Re: [fedora-virt] Routing only works in one direction + tcpdump

Philip Rhoades Fri, 23 Sep 2011 10:27:27 -0700

Rich,


On 2011-09-24 03:00, Philip Rhoades wrote:
> Rich,
>
>
> On 2011-09-24 02:23, Richard W.M. Jones wrote:
>> On Sat, Sep 24, 2011 at 02:13:57AM +1000, Philip Rhoades wrote:
>>> Rich,
>>>
>>>
>>> On 2011-09-24 00:13, Richard W.M. Jones wrote:
>>> >On Fri, Sep 23, 2011 at 12:43:12AM +1000, Philip Rhoades wrote:
>>> >>People,
>>> >>
>>> >>I have been installing virtual machines for a while on a Fedora 
>>> 14
>>> >>x86_64 system (the most recent one was F16 Alpha i686) and I
>>> >>have always
>>> >>managed to be able to test what I wanted to but ssh-ing from the
>>> >>host to
>>> >>the virtual machines has never worked (it always works the other 
>>> way
>>> >>around).  I get:
>>> >>
>>> >>   ssh: connect to host 192.168.122.139 port 22: No route to host
>>> >>
>>> >>ifconfig shows:
>>> >>
>>> >>   virbr0    Link encap:Ethernet  HWaddr FE:54:00:9F:96:2F
>>> >>             inet addr:192.168.122.1  Bcast:192.168.122.255
>>> >>Mask:255.255.255.0
>>> >>
>>> >>route shows:
>>> >>
>>> >>   192.168.122.0   *               255.255.255.0   U     0      0
>>> >>0 virbr0
>>> >>
>>> >>so why the error message?
>>> >
>>> >There's not enough information here to answer the question,
>>>
>>>
>>> What other info is needed?
>>
>> I'd want to see the *full* output from:
>>
>>  - ifconfig -a
>
>
> eth0      Link encap:Ethernet  HWaddr 00:1C:C0:FA:85:E6
>           inet addr:10.1.1.10  Bcast:10.1.1.255  Mask:255.255.255.0
>           inet6 addr: fe80::21c:c0ff:fefa:85e6/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:4184 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:4297 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:2345423 (2.2 MiB)  TX bytes:649997 (634.7 KiB)
>           Interrupt:20 Memory:d0600000-d0620000
>
> eth1      Link encap:Ethernet  HWaddr 00:1F:11:01:25:AE
>           inet addr:192.168.0.200  Bcast:192.168.0.255  
> Mask:255.255.255.0
>           inet6 addr: fe80::21f:11ff:fe01:25ae/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:0 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:29 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:1000
>           RX bytes:0 (0.0 b)  TX bytes:5749 (5.6 KiB)
>
> lo        Link encap:Local Loopback
>           inet addr:127.0.0.1  Mask:255.0.0.0
>           inet6 addr: ::1/128 Scope:Host
>           UP LOOPBACK RUNNING  MTU:16436  Metric:1
>           RX packets:21009 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:21009 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:4079213 (3.8 MiB)  TX bytes:4079213 (3.8 MiB)
>
> virbr0    Link encap:Ethernet  HWaddr FE:54:00:83:C5:2A
>           inet addr:192.168.122.1  Bcast:192.168.122.255  
> Mask:255.255.255.0
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:27 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:22 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:0
>           RX bytes:5164 (5.0 KiB)  TX bytes:5199 (5.0 KiB)
>
> vnet0     Link encap:Ethernet  HWaddr FE:54:00:83:C5:2A
>           inet6 addr: fe80::fc54:ff:fe83:c52a/64 Scope:Link
>           UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
>           RX packets:29 errors:0 dropped:0 overruns:0 frame:0
>           TX packets:78 errors:0 dropped:0 overruns:0 carrier:0
>           collisions:0 txqueuelen:500
>           RX bytes:5722 (5.5 KiB)  TX bytes:5292 (5.1 KiB)
>
>
>
>>  - netstat -rn
>
>
> Kernel IP routing table
> Destination     Gateway         Genmask         Flags   MSS Window
> irtt Iface
> 192.168.0.0     0.0.0.0         255.255.255.0   U         0 0         
> 0 eth1
> 10.1.1.0        0.0.0.0         255.255.255.0   U         0 0         
> 0 eth0
> 192.168.122.0   0.0.0.0         255.255.255.0   U         0 0
> 0 virbr0
> 0.0.0.0         10.1.1.1        0.0.0.0         UG        0 0         
> 0 eth0
>
>
>
>>  - iptables -L -n
>
>
> Chain INPUT (policy DROP)
> target     prot opt source               destination
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp 
> dpt:53
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp 
> dpt:53
> ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0           udp 
> dpt:67
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp 
> dpt:67
> block      all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
> RELATED,ESTABLISHED
> ACCEPT     tcp  --  149.171.173.169      0.0.0.0/0           tcp 
> dpt:22
> ACCEPT     tcp  --  203.166.81.114       0.0.0.0/0           tcp 
> dpt:22
> ACCEPT     tcp  --  203.206.181.78       0.0.0.0/0           tcp 
> dpt:22
> ACCEPT     tcp  --  180.189.137.63       0.0.0.0/0           tcp 
> dpt:22
> ACCEPT     tcp  --  59.167.251.17        0.0.0.0/0           tcp 
> dpt:22
> ACCEPT     tcp  --  144.136.70.171       0.0.0.0/0           tcp 
> dpt:22
> ACCEPT     tcp  --  65.99.230.42         0.0.0.0/0           tcp 
> dpt:22
> ACCEPT     tcp  --  203.84.234.5         0.0.0.0/0           tcp 
> dpt:22
> ACCEPT     tcp  --  12.45.85.174         0.0.0.0/0           tcp 
