SSH VM from outside, but not from host
Laine Stump
laine at redhat.com
Wed Feb 16 14:28:39 UTC 2022
On 2/16/22 4:40 AM, Peter Crowther wrote:
> ... hang on. Why does the *bridge* have an IP address? Think of a
> bridge as being like a switch; it has no address of its own.
It's not the IP address of the bridge, it's the IP address of the
"default / built-in" port of the bridge. The standard way to configure a
Linux host bridge is to attach the host's physical ethernet to the
bridge, and move the IP config from the ethernet device to the bridge
device. This is because each Linux host bridge has a single port
(netdev) that is connected to the routing stack of the host's kernel. So
traffic comes in the ethernet, to the port on the bridge that's
connected to the ethernet, and then sent out of the bridge via this
"built-in" port up to the host's IP stack for either reception by the
host, or routing by IP. Since this built-in port is "closer" to the host
kernel, it makes sense for the IP config to be there (at least that's
how I think about it).
The comment I have about the *original* problem is this: what's being
described sounds exactly like what would happen if the guest config was
using <interface type='direct'> rather than <interface type='bridge'>.
Because the description talks about being connectd via a bridge, I at
first I assumed that the connection is <interface type='bridge'>, but
then just now realized that although it is pointless to use
type='direct' (a macvtap device) to connect via a bridge, it still would
work (except host<->guest communication wouldn't work), so it's at least
worth asking if possibly type='direct' was used by mistake.
https://wiki.libvirt.org/page/TroubleshootMacvtapHostFail
Probably not the issue here, but I thought I should throw it out there
just in case :-)
>
> Cheers,
>
> Peter
>
> On Tue, 15 Feb 2022 at 20:21, Wolf <ort_libvirt at bergersen.no
> <mailto:ort_libvirt at bergersen.no>> wrote:
>
> On 15 Feb 2022, at 20:04, Peter Crowther
> <peter.crowther at melandra.com <mailto:peter.crowther at melandra.com>>
> wrote:
>>
>> And eno1 and eno2 are *both* connected to the same external
>> switch, yes?
>
> Correct, where each NIC has its ip access-list.
> XX1.XX1.XX1.150 and XX2.XX2.XX2.100 are on separate NICs.
>
> When I ping the VM, XX2.XX2.XX2.100, from the host, XX1.XX1.XX1.150,
> the host pings itself.
>
> Thanks!
>
> Wolf
>
>
>
>>
>> On Tue, 15 Feb 2022 at 17:17, Wolf <ort_libvirt at bergersen.no
>> <mailto:ort_libvirt at bergersen.no>> wrote:
>>
>> Hi!
>>
>> 1) I have two network ports on my server.
>> - eno1 has the IP: XX1.XX1.XX1.150
>>
>> - bridge0 has the IP: XX2.XX2.XX2.100
>> and has the interface member: port eno2.
>> eno2 is not set up with an IP address.
>>
>> 2) The host runs on IP: XX1.XX1.XX1.150
>>
>> 3) A VM uses the bridge: bridge0, and has the IP: XX2.XX2.XX2.100
>>
>> I have a problem with this setup:
>> I can ssh the VM on XX2.XX2.XX2.100 from outside, but from the
>> host, XX1.XX1.XX1.150, I can't ssh the VM on XX2.XX2.XX2.100.
>>
>> Have I set up this wrong or is it something I can do to solve
>> this?
>>
>> Thanks!
>>
>> Wolf
>>
>>
>
More information about the libvirt-users
mailing list