[libvirt-users] http problem with (a particular url) and default (nat) networking

John McFarlane jmcfarlane at rockfloat.com
Sun Jan 27 00:30:41 UTC 2013


At work I have a script that provisions a vm for use by employees.  One
step in this process is to fetch hadoop, which we happen to get from
cloudera.  I noticed the script always failed when I used libvirt's default
networking (nat) but worked fine when I used user mode networking. My
instinct is that this is related to (potentially uncommon) network traffic
from the server in question, and the iptables rules added by libvirt.

Repro steps:

1. Create a vm (I tested with linux and freebsd guests) using default
libvirt networking settings (<interface type='network'>).
2. wget, curl, fetch:
http://archive.cloudera.com/one-click-install/lucid/cdh3-repository_1.0_all.deb

Observe it will "hang". If you use strace you'll see it block on the select
call.

My particular host is using a virbr0 network bridge, with the following
iptables rules:

$ iptables -S -v -Z
-P INPUT ACCEPT -c 404828 91071544
-P FORWARD ACCEPT -c 0 0
-P OUTPUT ACCEPT -c 402905 45139291
-A INPUT -i virbr0 -p udp -m udp --dport 53 -c 26 1703 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -c 0 0 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -c 70 22960 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -c 0 0 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m state --state
RELATED,ESTABLISHED -c 1191 1495856 -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -c 853 64266 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -c 6 1968 -j ACCEPT
-A FORWARD -o virbr0 -c 0 0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -c 0 0 -j REJECT --reject-with icmp-port-unreachable
Zeroing chain `INPUT'
Zeroing chain `FORWARD'
Zeroing chain `OUTPUT'

I'm not sure how best to diagnose this problem. Any ideas or tips?

Thanks!

John M.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20130126/849ce289/attachment.htm>


More information about the libvirt-users mailing list