Public IP on virtual machine network issue
Marcin Groszek
marcin at voipplus.net
Mon Feb 14 13:29:47 UTC 2022
The issue has been resolved I had a firewald running on virtual host.
Thank you for the replay.
On 2/13/2022 9:17 PM, Daniel Romero wrote:
> Hi,
>
> as Tom says, check iptables forward rules. Also, you can check host
> sysctl ipv4/6 global and per interface rules to double check bridge
> forward capabilities. Finally, check your routes on guest vm,
> especially the default gw, sometimes you can receive the packet and
> the answer is sent through the wrong interface because of bad routes.
>
> Best Regards.
> Daniel Romero P.
>
>
>
> On Sun, Feb 13, 2022 at 7:39 PM Tom Ammon <thomasammon at gmail.com
> <mailto:thomasammon at gmail.com>> wrote:
>
> Can you post the output of iptables -L?
>
> By default, the bridge module in the kernel sends packets
> traversing the bridge to iptables (in the FORWARD chain I believe)
> for processing. So if you have configured a DENY policy on the
> FORWARD chain, or are otherwise filtering in the forward chain,
> you'll be affecting packets traversing the bridge. Check out this
> page for details on how to change this behavior:
> https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
>
> Tom
>
> On Sun, Feb 13, 2022 at 4:08 PM Marcin Groszek
> <marcin at voipplus.net <mailto:marcin at voipplus.net>> wrote:
>
> I have been struggling with this for weeks and I was unable to
> find an
> answer on line. Perhaps someone here can help me.
>
> Oracle linux 8 running virtualization:
>
> hardware node has a public IP address on interface bridge0 and
> physical
> eno1 is a member of the bridge0
>
> a virtual OS has interface bridged to lan and source is
> bridge0, Ip
> address of virtual OS is also a public from same class as the
> hardware node.
>
> I can route in and out of virtual, I can ping from hardware
> node to
> virtual and vice versa, so the routing works as it should,
> sort of.
>
> When I try tracepath or traceroute from outside to virtual I
> get !H on
> last hup
>
> same result when I try to do the same form hardware node to
> virtual I get !H
>
> Also, when I telnet (TCP) to a specific port on virtual where
> I have a
> daemon LISTENING OR NOT I get: No route to host. Same
> experiment works
> just fine for ssh port.
>
> Firewalld is not running, and I just have very basic iptables
> rules like
> allowing external address block to ssh to hardware node and to
> virtual
> dropping connections from all other sources
>
> This issue presented it self when I attempted to setup a
> galera node on
> virtual and ports 4567 is responding but 4568 and 4444 are
> not, but the
> daemons are running and I can clearly see lsoft showing
> "LISTENING"
>
> I capture the traffic and the tcp as well as udp are getting
> to the
> virtual. Is there a preconfigured netfiltering that I am not
> aware of?
>
> What am I missing?
>
>
>
>
> --
> Best Regards:
> Marcin Groszek
> Business Voip Resource.
> http://www.voipplus.net
>
>
>
> --
> -----------------------------------------------------------------------------
> Tom Ammon
> M: (737) 400-9042
> thomasammon at gmail.com <mailto:thomasammon at gmail.com>
> -----------------------------------------------------------------------------
>
--
Best Regards:
Marcin Groszek
Business Voip Resource.
http://www.voipplus.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20220214/56b0a2f2/attachment.htm>
More information about the libvirt-users
mailing list