[fedora-virt] KVM bridge wonkiness in Fedora19

Lonni J Friedman netllama at gmail.com
Wed Aug 7 16:26:55 UTC 2013 

Currently, I have the following (defaults):
##############
# iptables --list --numeric
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24     ctstate
RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
REJECT     all  --  0.0.0.0/0            0.0.0.0/0
reject-with icmp-port-unreachable
REJECT     all  --  0.0.0.0/0            0.0.0.0/0
reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
################

This is identical to what I see on a Fedora16 host where the VMs are
accessible over the network.  What kind of rule would you suggest I
add?



On Wed, Aug 7, 2013 at 1:52 AM, Daniel Sanabria <sanabria.d at gmail.com> wrote:
> can you share your iptables config (iptables --list --numeric)?
>
> make sure you have a forward rule that matches when the physical device is
> bridge.
>
> Cheers,
>
> Daniel
>
>
> On 7 August 2013 06:19, Udayendu Sekhar kar <udayendu.kar at gmail.com> wrote:
>>
>> Hi there,
>>
>> I am using Fedora 19 and configured the bridge when my "NetworkManager" is
>> enabled. I am configuring the VPN through "NetworkManager", so I have to
>> keep it on. Here is the configuration from my test system which is working
>> absolutely fine.
>>
>>
>> ===========
>> # brctl show
>> bridge name bridge id STP enabled interfaces
>> br0 0080.5c260a8373dd no em1
>> virbr0 8000.5254004f366e yes virbr0-nic
>>
>> # cat /etc/sysconfig/network-scripts/ifcfg-em1
>> # Generated by dracut initrd
>> DEVICE="em1"
>> ONBOOT=yes
>> UUID="61632098-7161-42da-b97f-9e60148f589c"
>> BOOTPROTO="dhcp"
>> HWADDR="xx:xx:xx:xx:xx:xx"
>> TYPE=Ethernet
>> NAME="em1"
>> BRIDGE="br0"
>>
>> # cat /etc/sysconfig/network-scripts/ifcfg-br0
>> DEVICE="br0"
>> BOOTPROTO="dhcp"
>> TYPE="Bridge"
>> HWADDR="xx:xx:xx:xx:xx:xx"
>> MTU=9000
>> ONBOOT="yes"
>>
>>
>> # systemctl status NetworkManager.service
>> NetworkManager.service - Network Manager
>>    Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service;
>> enabled)
>>    Active: active (running) since Wed 2013-08-07 10:21:41 IST; 15min ago
>>  Main PID: 736 (NetworkManager)
>>    CGroup: name=systemd:/system/NetworkManager.service
>>            ├─ 736 /usr/sbin/NetworkManager --no-daemon
>>            └─1165 /sbin/dhclient -d -sf /usr/libexec/nm-dhcp-client.action
>> -pf /var/run/dhclient-br0.pid -lf
>> /var/lib/NetworkManager/dhclient-d2d68553-f97e-7549-7a26-b34a26f29318-br0.lease
>> -cf /var/lib/Ne...
>>
>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info>   domain search
>> 'pnq.redhat.com.'
>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info>   domain search
>> 'redhat.com.'
>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> Activation (br0)
>> Stage 5 of 5 (IPv4 Configure Commit) scheduled...
>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> Activation (br0)
>> Stage 5 of 5 (IPv4 Commit) started...
>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> (br0): device
>> state change: ip-config -> secondaries (reason 'none') [70 90 0]
>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Activation (br0)
>> Stage 5 of 5 (IPv4 Commit) complete.
>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> (br0): device
>> state change: secondaries -> activated (reason 'none') [90 100 0]
>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Policy set 'Bridge
>> br0' (br0) as default for IPv4 routing and DNS.
>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Activation (br0)
>> successful, device activated.
>> ============
>>
>> This configuration will help you to configure the bridge interface over
>> your em1 device while NetworkManager is on and also you can use the
>> NetworkManager to configure the VPN.
>>
>>
>> Thanks,
