[fedora-virt] KVM bridge wonkiness in Fedora19
Lonni J Friedman
netllama at gmail.com
Wed Aug 7 16:56:16 UTC 2013
*sigh* I'm an idiot. Somehow in all of this setup, I neglected to
actually assign the static IP addresses to the VMs, and they were
still using randomly DHCP assigned IPs. Thus, attempts to connect to
the VMs with the static IP/hostname were failing. Once I fixed this,
everything worked fine.
Sorry for wasting everyone's time.
On Wed, Aug 7, 2013 at 9:53 AM, Dennis Jacobfeuerborn
<dennisml at conversis.de> wrote:
> What are the values for the bridge-nf-call-* proc settings on your system?
>
> [root at nexus ~]# ls -l /proc/sys/net/bridge/bridge-nf-call-*
> -rw-r--r--. 1 root root 0 7. Aug 18:47
> /proc/sys/net/bridge/bridge-nf-call-arptables
> -rw-r--r--. 1 root root 0 7. Aug 18:47
> /proc/sys/net/bridge/bridge-nf-call-ip6tables
> -rw-r--r--. 1 root root 0 7. Aug 18:47
> /proc/sys/net/bridge/bridge-nf-call-iptables
>
> The bridge traffic probably gets firewalled. I see an "ACCEPT" rule with
> source 192.168.122.0/24 so if you are using this network for a guest then
> that would exlain why you can access the outside world but cannot ping the
> VM's from elsewhere. Try to set the above three settings to 0 and test
> again.
>
> Regards,
> Dennis
>
>
> On 07.08.2013 18:26, Lonni J Friedman wrote:
>>
>> Currently, I have the following (defaults):
>> ##############
>> # iptables --list --numeric
>> Chain INPUT (policy ACCEPT)
>> target prot opt source destination
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
>> ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
>> ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
>>
>> Chain FORWARD (policy ACCEPT)
>> target prot opt source destination
>> ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate
>> RELATED,ESTABLISHED
>> ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
>> ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
>> REJECT all -- 0.0.0.0/0 0.0.0.0/0
>> reject-with icmp-port-unreachable
>> REJECT all -- 0.0.0.0/0 0.0.0.0/0
>> reject-with icmp-port-unreachable
>>
>> Chain OUTPUT (policy ACCEPT)
>> target prot opt source destination
>> ################
>>
>> This is identical to what I see on a Fedora16 host where the VMs are
>> accessible over the network. What kind of rule would you suggest I
>> add?
>>
>>
>>
>> On Wed, Aug 7, 2013 at 1:52 AM, Daniel Sanabria <sanabria.d at gmail.com>
>> wrote:
>>>
>>> can you share your iptables config (iptables --list --numeric)?
>>>
>>> make sure you have a forward rule that matches when the physical device
>>> is
>>> bridge.
>>>
>>> Cheers,
>>>
>>> Daniel
>>>
>>>
>>> On 7 August 2013 06:19, Udayendu Sekhar kar <udayendu.kar at gmail.com>
>>> wrote:
>>>>
>>>>
>>>> Hi there,
>>>>
>>>> I am using Fedora 19 and configured the bridge when my "NetworkManager"
>>>> is
>>>> enabled. I am configuring the VPN through "NetworkManager", so I have to
>>>> keep it on. Here is the configuration from my test system which is
>>>> working
>>>> absolutely fine.
>>>>
>>>>
>>>> ===========
>>>> # brctl show
>>>> bridge name bridge id STP enabled interfaces
>>>> br0 0080.5c260a8373dd no em1
>>>> virbr0 8000.5254004f366e yes virbr0-nic
>>>>
>>>> # cat /etc/sysconfig/network-scripts/ifcfg-em1
>>>> # Generated by dracut initrd
>>>> DEVICE="em1"
>>>> ONBOOT=yes
>>>> UUID="61632098-7161-42da-b97f-9e60148f589c"
>>>> BOOTPROTO="dhcp"
>>>> HWADDR="xx:xx:xx:xx:xx:xx"
>>>> TYPE=Ethernet
>>>> NAME="em1"
>>>> BRIDGE="br0"
>>>>
>>>> # cat /etc/sysconfig/network-scripts/ifcfg-br0
>>>> DEVICE="br0"
>>>> BOOTPROTO="dhcp"
>>>> TYPE="Bridge"
>>>> HWADDR="xx:xx:xx:xx:xx:xx"
>>>> MTU=9000
>>>> ONBOOT="yes"
>>>>
>>>>
>>>> # systemctl status NetworkManager.service
>>>> NetworkManager.service - Network Manager
>>>> Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service;
>>>> enabled)
>>>> Active: active (running) since Wed 2013-08-07 10:21:41 IST; 15min
>>>> ago
>>>> Main PID: 736 (NetworkManager)
>>>> CGroup: name=systemd:/system/NetworkManager.service
>>>> ├─ 736 /usr/sbin/NetworkManager --no-daemon
>>>> └─1165 /sbin/dhclient -d -sf
>>>> /usr/libexec/nm-dhcp-client.action
>>>> -pf /var/run/dhclient-br0.pid -lf
>>>>
>>>> /var/lib/NetworkManager/dhclient-d2d68553-f97e-7549-7a26-b34a26f29318-br0.lease
>>>> -cf /var/lib/Ne...
