[libvirt-users] IPv4 routed virtual networks

Gene Czarcinski gene at czarc.net
Wed Oct 3 19:08:33 UTC 2012 

OK, either I have taken a stupid pill and am missing something basic or 
routed network do not work.

I assume that, if they did work, it would be in more or less that same 
manner as a nat network as far as ping'ing, ssh'ing, etc. to another 
real host on the same real LAN as the virtualization host. At least that 
is what I believe I should expect.

I have googled for info and everything says that it should work.  On of 
the referenced documents was this: 
http://berrange.com/posts/2009/12/13/routed-subnets-without-nat-for-libvirt-managed-virtual-machines-in-fedora/

I checked through everything and it all matches what is in the 
document.  I can go from the guest to the host (ping, ssh, etc) but not 
from that guest to another real host on the same real LAN.

I am patching the relevant info below:

----------------------------------
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.p32p1.forwarding = 1
net.ipv4.conf.virbr8.forwarding = 1
--------------------------------
<network>
   <name>routed</name>
   <uuid>1b2a0197-e708-165c-f266-6822e73cfbdd</uuid>
   <forward dev='p32p1' mode='route'>
     <interface dev='p32p1'/>
   </forward>
   <bridge name='virbr8' stp='on' delay='0' />
   <mac address='52:54:00:B9:59:49'/>
   <domain name='routed'/>
   <ip address='192.168.123.1' netmask='255.255.255.0'>
     <dhcp>
       <range start='192.168.123.128' end='192.168.123.254' />
     </dhcp>
   </ip>
</network>
-------------------------------
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source destination
     0     0 ACCEPT     udp  --  virbr8 *       0.0.0.0/0 
0.0.0.0/0            udp dpt:53
     0     0 ACCEPT     tcp  --  virbr8 *       0.0.0.0/0 
0.0.0.0/0            tcp dpt:53
     0     0 ACCEPT     udp  --  virbr8 *       0.0.0.0/0 
0.0.0.0/0            udp dpt:67
     0     0 ACCEPT     tcp  --  virbr8 *       0.0.0.0/0 
0.0.0.0/0            tcp dpt:67


Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
  pkts bytes target     prot opt in     out     source destination
     0     0 ACCEPT     all  --  p32p1  virbr8  0.0.0.0/0 192.168.123.0/24
     0     0 ACCEPT     all  --  virbr8 p32p1   192.168.123.0/24 0.0.0.0/0
     0     0 ACCEPT     all  --  virbr8 virbr8  0.0.0.0/0 0.0.0.0/0
     0     0 REJECT     all  --  *      virbr8  0.0.0.0/0 
0.0.0.0/0            reject-with icmp-port-unreachable
     0     0 REJECT     all  --  virbr8 *       0.0.0.0/0 
0.0.0.0/0            reject-with icmp-port-unreachable

------------------------------

This is Fedora 17 with an updated libvirt 0.10.1-4.fc17 [another system 
with the same "problem" is running libvirt 0.10.2-1.fc17].

Anyone know what is going on?

BTW, I searched bugzilla for the comment containing the string routed 
filed against packages libvirt, qemu, qemu-kvm, or kvm ...Result .. no hits!

If this is really a bug rather than something I did or did not do, then 
nobody is using routed virtual networks.

BTW, I have a real F17 systems sitting between to networks on two 
different NICs and it routes things nicely, thank you very much.  It 
does work but not for the virtual networks.

I would really like it to be something I am missing.

Gene

More information about the libvirt-users mailing list