Greetings, I'm attempting to get several virtual machines setup on a Fedora19 host system, with the traditional bridge network devices (br0, br1, etc). I've done this many times before with older versions of Fedora (16, 14, etc), and it just works. However, for reasons that I cannot figure out, the bridge doesn't seem to be working in Fedora19. While I can successfully connect to the outside world (local network + internet) from inside a VM, nothing can communicate with the VM from outside (local network). I'm referring to something as trivial as pinging. From inside the VM, I can ping anything successfully (0% packet loss). However, from outside the VM (on the host, or any other system on the same network), I see 100% packet loss when pinging the IP address of the VM. My first question is simply, does anyone else have this working successfully in F19? And if so, what steps did you need to follow? I'm not using NetworkManager at all, its all the network service. There are no firewalls involved anywhere (iptables & firewall services are currently disabled). Here's the current host configuration: # brctl show bridge name bridge id STP enabled interfaces br0 8000.38eaa792efe5 no em2 vnet1 br1 8000.38eaa792efe6 no em3 br2 8000.38eaa792efe7 no em4 vnet0 virbr0 8000.525400db3ebf yes virbr0-nic # more /etc/sysconfig/network-scripts/ifcfg-em2 TYPE=Ethernet BRIDGE="br0" NAME=em2 DEVICE="em2" UUID=aeaa839e-c89c-4d6e-9daa-79b6a1b919bd ONBOOT=yes HWADDR=38:EA:A7:92:EF:E5 NM_CONTROLLED="no" # more /etc/sysconfig/network-scripts/ifcfg-br0 TYPE=Bridge NM_CONTROLLED="no" BOOTPROTO=dhcp NAME=br0 DEVICE="br0" ONBOOT=yes # ifconfig em2 ;ifconfig br0 em2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid 0x20<link> ether 38:ea:a7:92:ef:e5 txqueuelen 1000 (Ethernet) RX packets 100093 bytes 52354831 (49.9 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 25321 bytes 15791341 (15.0 MiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 device memory 0xf7d00000-f7e00000 br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 inet 10.31.99.226 netmask 255.255.252.0 broadcast 10.31.99.255 inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid 0x20<link> ether 38:ea:a7:92:ef:e5 txqueuelen 0 (Ethernet) RX packets 19619 bytes 1963328 (1.8 MiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 11 bytes 1074 (1.0 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 Relevant section from /etc/libvirt/qemu/foo.xml (one of the VMs with this problem): <interface type='bridge'> <mac address='52:54:00:26:22:9d'/> <source bridge='br0'/> <model type='virtio'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/> </interface> I can provide additional information, if requested. thanks! _______________________________________________ virt mailing list virt(a)lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/virt

can you share your iptables config (iptables --list --numeric)? make sure you have a forward rule that matches when the physical device is bridge. Cheers, Daniel On 7 August 2013 06:19, Udayendu Sekhar kar <udayendu.kar(a)gmail.com&gt; wrote: > > Hi there, > > I am using Fedora 19 and configured the bridge when my "NetworkManager" is > enabled. I am configuring the VPN through "NetworkManager", so I have to > keep it on. Here is the configuration from my test system which is working > absolutely fine. > > > =========== > # brctl show > bridge name bridge id STP enabled interfaces > br0 0080.5c260a8373dd no em1 > virbr0 8000.5254004f366e yes virbr0-nic > > # cat /etc/sysconfig/network-scripts/ifcfg-em1 > # Generated by dracut initrd > DEVICE="em1" > ONBOOT=yes > UUID="61632098-7161-42da-b97f-9e60148f589c" > BOOTPROTO="dhcp" > HWADDR="xx:xx:xx:xx:xx:xx" > TYPE=Ethernet > NAME="em1" > BRIDGE="br0" > > # cat /etc/sysconfig/network-scripts/ifcfg-br0 > DEVICE="br0" > BOOTPROTO="dhcp" > TYPE="Bridge" > HWADDR="xx:xx:xx:xx:xx:xx" > MTU=9000 > ONBOOT="yes" > > > # systemctl status NetworkManager.service > NetworkManager.service - Network Manager > Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; > enabled) > Active: active (running) since Wed 2013-08-07 10:21:41 IST; 15min ago > Main PID: 736 (NetworkManager) > CGroup: name=systemd:/system/NetworkManager.service > ├─ 736 /usr/sbin/NetworkManager --no-daemon > └─1165 /sbin/dhclient -d -sf /usr/libexec/nm-dhcp-client.action > -pf /var/run/dhclient-br0.pid -lf > /var/lib/NetworkManager/dhclient-d2d68553-f97e-7549-7a26-b34a26f29318-br0.lease > -cf /var/lib/Ne... > > Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> domain search > 'pnq.redhat.com.' > Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> domain search > 'redhat.com.' > Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> Activation (br0) > Stage 5 of 5 (IPv4 Configure Commit) scheduled... > Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> Activation (br0) > Stage 5 of 5 (IPv4 Commit) started... > Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> (br0): device > state change: ip-config -> secondaries (reason 'none') [70 90 0] > Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Activation (br0) > Stage 5 of 5 (IPv4 Commit) complete. > Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> (br0): device > state change: secondaries -> activated (reason 'none') [90 100 0] > Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Policy set 'Bridge > br0' (br0) as default for IPv4 routing and DNS. > Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Activation (br0) > successful, device activated. > ============ > > This configuration will help you to configure the bridge interface over > your em1 device while NetworkManager is on and also you can use the > NetworkManager to configure the VPN. > > > Thanks, > Uday ! > > > > > > > > On Wed, Aug 7, 2013 at 4:30 AM, Lonni J Friedman <netllama(a)gmail.com&gt; > wrote: >> >> Greetings, >> I'm attempting to get several virtual machines setup on a Fedora19 >> host system, with the traditional bridge network devices (br0, br1, >> etc). I've done this many times before with older versions of Fedora >> (16, 14, etc), and it just works. However, for reasons that I cannot >> figure out, the bridge doesn't seem to be working in Fedora19. While >> I can successfully connect to the outside world (local network + >> internet) from inside a VM, nothing can communicate with the VM from >> outside (local network). I'm referring to something as trivial as >> pinging. From inside the VM, I can ping anything successfully (0% >> packet loss). However, from outside the VM (on the host, or any other >> system on the same network), I see 100% packet loss when pinging the >> IP address of the VM. >> >> My first question is simply, does anyone else have this working >> successfully in F19? And if so, what steps did you need to follow? >> >> I'm not using NetworkManager at all, its all the network service. >> There are no firewalls involved anywhere (iptables & firewall services >> are currently disabled). Here's the current host configuration: >> >> # brctl show >> bridge name bridge id STP enabled interfaces >> br0 8000.38eaa792efe5 no em2 >> vnet1 >> br1 8000.38eaa792efe6 no em3 >> br2 8000.38eaa792efe7 no em4 >> vnet0 >> virbr0 8000.525400db3ebf yes virbr0-nic >> >> # more /etc/sysconfig/network-scripts/ifcfg-em2 >> TYPE=Ethernet >> BRIDGE="br0" >> NAME=em2 >> DEVICE="em2" >> UUID=aeaa839e-c89c-4d6e-9daa-79b6a1b919bd >> ONBOOT=yes >> HWADDR=38:EA:A7:92:EF:E5 >> NM_CONTROLLED="no" >> >> # more /etc/sysconfig/network-scripts/ifcfg-br0 >> TYPE=Bridge >> NM_CONTROLLED="no" >> BOOTPROTO=dhcp >> NAME=br0 >> DEVICE="br0" >> ONBOOT=yes >> >> # ifconfig em2 ;ifconfig br0 >> em2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 >> inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid >> 0x20<link> >> ether 38:ea:a7:92:ef:e5 txqueuelen 1000 (Ethernet) >> RX packets 100093 bytes 52354831 (49.9 MiB) >> RX errors 0 dropped 0 overruns 0 frame 0 >> TX packets 25321 bytes 15791341 (15.0 MiB) >> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >> device memory 0xf7d00000-f7e00000 >> >> br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 >> inet 10.31.99.226 netmask 255.255.252.0 broadcast >> 10.31.99.255 >> inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid >> 0x20<link> >> ether 38:ea:a7:92:ef:e5 txqueuelen 0 (Ethernet) >> RX packets 19619 bytes 1963328 (1.8 MiB) >> RX errors 0 dropped 0 overruns 0 frame 0 >> TX packets 11 bytes 1074 (1.0 KiB) >> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >> >> Relevant section from /etc/libvirt/qemu/foo.xml (one of the VMs with >> this problem): >> >> <interface type='bridge'> >> <mac address='52:54:00:26:22:9d'/> >> <source bridge='br0'/> >> <model type='virtio'/> >> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' >> function='0x0'/> >> </interface> >> >> I can provide additional information, if requested. thanks!

