[libvirt-users] Starting libvirtd cuts off host access to external network

Daniel P. Berrange berrange at redhat.com
Fri Jun 24 09:12:55 UTC 2011

On Fri, Jun 24, 2011 at 12:14:50AM +0100, PLD wrote:
> I've spent some hours on this without success - any help greatly
> appreciated.
> I've just done a new RHEL6 setup, with a KVM guest (first time). The
> basic installation works fine until I start libvirtd; at this point,
> the host machine loses access to the external network:
> step 1: ping from host to network works; external machine on network
> can ping both eth0 and br1 on the host
> step 2: /sbin/service libvirtd start
> step 3: ping from host to network fails; external machine on the
> network can't ping either eth0 or br1 on the host
> Stopping libvirtd (/sbin/service libvirtd stop) makes no difference
> - the network remains unreachable.
> Any idea why this would happen? I have installed a kvm guest, using
> the default network script at
> /etc/libvirtd/qemu/networks/default.xml (although I've changed the
> IP addresses to be on my subnet, and the DHCP server returns only
> one address).

And therein lies your mistake, I believe. The libvirt virtual
network functionality is *not* for attaching your guests to
the physical LAN. If you want guests to have addresses on
the physical LAN, you want to just setup bridging for your
physical NICs and attach the guest to the bridge.

The libvirt virtual network functionality is for providing
NAT based connections to the guest, with the guest network
having a *different* IP range to the physical LAN. By
changing the libvirt network to have an IP address which
is on your LAN subnet, the firewall rules will likely have
killed all your host connectivity.

The virtual network stuff is not deactived when stopping
libvirtd. Instead use the following to stop it

  virsh net-destroy default
  virsh net-autostart --disable default

and the firewall rules should then go away.

> I have also configured a bridge; I've attached ifcfg-eth0,
> ifcfg-eth1, and ifcfg-br1 below. I haven't changed any iptables
> configuration. If I run the guest (also RHEL6) the guest can talk to
> the host, but it can't see the outside world.

Yes, this is what you want. Revert your changes to the default
virtual network and just use this bridge setup.

Basically you want to follow setup 2 here:


What you have tried todo is to use setup1 & 2 at the same
time which is not good :-)

|: http://berrange.com      -o-    http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org              -o-             http://virt-manager.org :|
|: http://autobuild.org       -o-         http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org       -o-       http://live.gnome.org/gtk-vnc :|

More information about the libvirt-users mailing list