'none') [70 90 0]
>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Activation (br0)
>> Stage 5 of 5 (IPv4 Commit) complete.
>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> (br0): device
>> state change: secondaries -> activated (reason 'none') [90 100 0]
>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Policy set
'Bridge
>> br0' (br0) as default for IPv4 routing and DNS.
>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Activation (br0)
>> successful, device activated.
>> ============
>>
>> This configuration will help you to configure the bridge interface over
>> your em1 device while NetworkManager is on and also you can use the
>> NetworkManager to configure the VPN.
>>
>>
>> Thanks,
>> Uday !
>>
>>
>>
>>
>>
>>
>>
>> On Wed, Aug 7, 2013 at 4:30 AM, Lonni J Friedman <netllama(a)gmail.com>
>> wrote:
>>>
>>> Greetings,
>>> I'm attempting to get several virtual machines setup on a Fedora19
>>> host system, with the traditional bridge network devices (br0, br1,
>>> etc). I've done this many times before with older versions of Fedora
>>> (16, 14, etc), and it just works. However, for reasons that I cannot
>>> figure out, the bridge doesn't seem to be working in Fedora19. While
>>> I can successfully connect to the outside world (local network +
>>> internet) from inside a VM, nothing can communicate with the VM from
>>> outside (local network). I'm referring to something as trivial as
>>> pinging. From inside the VM, I can ping anything successfully (0%
>>> packet loss). However, from outside the VM (on the host, or any other
>>> system on the same network), I see 100% packet loss when pinging the
>>> IP address of the VM.
>>>
>>> My first question is simply, does anyone else have this working
>>> successfully in F19? And if so, what steps did you need to follow?
>>>
>>> I'm not using NetworkManager at all, its all the network service.
>>> There are no firewalls involved anywhere (iptables & firewall services
>>> are currently disabled). Here's the current host configuration:
>>>
>>> # brctl show
>>> bridge name bridge id STP enabled interfaces
>>> br0 8000.38eaa792efe5 no em2
>>> vnet1
>>> br1 8000.38eaa792efe6 no em3
>>> br2 8000.38eaa792efe7 no em4
>>> vnet0
>>> virbr0 8000.525400db3ebf yes virbr0-nic
>>>
>>> # more /etc/sysconfig/network-scripts/ifcfg-em2
>>> TYPE=Ethernet
>>> BRIDGE="br0"
>>> NAME=em2
>>> DEVICE="em2"
>>> UUID=aeaa839e-c89c-4d6e-9daa-79b6a1b919bd
>>> ONBOOT=yes
>>> HWADDR=38:EA:A7:92:EF:E5
>>> NM_CONTROLLED="no"
>>>
>>> # more /etc/sysconfig/network-scripts/ifcfg-br0
>>> TYPE=Bridge
>>> NM_CONTROLLED="no"
>>> BOOTPROTO=dhcp
>>> NAME=br0
>>> DEVICE="br0"
>>> ONBOOT=yes
>>>
>>> # ifconfig em2 ;ifconfig br0
>>> em2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>> inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid
>>> 0x20<link>
>>> ether 38:ea:a7:92:ef:e5 txqueuelen 1000 (Ethernet)
>>> RX packets 100093 bytes 52354831 (49.9 MiB)
>>> RX errors 0 dropped 0 overruns 0 frame 0
>>> TX packets 25321 bytes 15791341 (15.0 MiB)
>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>> device memory 0xf7d00000-f7e00000
>>>
>>> br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>> inet 10.31.99.226 netmask 255.255.252.0 broadcast
>>> 10.31.99.255
>>> inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid
>>> 0x20<link>
>>> ether 38:ea:a7:92:ef:e5 txqueuelen 0 (Ethernet)
>>> RX packets 19619 bytes 1963328 (1.8 MiB)
>>> RX errors 0 dropped 0 overruns 0 frame 0
>>> TX packets 11 bytes 1074 (1.0 KiB)
>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>
>>> Relevant section from /etc/libvirt/qemu/foo.xml (one of the VMs with
>>> this problem):
>>>
>>> <interface type='bridge'>
>>> <mac address='52:54:00:26:22:9d'/>
>>> <source bridge='br0'/>
>>> <model type='virtio'/>
>>> <address type='pci' domain='0x0000'
bus='0x00' slot='0x03'
>>> function='0x0'/>
>>> </interface>
>>>
>>> I can provide additional information, if requested. thanks!
_______________________________________________
virt mailing list
virt(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/virt