On 04/29/13 20:03, Laszlo Ersek wrote: > On 04/29/13 19:29, Paolo Bonzini wrote: >> Il 29/04/2013 01:52, Laszlo Ersek ha scritto: >>> I inserted the following rule at the second position manually: >>> >>> Chain POSTROUTING (policy ACCEPT 79 packets, 6075 bytes) >>> pkts bytes target prot opt in out source >>> destination >>> 0 0 MASQUERADE tcp -- * * 192.168.122.0/24 >>> !192.168.122.0/24 masq ports: 1024-65535 >>> 1 362 ACCEPT udp -- * * 192.168.122.0/24 >>> 255.255.255.255 <---- here >>> 1 362 MASQUERADE udp -- * * 192.168.122.0/24 >>> !192.168.122.0/24 masq ports: 1024-65535 >>> 0 0 MASQUERADE all -- * * 192.168.122.0/24 >>> !192.168.122.0/24 >>> >>> And then dhcp started to work from the shell2 command line. >>> >>> OTOH, now routing is broken for me too, just as for Duane (I can't ping >>> anything, public IP or default GW on virbr0), but I'll post about that >>> in a separate email (in the "OVMF networking for real this time" >>> thread). >> >> It's not clear routing is broken for you even with non-OVMF guests. >> >> In other words, is this a libvirt bug or is the above rule just a >> workaround? > > I don't have any problems once the guest OS has booted up, be that > RHEL-6, F19, or Windows 8; their networking works fine. > > I suspect that DHCP clients in these guest OSes don't care about (= > don't enforce) the source port of the DHCP offer. The masquerading > probably happens each time (it was captured in Gerd's tcpdump as well), > but guests usually don't care. I would call that a libvirt bug that > hasn't bothered anyone yet. OVMF is the first networked guest that cares.
It has been reported before, although not for the 255.255.255.255 broadcast destination address, but for multicast addresses: https://bugzilla.redhat.com/show_bug.cgi?id=709418 Laszlo ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite It's a free troubleshooting tool designed for production Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://p.sf.net/sfu/appdyn_d2d_ap2 _______________________________________________ edk2-devel mailing list edk2-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/edk2-devel
