[libvirt-users] Problems with VM networking on Ubuntu Quantal
Dale Amon
amon at vnl.com
Fri Jan 18 04:24:06 UTC 2013
On Tue, Jan 08, 2013 at 01:55:16PM -0500, Laine Stump wrote:
> On 01/02/2013 06:10 AM, Dale Amon wrote:
> > I have shifted some VM's to a new server running Quantal
> > and have had a world of trouble. The first one was caused
> > by issues with an apparently compiled in path in their
> > apparmor version which forced VM pools to be in /srv or
> > similar rather than where I wanted them. For now this was
> > not a big issue, and thankfully the server where it would
> > be a big time problem (there are individual drives per
> > major customer or user) is Debian.
> >
> > But... I still have issues. The networking has changed
> > considerably and although I can get my VM running, I cannot
> > reach it.
> >
> > The new quantal machines give you something like this:
> >
> > br0 Link encap:Ethernet HWaddr ****
> > inet addr:10.0.0.xx Bcast:10.0.0.255 Mask:255.255.255.0
> > inet6 addr: *****/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> >
> > lo Link encap:Local Loopback
> > inet addr:127.0.0.1 Mask:255.0.0.0
> > inet6 addr: ::1/128 Scope:Host
> > UP LOOPBACK RUNNING MTU:16436 Metric:1
> >
> > p6p1 Link encap:Ethernet HWaddr ****
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> >
> > virbr0 Link encap:Ethernet HWaddr ****
> > inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0
> > UP BROADCAST MULTICAST MTU:1500 Metric:1
> >
> > vnet0 Link encap:Ethernet HWaddr fe:54:00:84:3c:4f
> > inet6 addr: fe80::fc54:ff:fe84:3c4f/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> >
> > The VM machine has a static ip on the same network, ie 10.0.0.x. It
> > worked fine on the old server but is not reachable (and cannot
> > connect outward).
> >
> > Forwarding is turned on:
> > cat /proc/sys/net/ipv4/ip_forward
> > 1
>
> Since you say the guests have 10.0.0.x IP addresses, I'm assuming that
> they are connected to br0, and not virbr0 ("virsh dumpxml $guestname" or
> "brctl show" would give that information). If that's the case, then the
> setting of ip_forward is irrelevent, since the forwarding will be done
> at L2 by the Linux host bridge, not at L3 by IP.
>
> It's possible that net.bridge.bridge-nf-call-iptables is set to 1
> ("sysctl net.bridge.bridge-nf-call-iptables"), which would mean that all
> guest traffic would go through iptables as it crossed the bridge, and
> some rule in your host's filters might be blocking it. You can set that
> to 0 in /etc/sysctl.conf (followed by "sysctl -p").
>
> To see if traffic is being blocked by iptables, you can run this script
> on the host, then try sending traffic from the guest and see if new
> lines are printed out:
>
> while true; do iptables -S -v -Z | grep -v "c 0 " | grep REJECT; sleep
> 1; done
>
> For some other ideas of what might be going wrong, look at the
> network-related topics in the libvirt wiki troubleshooting guide:
>
> http://wiki.libvirt.org/page/Troubleshooting
>
> If you find that you have a problem not already covered there, feel free
> to add a new entry describing your problem and the eventual solution.
>
> > The VM has
> >
> > eth0 Link encap:Ethernet HWaddr ****
> > inet addr:10.0.0.xx Bcast:10.0.0.255 Mask:255.255.255.0
> > inet6 addr: *****/64 Scope:Link
> > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
> >
> > lo Link encap:Local Loopback
> > inet addr:127.0.0.1 Mask:255.0.0.0
> > inet6 addr: ::1/128 Scope:Host
> > UP LOOPBACK RUNNING MTU:16436 Metric:1
> >
> > An attempt to ping from the VM to anything outside gives a "Destination
> > host unreachable" message.
> >
> > It has been a long time since I set the old machine up, so I
> > may well have forgotten some step.
I tried the command:
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.902b34525ea7 no p6p1
vnet0
virbr0 8000.000000000000 yes
As to iptables, there is no nothing set up on this machine
at present as it sits behind a MASQ firewall.
Any other suggestions? Any info I could supply you that would
be useful?
More information about the libvirt-users
mailing list