[libvirt-users] Can't get cable connection working on virtual router machine

Daniel Sanabria sanabria.d at gmail.com
Tue Sep 1 15:37:50 UTC 2015 

Hi Phil,

But you said you disabled firewalld which makes me wonder if you have the
necessary forwarding rules active.

Dan

On 1 September 2015 at 13:48, Phill Edwards <philledwards at gmail.com> wrote:

> Hi Ajey, I thought I already was doing bridge mode. Below are the network
> interface definitions from the XML config file for the Sophos VM. (Note
> that it's actually the middle definition which is connected to the cable
> modem which is different to how I showed it in the earlier diagram). What I
> don't understand is that the interface type says "direct" in the XML even
> though in virt-manager it shows up as "Bridge":
>
> [image: Inline image 1]
>
>
>     <interface type='bridge'>
>       <mac address='52:54:00:63:2e:15'/>
>       <source bridge='br0'/>
>       <model type='virtio'/>
>       <address type='pci' domain='0x0000' bus='0x00' slot='0x03'
> function='0x0'/>
>     </interface>
>     <interface type='direct'>
>       <mac address='00:0c:29:79:d4:e8'/>
>       <source dev='enp5s0f0' mode='bridge'/>
>       <model type='virtio'/>
>       <address type='pci' domain='0x0000' bus='0x00' slot='0x04'
> function='0x0'/>
>     </interface>
>     <interface type='direct'>
>       <mac address='52:54:00:42:33:92'/>
>       <source dev='enp5s0f1' mode='bridge'/>
>       <model type='virtio'/>
>       <address type='pci' domain='0x0000' bus='0x00' slot='0x05'
> function='0x0'/>
>     </interface>
>
>
> Regards,
> Phill
>
> On Tue, Sep 1, 2015 at 10:25 PM, Ajey Gore <ajeygore at gmail.com> wrote:
>
>> does you cable modem give you automatically the IP address? if thats the
>> case then you need to do bridge configuration between nic3 and macvtap dhcp
>> ip
>>
>> and then you will be able to get dhcp attached IP to sophos vm
>>
>> - ajey
>>
>>
>>
>> On Tue, Sep 1, 2015 at 4:33 PM, Phill Edwards <philledwards at gmail.com>
>> wrote:
>>
>>> Hi, I'm not sure what sort of diagram you mean, but I'll have a try.
>>> Does this help? It sounds like I need to do something to enable routing on
>>> what I've labelled "NIC3" on the diagram - can you please explain what I
>>> need to do?
>>>
>>> <image.png>
>>>
>>>
>>> Regards,
>>> Phill
>>>
>>> On Tue, Sep 1, 2015 at 4:53 PM, Ajey Gore <ajeygore at gmail.com> wrote:
>>>
>>>> Can you please drop a rough diagram here? I think you are routing
>>>> through this VM and must have shared the host interface.
>>>>
>>>> - ajey
>>>>
>>>>
>>>>
>>>> On Tue, Sep 1, 2015 at 7:39 AM, Phill Edwards <philledwards at gmail.com>
>>>> wrote:
>>>>
>>>>> I'm pretty new to KVM and have a KVM CentOS 7.1 hypervisor running a
>>>>> few VMs. I'm moving all my VMs from an ESXi host as I want to use KVM in
>>>>> future. Most of my VMs are working except for one which is running a Sophos
>>>>> UTM router (Sophos UTM is similar to products like pfSense
>>>>> <https://www.pfsense.org/>, Smoothwall <http://www.smoothwall.org/>
>>>>> etc).
>>>>>
>>>>> The host has 3 physical NICs which are configured on the Sophos VM as:
>>>>> 1) LAN (fixed IP)
>>>>> 2) DMZ (fixed IP)
>>>>> 3) WAN (which is directly plugged into a cable modem for the internet
>>>>> connection and is configured DHCP).
>>>>>
>>>>> I have imported the settings from the "old" Sophos machine so I know
>>>>> the configuration of the new one is identical to the old one. I have even
>>>>> tried configuring the NICs to have the same MAC addresses as the old one.
>>>>>
>>>>> The problem is that no matter what I try I cannot get the WAN NIC to
>>>>> get an internet link up and running with my cable modem. I have
>>>>> re-installed the VM countless times, turned off the modem and VM, done a
>>>>> factory reset of the modem, and, as I mentioned, ensured the MAC addresses
>>>>> are the same. Nothing I try has been successful.
>>>>>
>>>>> The network interfaces on the new Sophos VM look like this:
>>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>>>>> state UP group default qlen 1000
>>>>> link/ether 00:0c:29:79:d4:de brd ff:ff:ff:ff:ff:ff
>>>>> inet 192.168.0.254/24 brd 192.168.0.255 scope global eth0
>>>>> valid_lft forever preferred_lft forever
>>>>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast
>>>>> state UP group default qlen 1000
>>>>> link/ether 00:0c:29:79:d4:e8 brd ff:ff:ff:ff:ff:ff
>>>>> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
>>>>> state UP group default qlen 1000
>>>>> link/ether 00:0c:29:79:d4:f2 brd ff:ff:ff:ff:ff:ff
>>>>> inet 192.168.1.254/24 brd 192.168.1.255 scope global eth2
>>>>> valid_lft forever preferred_lft forever
>>>>>
>>>>> I also found this in the /var/log/system.log of the Sophos VM:
>>>>> 2015:08:29-12:04:05 sop dhclient: DHCPDISCOVER on eth1 to
>>>>> 255.255.255.255 port 67 interval 6
>>>>> 2015:08:29-12:04:11 sop dhclient: DHCPDISCOVER on eth1 to
>>>>> 255.255.255.255 port 67 interval 13
>>>>> 2015:08:29-12:04:24 sop dhclient: DHCPDISCOVER on eth1 to
>>>>> 255.255.255.255 port 67 interval 2
>>>>> 2015:08:29-12:04:26 sop dhclient: No DHCPOFFERS received.
>>>>>
>>>>> I have shut down firewalld on the KVM host so I don't think there are
>>>>> any firewall rules blocking this.
>>>>>
>>>>> As soon as I fire up the original Sophos VM on ESXi the internet
>>>>> connection works perfectly again.
>>>>>
>>>>> If I can't get this VM running on KVM it's a show-stopper. Can anyone
>>>>> suggest what might be going on that is preventing the WAN link from
>>>>> connecting? Or suggest a way of troubleshooting this?
>>>>>
>>>>> Thanks in advance.
>>>>>
>>>>
>>>>
>>>
>>
>
> _______________________________________________
> libvirt-users mailing list
> libvirt-users at redhat.com
> https://www.redhat.com/mailman/listinfo/libvirt-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20150901/c4bc2791/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image.png
Type: image/png
Size: 30772 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20150901/c4bc2791/attachment.png>

More information about the libvirt-users mailing list