[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

[libvirt-users] IPv4 routed virtual networks



OK, either I have taken a stupid pill and am missing something basic or routed network do not work.

I assume that, if they did work, it would be in more or less that same manner as a nat network as far as ping'ing, ssh'ing, etc. to another real host on the same real LAN as the virtualization host. At least that is what I believe I should expect.

I have googled for info and everything says that it should work. On of the referenced documents was this: http://berrange.com/posts/2009/12/13/routed-subnets-without-nat-for-libvirt-managed-virtual-machines-in-fedora/

I checked through everything and it all matches what is in the document. I can go from the guest to the host (ping, ssh, etc) but not from that guest to another real host on the same real LAN.

I am patching the relevant info below:

----------------------------------
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.p32p1.forwarding = 1
net.ipv4.conf.virbr8.forwarding = 1
--------------------------------
<network>
  <name>routed</name>
  <uuid>1b2a0197-e708-165c-f266-6822e73cfbdd</uuid>
  <forward dev='p32p1' mode='route'>
    <interface dev='p32p1'/>
  </forward>
  <bridge name='virbr8' stp='on' delay='0' />
  <mac address='52:54:00:B9:59:49'/>
  <domain name='routed'/>
  <ip address='192.168.123.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.123.128' end='192.168.123.254' />
    </dhcp>
  </ip>
</network>
-------------------------------
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source destination
0 0 ACCEPT udp -- virbr8 * 0.0.0.0/0 0.0.0.0/0 udp dpt:53 0 0 ACCEPT tcp -- virbr8 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:53 0 0 ACCEPT udp -- virbr8 * 0.0.0.0/0 0.0.0.0/0 udp dpt:67 0 0 ACCEPT tcp -- virbr8 * 0.0.0.0/0 0.0.0.0/0 tcp dpt:67


Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source destination
    0     0 ACCEPT     all  --  p32p1  virbr8  0.0.0.0/0 192.168.123.0/24
    0     0 ACCEPT     all  --  virbr8 p32p1   192.168.123.0/24 0.0.0.0/0
    0     0 ACCEPT     all  --  virbr8 virbr8  0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr8 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- virbr8 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable

------------------------------

This is Fedora 17 with an updated libvirt 0.10.1-4.fc17 [another system with the same "problem" is running libvirt 0.10.2-1.fc17].

Anyone know what is going on?

BTW, I searched bugzilla for the comment containing the string routed filed against packages libvirt, qemu, qemu-kvm, or kvm ...Result .. no hits!

If this is really a bug rather than something I did or did not do, then nobody is using routed virtual networks.

BTW, I have a real F17 systems sitting between to networks on two different NICs and it routes things nicely, thank you very much. It does work but not for the virtual networks.

I would really like it to be something I am missing.

Gene


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]