Hi Phil, But you said you disabled firewalld which makes me wonder if you have the necessary forwarding rules active.
Dan On 1 September 2015 at 13:48, Phill Edwards <philledwa...@gmail.com> wrote: > Hi Ajey, I thought I already was doing bridge mode. Below are the network > interface definitions from the XML config file for the Sophos VM. (Note > that it's actually the middle definition which is connected to the cable > modem which is different to how I showed it in the earlier diagram). What I > don't understand is that the interface type says "direct" in the XML even > though in virt-manager it shows up as "Bridge": > > [image: Inline image 1] > > > <interface type='bridge'> > <mac address='52:54:00:63:2e:15'/> > <source bridge='br0'/> > <model type='virtio'/> > <address type='pci' domain='0x0000' bus='0x00' slot='0x03' > function='0x0'/> > </interface> > <interface type='direct'> > <mac address='00:0c:29:79:d4:e8'/> > <source dev='enp5s0f0' mode='bridge'/> > <model type='virtio'/> > <address type='pci' domain='0x0000' bus='0x00' slot='0x04' > function='0x0'/> > </interface> > <interface type='direct'> > <mac address='52:54:00:42:33:92'/> > <source dev='enp5s0f1' mode='bridge'/> > <model type='virtio'/> > <address type='pci' domain='0x0000' bus='0x00' slot='0x05' > function='0x0'/> > </interface> > > > Regards, > Phill > > On Tue, Sep 1, 2015 at 10:25 PM, Ajey Gore <ajeyg...@gmail.com> wrote: > >> does you cable modem give you automatically the IP address? if thats the >> case then you need to do bridge configuration between nic3 and macvtap dhcp >> ip >> >> and then you will be able to get dhcp attached IP to sophos vm >> >> - ajey >> >> >> >> On Tue, Sep 1, 2015 at 4:33 PM, Phill Edwards <philledwa...@gmail.com> >> wrote: >> >>> Hi, I'm not sure what sort of diagram you mean, but I'll have a try. >>> Does this help? It sounds like I need to do something to enable routing on >>> what I've labelled "NIC3" on the diagram - can you please explain what I >>> need to do? >>> >>> <image.png> >>> >>> >>> Regards, >>> Phill >>> >>> On Tue, Sep 1, 2015 at 4:53 PM, Ajey Gore <ajeyg...@gmail.com> wrote: >>> >>>> Can you please drop a rough diagram here? I think you are routing >>>> through this VM and must have shared the host interface. >>>> >>>> - ajey >>>> >>>> >>>> >>>> On Tue, Sep 1, 2015 at 7:39 AM, Phill Edwards <philledwa...@gmail.com> >>>> wrote: >>>> >>>>> I'm pretty new to KVM and have a KVM CentOS 7.1 hypervisor running a >>>>> few VMs. I'm moving all my VMs from an ESXi host as I want to use KVM in >>>>> future. Most of my VMs are working except for one which is running a >>>>> Sophos >>>>> UTM router (Sophos UTM is similar to products like pfSense >>>>> <https://www.pfsense.org/>, Smoothwall <http://www.smoothwall.org/> >>>>> etc). >>>>> >>>>> The host has 3 physical NICs which are configured on the Sophos VM as: >>>>> 1) LAN (fixed IP) >>>>> 2) DMZ (fixed IP) >>>>> 3) WAN (which is directly plugged into a cable modem for the internet >>>>> connection and is configured DHCP). >>>>> >>>>> I have imported the settings from the "old" Sophos machine so I know >>>>> the configuration of the new one is identical to the old one. I have even >>>>> tried configuring the NICs to have the same MAC addresses as the old one. >>>>> >>>>> The problem is that no matter what I try I cannot get the WAN NIC to >>>>> get an internet link up and running with my cable modem. I have >>>>> re-installed the VM countless times, turned off the modem and VM, done a >>>>> factory reset of the modem, and, as I mentioned, ensured the MAC addresses >>>>> are the same. Nothing I try has been successful. >>>>> >>>>> The network interfaces on the new Sophos VM look like this: >>>>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >>>>> state UP group default qlen 1000 >>>>> link/ether 00:0c:29:79:d4:de brd ff:ff:ff:ff:ff:ff >>>>> inet 192.168.0.254/24 brd 192.168.0.255 scope global eth0 >>>>> valid_lft forever preferred_lft forever >>>>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast >>>>> state UP group default qlen 1000 >>>>> link/ether 00:0c:29:79:d4:e8 brd ff:ff:ff:ff:ff:ff >>>>> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast >>>>> state UP group default qlen 1000 >>>>> link/ether 00:0c:29:79:d4:f2 brd ff:ff:ff:ff:ff:ff >>>>> inet 192.168.1.254/24 brd 192.168.1.255 scope global eth2 >>>>> valid_lft forever preferred_lft forever >>>>> >>>>> I also found this in the /var/log/system.log of the Sophos VM: >>>>> 2015:08:29-12:04:05 sop dhclient: DHCPDISCOVER on eth1 to >>>>> 255.255.255.255 port 67 interval 6 >>>>> 2015:08:29-12:04:11 sop dhclient: DHCPDISCOVER on eth1 to >>>>> 255.255.255.255 port 67 interval 13 >>>>> 2015:08:29-12:04:24 sop dhclient: DHCPDISCOVER on eth1 to >>>>> 255.255.255.255 port 67 interval 2 >>>>> 2015:08:29-12:04:26 sop dhclient: No DHCPOFFERS received. >>>>> >>>>> I have shut down firewalld on the KVM host so I don't think there are >>>>> any firewall rules blocking this. >>>>> >>>>> As soon as I fire up the original Sophos VM on ESXi the internet >>>>> connection works perfectly again. >>>>> >>>>> If I can't get this VM running on KVM it's a show-stopper. Can anyone >>>>> suggest what might be going on that is preventing the WAN link from >>>>> connecting? Or suggest a way of troubleshooting this? >>>>> >>>>> Thanks in advance. >>>>> >>>> >>>> >>> >> > > _______________________________________________ > libvirt-users mailing list > libvirt-users@redhat.com > https://www.redhat.com/mailman/listinfo/libvirt-users >
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
