The issue has been resolved I had a firewald running on virtual host.
Thank you for the replay.
On 2/13/2022 9:17 PM, Daniel Romero wrote:
Hi,
as Tom says, check iptables forward rules. Also, you can check host
sysctl ipv4/6 global and per interface rules to double check bridge
forward capabilities. Finally, check your routes on guest vm,
especially the default gw, sometimes you can receive the packet and
the answer is sent through the wrong interface because of bad routes.
Best Regards.
Daniel Romero P.
On Sun, Feb 13, 2022 at 7:39 PM Tom Ammon <thomasam...@gmail.com
<mailto:thomasam...@gmail.com>> wrote:
Can you post the output of iptables -L?
By default, the bridge module in the kernel sends packets
traversing the bridge to iptables (in the FORWARD chain I believe)
for processing. So if you have configured a DENY policy on the
FORWARD chain, or are otherwise filtering in the forward chain,
you'll be affecting packets traversing the bridge. Check out this
page for details on how to change this behavior:
https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf
Tom
On Sun, Feb 13, 2022 at 4:08 PM Marcin Groszek
<mar...@voipplus.net <mailto:mar...@voipplus.net>> wrote:
I have been struggling with this for weeks and I was unable to
find an
answer on line. Perhaps someone here can help me.
Oracle linux 8 running virtualization:
hardware node has a public IP address on interface bridge0 and
physical
eno1 is a member of the bridge0
a virtual OS has interface bridged to lan and source is
bridge0, Ip
address of virtual OS is also a public from same class as the
hardware node.
I can route in and out of virtual, I can ping from hardware
node to
virtual and vice versa, so the routing works as it should,
sort of.
When I try tracepath or traceroute from outside to virtual I
get !H on
last hup
same result when I try to do the same form hardware node to
virtual I get !H
Also, when I telnet (TCP) to a specific port on virtual where
I have a
daemon LISTENING OR NOT I get: No route to host. Same
experiment works
just fine for ssh port.
Firewalld is not running, and I just have very basic iptables
rules like
allowing external address block to ssh to hardware node and to
virtual
dropping connections from all other sources
This issue presented it self when I attempted to setup a
galera node on
virtual and ports 4567 is responding but 4568 and 4444 are
not, but the
daemons are running and I can clearly see lsoft showing
"LISTENING"
I capture the traffic and the tcp as well as udp are getting
to the
virtual. Is there a preconfigured netfiltering that I am not
aware of?
What am I missing?
--
Best Regards:
Marcin Groszek
Business Voip Resource.
http://www.voipplus.net
--
-----------------------------------------------------------------------------
Tom Ammon
M: (737) 400-9042
thomasam...@gmail.com <mailto:thomasam...@gmail.com>
-----------------------------------------------------------------------------
--
Best Regards:
Marcin Groszek
Business Voip Resource.
http://www.voipplus.net