> dpt:22
> ACCEPT     tcp  --  27.33.171.236        0.0.0.0/0           tcp 
> dpt:22
> ACCEPT     tcp  --  24.62.160.127        0.0.0.0/0           tcp 
> dpt:22
> ACCEPT     tcp  --  10.1.1.0/24          0.0.0.0/0           tcp 
> dpt:22
> ACCEPT     tcp  --  192.168.0.0/24       0.0.0.0/0           tcp 
> dpt:22
> ACCEPT     tcp  --  192.168.1.0/24       0.0.0.0/0           tcp 
> dpt:22
> ACCEPT     tcp  --  192.168.122.0/24     0.0.0.0/0           tcp 
> dpt:22
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state
> NEW,ESTABLISHED tcp dpt:25 flags:
> 0x17/0x02
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state
> NEW,ESTABLISHED tcp dpt:53 flags:
> 0x17/0x02
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state
> NEW,ESTABLISHED tcp dpt:80
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state
> NEW,ESTABLISHED tcp dpt:8080
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state
> NEW,ESTABLISHED tcp dpt:443
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state
> NEW,ESTABLISHED tcp dpt:465
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state
> NEW,ESTABLISHED tcp dpt:993
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state
> NEW,ESTABLISHED tcp dpt:2049
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state
> NEW,ESTABLISHED tcp dpt:2401
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state
> NEW,ESTABLISHED tcp dpt:3128 flag
> s:0x17/0x02
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state
> NEW,ESTABLISHED tcp dpt:5900 flag
> s:0x17/0x02
> ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0           state
> NEW,ESTABLISHED tcp dpt:5901 flag
> s:0x17/0x02
> ACCEPT     udp  --  149.171.173.169      0.0.0.0/0           udp 
> spt:53
> ACCEPT     udp  --  203.166.81.114       0.0.0.0/0           udp 
> spt:53
> ACCEPT     udp  --  203.206.181.78       0.0.0.0/0           udp 
> dpt:53
> ACCEPT     udp  --  180.189.137.63       0.0.0.0/0           udp 
> spt:53
> ACCEPT     udp  --  59.167.251.17        0.0.0.0/0           udp 
> spt:53
> ACCEPT     udp  --  58.172.176.250       0.0.0.0/0           udp 
> spt:53
> ACCEPT     udp  --  203.84.234.5         0.0.0.0/0           udp 
> spt:53
> ACCEPT     udp  --  12.45.85.174         0.0.0.0/0           udp 
> spt:53
> ACCEPT     udp  --  10.1.1.0/24          0.0.0.0/0           udp 
> spt:53
> ACCEPT     udp  --  192.168.0.0/24       0.0.0.0/0           udp 
> spt:53
> ACCEPT     udp  --  192.168.1.0/24       0.0.0.0/0           udp 
> spt:53
> ACCEPT     udp  --  192.168.122.0/24     0.0.0.0/0           udp 
> spt:53
> REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> flags:0x17/0x02 reject-with icmp-po
> rt-unreachable
> REJECT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
> reject-with icmp-port-unreachable
>
> Chain FORWARD (policy ACCEPT)
> target     prot opt source               destination
> ACCEPT     all  --  0.0.0.0/0            192.168.122.0/24    state
> RELATED,ESTABLISHED
> ACCEPT     all  --  192.168.122.0/24     0.0.0.0/0
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> reject-with icmp-port-unreachable
> REJECT     all  --  0.0.0.0/0            0.0.0.0/0
> reject-with icmp-port-unreachable
>
> Chain OUTPUT (policy DROP)
> target     prot opt source               destination
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0
> ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           state
> NEW,RELATED,ESTABLISHED
>
> Chain block (1 references)
> target     prot opt source               destination
> REJECT     tcp  --  61.115.230.182       0.0.0.0/0           tcp
> reject-with icmp-port-unreachable
> REJECT     udp  --  61.115.230.182       0.0.0.0/0           udp
> reject-with icmp-port-unreachable
> REJECT     tcp  --  80.31.213.120        0.0.0.0/0           tcp
> reject-with icmp-port-unreachable
> REJECT     udp  --  80.31.213.120        0.0.0.0/0           udp
> reject-with icmp-port-unreachable
> REJECT     tcp  --  89.97.225.114        0.0.0.0/0           tcp
> reject-with icmp-port-unreachable
> REJECT     udp  --  89.97.225.114        0.0.0.0/0           udp
> reject-with icmp-port-unreachable
> REJECT     tcp  --  209.239.43.72        0.0.0.0/0           tcp
> reject-with icmp-port-unreachable
> REJECT     udp  --  209.239.43.72        0.0.0.0/0           udp
> reject-with icmp-port-unreachable
> REJECT     tcp  --  239.255.255.250      0.0.0.0/0           tcp
> reject-with icmp-port-unreachable
> REJECT     udp  --  239.255.255.250      0.0.0.0/0           udp
> reject-with icmp-port-unreachable
> REJECT     tcp  --  0.0.0.0/0            0.0.0.0/0           tcp
> source IP range 213.198.1.1-213.198
> .255.255 reject-with icmp-port-unreachable
> REJECT     udp  --  0.0.0.0/0            0.0.0.0/0           udp
> source IP range 213.198.1.1-213.198
> .255.255 reject-with icmp-port-unreachable
>
>
>>  - brctl show
>
>
> bridge name     bridge id               STP enabled     interfaces
> virbr0          8000.fe540083c52a       yes             vnet0
>
>
>> Plus maybe try tcpdump'ing the connection?
>
>
> eth0 ?


