[fedora-virt] Routing only works in one direction
Philip Rhoades
phil at pricom.com.au
Fri Sep 23 17:00:13 UTC 2011
Rich,
On 2011-09-24 02:23, Richard W.M. Jones wrote:
> On Sat, Sep 24, 2011 at 02:13:57AM +1000, Philip Rhoades wrote:
>> Rich,
>>
>>
>> On 2011-09-24 00:13, Richard W.M. Jones wrote:
>> >On Fri, Sep 23, 2011 at 12:43:12AM +1000, Philip Rhoades wrote:
>> >>People,
>> >>
>> >>I have been installing virtual machines for a while on a Fedora 14
>> >>x86_64 system (the most recent one was F16 Alpha i686) and I
>> >>have always
>> >>managed to be able to test what I wanted to but ssh-ing from the
>> >>host to
>> >>the virtual machines has never worked (it always works the other
>> way
>> >>around). I get:
>> >>
>> >> ssh: connect to host 192.168.122.139 port 22: No route to host
>> >>
>> >>ifconfig shows:
>> >>
>> >> virbr0 Link encap:Ethernet HWaddr FE:54:00:9F:96:2F
>> >> inet addr:192.168.122.1 Bcast:192.168.122.255
>> >>Mask:255.255.255.0
>> >>
>> >>route shows:
>> >>
>> >> 192.168.122.0 * 255.255.255.0 U 0 0
>> >>0 virbr0
>> >>
>> >>so why the error message?
>> >
>> >There's not enough information here to answer the question,
>>
>>
>> What other info is needed?
>
> I'd want to see the *full* output from:
>
> - ifconfig -a
eth0 Link encap:Ethernet HWaddr 00:1C:C0:FA:85:E6
inet addr:10.1.1.10 Bcast:10.1.1.255 Mask:255.255.255.0
inet6 addr: fe80::21c:c0ff:fefa:85e6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4184 errors:0 dropped:0 overruns:0 frame:0
TX packets:4297 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2345423 (2.2 MiB) TX bytes:649997 (634.7 KiB)
Interrupt:20 Memory:d0600000-d0620000
eth1 Link encap:Ethernet HWaddr 00:1F:11:01:25:AE
inet addr:192.168.0.200 Bcast:192.168.0.255
Mask:255.255.255.0
inet6 addr: fe80::21f:11ff:fe01:25ae/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:5749 (5.6 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:21009 errors:0 dropped:0 overruns:0 frame:0
TX packets:21009 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:4079213 (3.8 MiB) TX bytes:4079213 (3.8 MiB)
virbr0 Link encap:Ethernet HWaddr FE:54:00:83:C5:2A
inet addr:192.168.122.1 Bcast:192.168.122.255
Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:27 errors:0 dropped:0 overruns:0 frame:0
TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:5164 (5.0 KiB) TX bytes:5199 (5.0 KiB)
vnet0 Link encap:Ethernet HWaddr FE:54:00:83:C5:2A
inet6 addr: fe80::fc54:ff:fe83:c52a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:29 errors:0 dropped:0 overruns:0 frame:0
TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:5722 (5.5 KiB) TX bytes:5292 (5.1 KiB)
> - netstat -rn
Kernel IP routing table
Destination Gateway Genmask Flags MSS Window
irtt Iface
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0
0 eth1
10.1.1.0 0.0.0.0 255.255.255.0 U 0 0
0 eth0
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0
0 virbr0
0.0.0.0 10.1.1.1 0.0.0.0 UG 0 0
0 eth0
> - iptables -L -n
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
block all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
RELATED,ESTABLISHED
ACCEPT tcp -- 149.171.173.169 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 203.166.81.114 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 203.206.181.78 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 180.189.137.63 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 59.167.251.17 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 144.136.70.171 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 65.99.230.42 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 203.84.234.5 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 12.45.85.174 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 27.33.171.236 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 24.62.160.127 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 10.1.1.0/24 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 192.168.0.0/24 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 192.168.1.0/24 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 192.168.122.0/24 0.0.0.0/0 tcp dpt:22