What are the values for the bridge-nf-call-* proc settings on your system? [root@nexus ~]# ls -l /proc/sys/net/bridge/bridge-nf-call-* -rw-r--r--. 1 root root 0 7. Aug 18:47 /proc/sys/net/bridge/bridge-nf-call-arptables -rw-r--r--. 1 root root 0 7. Aug 18:47 /proc/sys/net/bridge/bridge-nf-call-ip6tables -rw-r--r--. 1 root root 0 7. Aug 18:47 /proc/sys/net/bridge/bridge-nf-call-iptables The bridge traffic probably gets firewalled. I see an "ACCEPT" rule with source 192.168.122.0/24 so if you are using this network for a guest then that would exlain why you can access the outside world but cannot ping the VM's from elsewhere. Try to set the above three settings to 0 and test again. Regards, Dennis On 07.08.2013 18:26, Lonni J Friedman wrote: > > Currently, I have the following (defaults): > ############## > # iptables --list --numeric > Chain INPUT (policy ACCEPT) > target prot opt source destination > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 > ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67 > ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67 > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate > RELATED,ESTABLISHED > ACCEPT all -- 192.168.122.0/24 0.0.0.0/0 > ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 > REJECT all -- 0.0.0.0/0 0.0.0.0/0 > reject-with icmp-port-unreachable > REJECT all -- 0.0.0.0/0 0.0.0.0/0 > reject-with icmp-port-unreachable > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > ################ > > This is identical to what I see on a Fedora16 host where the VMs are > accessible over the network. What kind of rule would you suggest I > add? > > > > On Wed, Aug 7, 2013 at 1:52 AM, Daniel Sanabria <sanabria.d(a)gmail.com&gt; > wrote: >> >> can you share your iptables config (iptables --list --numeric)? >> >> make sure you have a forward rule that matches when the physical device >> is >> bridge. >> >> Cheers, >> >> Daniel >> >> >> On 7 August 2013 06:19, Udayendu Sekhar kar <udayendu.kar(a)gmail.com&gt; >> wrote: >>> >>> >>> Hi there, >>> >>> I am using Fedora 19 and configured the bridge when my "NetworkManager" >>> is >>> enabled. I am configuring the VPN through "NetworkManager", so I have to >>> keep it on. Here is the configuration from my test system which is >>> working >>> absolutely fine. >>> >>> >>> =========== >>> # brctl show >>> bridge name bridge id STP enabled interfaces >>> br0 0080.5c260a8373dd no em1 >>> virbr0 8000.5254004f366e yes virbr0-nic >>> >>> # cat /etc/sysconfig/network-scripts/ifcfg-em1 >>> # Generated by dracut initrd >>> DEVICE="em1" >>> ONBOOT=yes >>> UUID="61632098-7161-42da-b97f-9e60148f589c" >>> BOOTPROTO="dhcp" >>> HWADDR="xx:xx:xx:xx:xx:xx" >>> TYPE=Ethernet >>> NAME="em1" >>> BRIDGE="br0" >>> >>> # cat /etc/sysconfig/network-scripts/ifcfg-br0 >>> DEVICE="br0" >>> BOOTPROTO="dhcp" >>> TYPE="Bridge" >>> HWADDR="xx:xx:xx:xx:xx:xx" >>> MTU=9000 >>> ONBOOT="yes" >>> >>> >>> # systemctl status NetworkManager.service >>> NetworkManager.service - Network Manager >>> Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service; >>> enabled) >>> Active: active (running) since Wed 2013-08-07 10:21:41 IST; 15min >>> ago >>> Main PID: 736 (NetworkManager) >>> CGroup: name=systemd:/system/NetworkManager.service >>> ├─ 736 /usr/sbin/NetworkManager --no-daemon >>> └─1165 /sbin/dhclient -d -sf >>> /usr/libexec/nm-dhcp-client.action >>> -pf /var/run/dhclient-br0.pid -lf >>> >>> /var/lib/NetworkManager/dhclient-d2d68553-f97e-7549-7a26-b34a26f29318-br0.lease >>> -cf /var/lib/Ne... >>> >>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> domain search >>> 'pnq.redhat.com.' >>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> domain search >>> 'redhat.com.' >>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> Activation (br0) >>> Stage 5 of 5 (IPv4 Configure Commit) scheduled... >>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> Activation (br0) >>> Stage 5 of 5 (IPv4 Commit) started... >>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> (br0): device >>> state change: ip-config -> secondaries (reason 