[libvirt-users] ICMP into guest not "working"

Laine Stump laine at laine.org
Thu Dec 23 01:57:36 UTC 2010


On 12/22/2010 04:02 PM, David Lane wrote:
> Good afternoon.
>
> I have a RHEL6 host, running RHEL 3.8 as a guest.  The NIC is 
> bridged.  From the guest, I can ping successfully to a variety of 
> network devices.  From the host, I can ping successfully to a variety 
> of network devices AND the guest OS.  But from my workstation, I can 
> only ping the HOST, not the guest.  And it looks like the packets are 
> being discarded.
>
> IPtables is NOT enabled on either the guest or the host (our 
> application does not support iptables filtering - go figure).
>
> I am seeing lots of documentation for enabling outbound pings from 
> guest, but very little about enabling inbound pings.  And again, our 
> software relies on pings for parts of its operations and validations.
>
> Any clues as to what I might have missed?

Just a long shot - what does "sysctl net.bridge.bridge-nf-call-iptables" 
on the host show? If it's set to 1, try setting it to 0. Alternately, 
you can make sure the following rule is in iptables:

    iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT

(I'm thinking this shouldn't matter, as I had thought having it wrong 
would prevent *outbound* connections as well, but it's worth looking at).

BTW, is it just icmp that isn't allowed incoming, or does ssh (for 
example) also not get in?

Have you run wireshark on the bridge interface, or on the host tap 
interface connecting the guest to the bridge? That might give you more 
clues as to where it's getting lost.




More information about the libvirt-users mailing list