[libvirt] default networking issues

[Bryan Kearney]

Cole Robinson wrote:
> Bryan Kearney wrote:
>> Need some help about where to look next. I am running a Fedora 9 
>> machine, up to date on the releaed rpms. SELinux is permissive, iptables 
>> is stopped. I have followed the instructions for NAT forwarding [1]. 
>> When I launch a guest in virt manager it uses the default network, and 
>> is assigned an IP address in the 192.168.122 space. It can do dns 
>> resolution, but can not wget a known website (www.cnn.com). From my host 
>> machine, I can ssh into the guest.
>>
>> Where is the next place I should look. Is the fact that I am running in 
>> a corporate network causing me issues?
>>
>> Thanks!
>>
>> -- bk
>>
> 
> I've actually had similar issues with this. I would kick off an http
> install, it would get to anaconda, pull down a kickstart, and when
> it would start to pull the install kernel it would get nowhere.
> tcpdumping virbr0 would show that about every 5-10 seconds there
> would be some communication with the server, but no apparent
> progress. 
> 
> However this is only on my lenovo t61, tried both f8 and f9 host.
> The same exact workflow on multiple other boxes worked fine, all
> machines (laptop included) using wired networking. Tried with f8,
> f9, and rhel5 guests. So maybe its hardware specific?
> 
> I eventually just switched to bridged networking :/
> 

I think this is the voodoo.

1) Add the following lines to /etc/sysconfig/iptables in the OUTPUT 
chain of the *filter table:

--insert FORWARD --destination 192.168.122.0/255.255.255.0 
--out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump 
ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited

2) Restart iptables

3) Restart libvirtd

By doing (1), future reboots seem to work. But not doing (3) causes it 
to appear not to work. Do any of the virt tools do (1) magically for you?

-- bk