>> Uday !
>>
>>
>>
>>
>>
>>
>>
>> On Wed, Aug 7, 2013 at 4:30 AM, Lonni J Friedman <netllama at gmail.com>
>> wrote:
>>>
>>> Greetings,
>>> I'm attempting to get several virtual machines setup on a Fedora19
>>> host system, with the traditional bridge network devices (br0, br1,
>>> etc).   I've done this many times before with older versions of Fedora
>>> (16, 14, etc), and it just works.  However, for reasons that I cannot
>>> figure out, the bridge doesn't seem to be working in Fedora19.  While
>>> I can successfully connect to the outside world (local network +
>>> internet) from inside a VM, nothing can communicate with the VM from
>>> outside (local network).  I'm referring to something as trivial as
>>> pinging.  From inside the VM, I can ping anything successfully (0%
>>> packet loss).  However, from outside the VM (on the host, or any other
>>> system on the same network), I see 100% packet loss when pinging the
>>> IP address of the VM.
>>>
>>> My first question is simply, does anyone else have this working
>>> successfully in F19?  And if so, what steps did you need to follow?
>>>
>>> I'm not using NetworkManager at all, its all the network service.
>>> There are no firewalls involved anywhere (iptables & firewall services
>>> are currently disabled).  Here's the current host configuration:
>>>
>>>     # brctl show
>>>     bridge name    bridge id        STP enabled    interfaces
>>>     br0        8000.38eaa792efe5    no        em2
>>>                                 vnet1
>>>     br1        8000.38eaa792efe6    no        em3
>>>     br2        8000.38eaa792efe7    no        em4
>>>                                 vnet0
>>>     virbr0        8000.525400db3ebf    yes        virbr0-nic
>>>
>>>     # more /etc/sysconfig/network-scripts/ifcfg-em2
>>>     TYPE=Ethernet
>>>     BRIDGE="br0"
>>>     NAME=em2
>>>     DEVICE="em2"
>>>     UUID=aeaa839e-c89c-4d6e-9daa-79b6a1b919bd
>>>     ONBOOT=yes
>>>     HWADDR=38:EA:A7:92:EF:E5
>>>     NM_CONTROLLED="no"
>>>
>>>     # more /etc/sysconfig/network-scripts/ifcfg-br0
>>>     TYPE=Bridge
>>>     NM_CONTROLLED="no"
>>>     BOOTPROTO=dhcp
>>>     NAME=br0
>>>     DEVICE="br0"
>>>     ONBOOT=yes
>>>
>>>     # ifconfig em2 ;ifconfig br0
>>>     em2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>>>             inet6 fe80::3aea:a7ff:fe92:efe5  prefixlen 64  scopeid
>>> 0x20<link>
>>>             ether 38:ea:a7:92:ef:e5  txqueuelen 1000  (Ethernet)
>>>             RX packets 100093  bytes 52354831 (49.9 MiB)
>>>             RX errors 0  dropped 0  overruns 0  frame 0
>>>             TX packets 25321  bytes 15791341 (15.0 MiB)
>>>             TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>             device memory 0xf7d00000-f7e00000
>>>
>>>     br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
>>>             inet 10.31.99.226  netmask 255.255.252.0  broadcast
>>> 10.31.99.255
>>>             inet6 fe80::3aea:a7ff:fe92:efe5  prefixlen 64  scopeid
>>> 0x20<link>
>>>             ether 38:ea:a7:92:ef:e5  txqueuelen 0  (Ethernet)
>>>             RX packets 19619  bytes 1963328 (1.8 MiB)
>>>             RX errors 0  dropped 0  overruns 0  frame 0
>>>             TX packets 11  bytes 1074 (1.0 KiB)
>>>             TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
>>>
>>> Relevant section from /etc/libvirt/qemu/foo.xml (one of the VMs with
>>> this problem):
>>>
>>>     <interface type='bridge'>
>>>           <mac address='52:54:00:26:22:9d'/>
>>>           <source bridge='br0'/>
>>>           <model type='virtio'/>
>>>           <address type='pci' domain='0x0000' bus='0x00' slot='0x03'
>>> function='0x0'/>
>>>     </interface>
>>>
>>> I can provide additional information, if requested.  thanks!

More information about the virt mailing list