On virbr0:

03:24:11.874464 IP 192.168.122.1.46164 > 192.168.122.139.ssh: Flags 
[S], seq 2639287357, win 5840, options [mss 1460,sackOK,TS val 1640487 
ecr 0,nop,wscale 7], length 0
03:24:11.874749 IP 192.168.122.139 > 192.168.122.1: ICMP host 
192.168.122.139 unreachable - admin prohibited, length 68
03:24:16.877911 ARP, Request who-has 192.168.122.1 tell 
192.168.122.139, length 28
03:24:16.877933 ARP, Reply 192.168.122.1 is-at fe:54:00:83:c5:2a (oui 
Unknown), length 28
03:24:18.490805 IP 0.0.0.0 > all-systems.mcast.net: igmp query v2
03:24:18.490807 IP6 truncated-ip6 - 8160 bytes missing!:: > ff02::1: 
HBH ICMP6, multicast listener queryv2  [gaddr ::[|icmp6], length 8184

Thanks,

Phil.

-- 
Philip Rhoades

GPO Box 3411
Sydney NSW      2001
Australia
E-mail:  [email protected]
_______________________________________________
virt mailing list
[email protected]
https://admin.fedoraproject.org/mailman/listinfo/virt

Re: [fedora-virt] Routing only works in one direction + tcpdump

Reply via email to