[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [libvirt-users] ICMP into guest not "working"



On 12/22/2010 04:02 PM, David Lane wrote:
Good afternoon.

I have a RHEL6 host, running RHEL 3.8 as a guest. The NIC is bridged. From the guest, I can ping successfully to a variety of network devices. From the host, I can ping successfully to a variety of network devices AND the guest OS. But from my workstation, I can only ping the HOST, not the guest. And it looks like the packets are being discarded.

IPtables is NOT enabled on either the guest or the host (our application does not support iptables filtering - go figure).

I am seeing lots of documentation for enabling outbound pings from guest, but very little about enabling inbound pings. And again, our software relies on pings for parts of its operations and validations.

Any clues as to what I might have missed?

Just a long shot - what does "sysctl net.bridge.bridge-nf-call-iptables" on the host show? If it's set to 1, try setting it to 0. Alternately, you can make sure the following rule is in iptables:

   iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT

(I'm thinking this shouldn't matter, as I had thought having it wrong would prevent *outbound* connections as well, but it's worth looking at).

BTW, is it just icmp that isn't allowed incoming, or does ssh (for example) also not get in?

Have you run wireshark on the bridge interface, or on the host tap interface connecting the guest to the bridge? That might give you more clues as to where it's getting lost.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]