>>>>
>>>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> domain search
>>>> 'pnq.redhat.com.'
>>>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> domain search
>>>> 'redhat.com.'
>>>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> Activation (br0)
>>>> Stage 5 of 5 (IPv4 Configure Commit) scheduled...
>>>> Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> Activation (br0)
>>>> Stage 5 of 5 (IPv4 Commit) started...
>>>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> (br0): device
>>>> state change: ip-config -> secondaries (reason 'none') [70 90 0]
>>>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Activation (br0)
>>>> Stage 5 of 5 (IPv4 Commit) complete.
>>>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> (br0): device
>>>> state change: secondaries -> activated (reason 'none') [90 100 0]
>>>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Policy set
>>>> 'Bridge
>>>> br0' (br0) as default for IPv4 routing and DNS.
>>>> Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Activation (br0)
>>>> successful, device activated.
>>>> ============
>>>>
>>>> This configuration will help you to configure the bridge interface over
>>>> your em1 device while NetworkManager is on and also you can use the
>>>> NetworkManager to configure the VPN.
>>>>
>>>>
>>>> Thanks,
>>>> Uday !
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> On Wed, Aug 7, 2013 at 4:30 AM, Lonni J Friedman <netllama at gmail.com>
>>>> wrote:
>>>>>
>>>>>
>>>>> Greetings,
>>>>> I'm attempting to get several virtual machines setup on a Fedora19
>>>>> host system, with the traditional bridge network devices (br0, br1,
>>>>> etc). I've done this many times before with older versions of Fedora
>>>>> (16, 14, etc), and it just works. However, for reasons that I cannot
>>>>> figure out, the bridge doesn't seem to be working in Fedora19. While
>>>>> I can successfully connect to the outside world (local network +
>>>>> internet) from inside a VM, nothing can communicate with the VM from
>>>>> outside (local network). I'm referring to something as trivial as
>>>>> pinging. From inside the VM, I can ping anything successfully (0%
>>>>> packet loss). However, from outside the VM (on the host, or any other
>>>>> system on the same network), I see 100% packet loss when pinging the
>>>>> IP address of the VM.
>>>>>
>>>>> My first question is simply, does anyone else have this working
>>>>> successfully in F19? And if so, what steps did you need to follow?
>>>>>
>>>>> I'm not using NetworkManager at all, its all the network service.
>>>>> There are no firewalls involved anywhere (iptables & firewall services
>>>>> are currently disabled). Here's the current host configuration:
>>>>>
>>>>> # brctl show
>>>>> bridge name bridge id STP enabled interfaces
>>>>> br0 8000.38eaa792efe5 no em2
>>>>> vnet1
>>>>> br1 8000.38eaa792efe6 no em3
>>>>> br2 8000.38eaa792efe7 no em4
>>>>> vnet0
>>>>> virbr0 8000.525400db3ebf yes virbr0-nic
>>>>>
>>>>> # more /etc/sysconfig/network-scripts/ifcfg-em2
>>>>> TYPE=Ethernet
>>>>> BRIDGE="br0"
>>>>> NAME=em2
>>>>> DEVICE="em2"
>>>>> UUID=aeaa839e-c89c-4d6e-9daa-79b6a1b919bd
>>>>> ONBOOT=yes
>>>>> HWADDR=38:EA:A7:92:EF:E5
>>>>> NM_CONTROLLED="no"
>>>>>
>>>>> # more /etc/sysconfig/network-scripts/ifcfg-br0
>>>>> TYPE=Bridge
>>>>> NM_CONTROLLED="no"
>>>>> BOOTPROTO=dhcp
>>>>> NAME=br0
>>>>> DEVICE="br0"
>>>>> ONBOOT=yes
>>>>>
>>>>> # ifconfig em2 ;ifconfig br0
>>>>> em2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>> inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid
>>>>> 0x20<link>
>>>>> ether 38:ea:a7:92:ef:e5 txqueuelen 1000 (Ethernet)
>>>>> RX packets 100093 bytes 52354831 (49.9 MiB)
>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>> TX packets 25321 bytes 15791341 (15.0 MiB)
>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>> device memory 0xf7d00000-f7e00000
>>>>>
>>>>> br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
>>>>> inet 10.31.99.226 netmask 255.255.252.0 broadcast
>>>>> 10.31.99.255
>>>>> inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid
>>>>> 0x20<link>
>>>>> ether 38:ea:a7:92:ef:e5 txqueuelen 0 (Ethernet)
>>>>> RX packets 19619 bytes 1963328 (1.8 MiB)
>>>>> RX errors 0 dropped 0 overruns 0 frame 0
>>>>> TX packets 11 bytes 1074 (1.0 KiB)
>>>>> TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
>>>>>
>>>>> Relevant section from /etc/libvirt/qemu/foo.xml (one of the VMs with
>>>>> this problem):
>>>>>
>>>>> <interface type='bridge'>
>>>>> <mac address='52:54:00:26:22:9d'/>
>>>>> <source bridge='br0'/>
>>>>> <model type='virtio'/>
>>>>> <address type='pci' domain='0x0000' bus='0x00' slot='0x03'
>>>>> function='0x0'/>
>>>>> </interface>
>>>>>
>>>>> I can provide additional information, if requested. thanks!
More information about the virt
mailing list