'none') [70 90 0] >>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Activation (br0) >>> Stage 5 of 5 (IPv4 Commit) complete. >>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> (br0): device >>> state change: secondaries -> activated (reason 'none') [90 100 0] >>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Policy set >>> 'Bridge >>> br0' (br0) as default for IPv4 routing and DNS. >>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Activation (br0) >>> successful, device activated. >>> ============ >>> >>> This configuration will help you to configure the bridge interface over >>> your em1 device while NetworkManager is on and also you can use the >>> NetworkManager to configure the VPN. >>> >>> >>> Thanks, >>> Uday ! >>> >>> >>> >>> >>> >>> >>> >>> On Wed, Aug 7, 2013 at 4:30 AM, Lonni J Friedman <netllama(a)gmail.com&gt; >>> wrote: >>>> >>>> >>>> Greetings, >>>> I'm attempting to get several virtual machines setup on a Fedora19 >>>> host system, with the traditional bridge network devices (br0, br1, >>>> etc). I've done this many times before with older versions of Fedora >>>> (16, 14, etc), and it just works. However, for reasons that I cannot >>>> figure out, the bridge doesn't seem to be working in Fedora19. While >>>> I can successfully connect to the outside world (local network + >>>> internet) from inside a VM, nothing can communicate with the VM from >>>> outside (local network). I'm referring to something as trivial as >>>> pinging. From inside the VM, I can ping anything successfully (0% >>>> packet loss). However, from outside the VM (on the host, or any other >>>> system on the same network), I see 100% packet loss when pinging the >>>> IP address of the VM. >>>> >>>> My first question is simply, does anyone else have this working >>>> successfully in F19? And if so, what steps did you need to follow? >>>> >>>> I'm not using NetworkManager at all, its all the network service. >>>> There are no firewalls involved anywhere (iptables & firewall services >>>> are currently disabled). Here's the current host configuration: >>>> >>>> # brctl show >>>> bridge name bridge id STP enabled interfaces >>>> br0 8000.38eaa792efe5 no em2 >>>> vnet1 >>>> br1 8000.38eaa792efe6 no em3 >>>> br2 8000.38eaa792efe7 no em4 >>>> vnet0 >>>> virbr0 8000.525400db3ebf yes virbr0-nic >>>> >>>> # more /etc/sysconfig/network-scripts/ifcfg-em2 >>>> TYPE=Ethernet >>>> BRIDGE="br0" >>>> NAME=em2 >>>> DEVICE="em2" >>>> UUID=aeaa839e-c89c-4d6e-9daa-79b6a1b919bd >>>> ONBOOT=yes >>>> HWADDR=38:EA:A7:92:EF:E5 >>>> NM_CONTROLLED="no" >>>> >>>> # more /etc/sysconfig/network-scripts/ifcfg-br0 >>>> TYPE=Bridge >>>> NM_CONTROLLED="no" >>>> BOOTPROTO=dhcp >>>> NAME=br0 >>>> DEVICE="br0" >>>> ONBOOT=yes >>>> >>>> # ifconfig em2 ;ifconfig br0 >>>> em2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 >>>> inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid >>>> 0x20<link> >>>> ether 38:ea:a7:92:ef:e5 txqueuelen 1000 (Ethernet) >>>> RX packets 100093 bytes 52354831 (49.9 MiB) >>>> RX errors 0 dropped 0 overruns 0 frame 0 >>>> TX packets 25321 bytes 15791341 (15.0 MiB) >>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >>>> device memory 0xf7d00000-f7e00000 >>>> >>>> br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500 >>>> inet 10.31.99.226 netmask 255.255.252.0 broadcast >>>> 10.31.99.255 >>>> inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid >>>> 0x20<link> >>>> ether 38:ea:a7:92:ef:e5 txqueuelen 0 (Ethernet) >>>> RX packets 19619 bytes 1963328 (1.8 MiB) >>>> RX errors 0 dropped 0 overruns 0 frame 0 >>>> TX packets 11 bytes 1074 (1.0 KiB) >>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 >>>> >>>> Relevant section from /etc/libvirt/qemu/foo.xml (one of the VMs with >>>> this problem): >>>> >>>> <interface type='bridge'> >>>> <mac address='52:54:00:26:22:9d'/> >>>> <source bridge='br0'/> >>>> <model type='virtio'/> >>>> <address type='pci' domain='0x0000' bus='0x00' slot='0x03' >>>> function='0x0'/> >>>> </interface> >>>> >>>> I can provide additional information, if requested. thanks!