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED tcp dpt:25 flags:
0x17/0x02
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED tcp dpt:53 flags:
0x17/0x02
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED tcp dpt:80
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED tcp dpt:8080
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED tcp dpt:443
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED tcp dpt:465
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED tcp dpt:993
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED tcp dpt:2049
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED tcp dpt:2401
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED tcp dpt:3128 flag
s:0x17/0x02
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED tcp dpt:5900 flag
s:0x17/0x02
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 state
NEW,ESTABLISHED tcp dpt:5901 flag
s:0x17/0x02
ACCEPT udp -- 149.171.173.169 0.0.0.0/0 udp spt:53
ACCEPT udp -- 203.166.81.114 0.0.0.0/0 udp spt:53
ACCEPT udp -- 203.206.181.78 0.0.0.0/0 udp dpt:53
ACCEPT udp -- 180.189.137.63 0.0.0.0/0 udp spt:53
ACCEPT udp -- 59.167.251.17 0.0.0.0/0 udp spt:53
ACCEPT udp -- 58.172.176.250 0.0.0.0/0 udp spt:53
ACCEPT udp -- 203.84.234.5 0.0.0.0/0 udp spt:53
ACCEPT udp -- 12.45.85.174 0.0.0.0/0 udp spt:53
ACCEPT udp -- 10.1.1.0/24 0.0.0.0/0 udp spt:53
ACCEPT udp -- 192.168.0.0/24 0.0.0.0/0 udp spt:53
ACCEPT udp -- 192.168.1.0/24 0.0.0.0/0 udp spt:53
ACCEPT udp -- 192.168.122.0/24 0.0.0.0/0 udp spt:53
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp
flags:0x17/0x02 reject-with icmp-po
rt-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp
reject-with icmp-port-unreachable
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 state
RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
Chain OUTPUT (policy DROP)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 state
NEW,RELATED,ESTABLISHED
Chain block (1 references)
target prot opt source destination
REJECT tcp -- 61.115.230.182 0.0.0.0/0 tcp
reject-with icmp-port-unreachable
REJECT udp -- 61.115.230.182 0.0.0.0/0 udp
reject-with icmp-port-unreachable
REJECT tcp -- 80.31.213.120 0.0.0.0/0 tcp
reject-with icmp-port-unreachable
REJECT udp -- 80.31.213.120 0.0.0.0/0 udp
reject-with icmp-port-unreachable
REJECT tcp -- 89.97.225.114 0.0.0.0/0 tcp
reject-with icmp-port-unreachable
REJECT udp -- 89.97.225.114 0.0.0.0/0 udp
reject-with icmp-port-unreachable
REJECT tcp -- 209.239.43.72 0.0.0.0/0 tcp
reject-with icmp-port-unreachable
REJECT udp -- 209.239.43.72 0.0.0.0/0 udp
reject-with icmp-port-unreachable
REJECT tcp -- 239.255.255.250 0.0.0.0/0 tcp
reject-with icmp-port-unreachable
REJECT udp -- 239.255.255.250 0.0.0.0/0 udp
reject-with icmp-port-unreachable
REJECT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp source
IP range 213.198.1.1-213.198
.255.255 reject-with icmp-port-unreachable
REJECT udp -- 0.0.0.0/0 0.0.0.0/0 udp source
IP range 213.198.1.1-213.198
.255.255 reject-with icmp-port-unreachable
> - brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.fe540083c52a yes vnet0
> Plus maybe try tcpdump'ing the connection?
eth0 ?
Thanks,
Phil.
--
Philip Rhoades
GPO Box 3411
Sydney NSW 2001
Australia
E-mail: phil at pricom.com.au
More information about the virt
mailing list