What are the values for the bridge-nf-call-* proc settings on your system?
[root@nexus ~]# ls -l /proc/sys/net/bridge/bridge-nf-call-*
-rw-r--r--. 1 root root 0 7. Aug 18:47
/proc/sys/net/bridge/bridge-nf-call-arptables
-rw-r--r--. 1 root root 0 7. Aug 18:47
/proc/sys/net/bridge/bridge-nf-call-ip6tables
-rw-r--r--. 1 root root 0 7. Aug 18:47
/proc/sys/net/bridge/bridge-nf-call-iptables
The bridge traffic probably gets firewalled. I see an "ACCEPT" rule with
source 192.168.122.0/24 so if you are using this network for a guest
then that would exlain why you can access the outside world but cannot
ping the VM's from elsewhere. Try to set the above three settings to 0
and test again.
Regards,
Dennis
On 07.08.2013 18:26, Lonni J Friedman wrote:
Currently, I have the following (defaults):
##############
# iptables --list --numeric
Chain INPUT (policy ACCEPT)
target prot opt source destination
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:53
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:53
ACCEPT udp -- 0.0.0.0/0 0.0.0.0/0 udp dpt:67
ACCEPT tcp -- 0.0.0.0/0 0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT)
target prot opt source destination
ACCEPT all -- 0.0.0.0/0 192.168.122.0/24 ctstate
RELATED,ESTABLISHED
ACCEPT all -- 192.168.122.0/24 0.0.0.0/0
ACCEPT all -- 0.0.0.0/0 0.0.0.0/0
REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
REJECT all -- 0.0.0.0/0 0.0.0.0/0
reject-with icmp-port-unreachable
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
################
This is identical to what I see on a Fedora16 host where the VMs are
accessible over the network. What kind of rule would you suggest I
add?
On Wed, Aug 7, 2013 at 1:52 AM, Daniel Sanabria <sanabri...@gmail.com> wrote:
can you share your iptables config (iptables --list --numeric)?
make sure you have a forward rule that matches when the physical device is
bridge.
Cheers,
Daniel
On 7 August 2013 06:19, Udayendu Sekhar kar <udayendu....@gmail.com> wrote:
Hi there,
I am using Fedora 19 and configured the bridge when my "NetworkManager" is
enabled. I am configuring the VPN through "NetworkManager", so I have to
keep it on. Here is the configuration from my test system which is working
absolutely fine.
===========
# brctl show
bridge name bridge id STP enabled interfaces
br0 0080.5c260a8373dd no em1
virbr0 8000.5254004f366e yes virbr0-nic
# cat /etc/sysconfig/network-scripts/ifcfg-em1
# Generated by dracut initrd
DEVICE="em1"
ONBOOT=yes
UUID="61632098-7161-42da-b97f-9e60148f589c"
BOOTPROTO="dhcp"
HWADDR="xx:xx:xx:xx:xx:xx"
TYPE=Ethernet
NAME="em1"
BRIDGE="br0"
# cat /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE="br0"
BOOTPROTO="dhcp"
TYPE="Bridge"
HWADDR="xx:xx:xx:xx:xx:xx"
MTU=9000
ONBOOT="yes"
# systemctl status NetworkManager.service
NetworkManager.service - Network Manager
Loaded: loaded (/usr/lib/systemd/system/NetworkManager.service;
enabled)
Active: active (running) since Wed 2013-08-07 10:21:41 IST; 15min ago
Main PID: 736 (NetworkManager)
CGroup: name=systemd:/system/NetworkManager.service
├─ 736 /usr/sbin/NetworkManager --no-daemon
└─1165 /sbin/dhclient -d -sf /usr/libexec/nm-dhcp-client.action
-pf /var/run/dhclient-br0.pid -lf
/var/lib/NetworkManager/dhclient-d2d68553-f97e-7549-7a26-b34a26f29318-br0.lease
-cf /var/lib/Ne...
Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> domain search
'pnq.redhat.com.'
Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> domain search
'redhat.com.'
Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> Activation (br0)
Stage 5 of 5 (IPv4 Configure Commit) scheduled...
Aug 07 10:21:56 fedora.virt NetworkManager[736]: <info> Activation (br0)
Stage 5 of 5 (IPv4 Commit) started...
Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> (br0): device
state change: ip-config -> secondaries (reason 'none') [70 90 0]
Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Activation (br0)
Stage 5 of 5 (IPv4 Commit) complete.
Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> (br0): device
state change: secondaries -> activated (reason 'none') [90 100 0]
Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Policy set 'Bridge
br0' (br0) as default for IPv4 routing and DNS.
Aug 07 10:21:57 fedora.virt NetworkManager[736]: <info> Activation (br0)
successful, device activated.
============
This configuration will help you to configure the bridge interface over
your em1 device while NetworkManager is on and also you can use the
NetworkManager to configure the VPN.
Thanks,
Uday !
On Wed, Aug 7, 2013 at 4:30 AM, Lonni J Friedman <netll...@gmail.com>
wrote:
Greetings,
I'm attempting to get several virtual machines setup on a Fedora19
host system, with the traditional bridge network devices (br0, br1,
etc). I've done this many times before with older versions of Fedora
(16, 14, etc), and it just works. However, for reasons that I cannot
figure out, the bridge doesn't seem to be working in Fedora19. While
I can successfully connect to the outside world (local network +
internet) from inside a VM, nothing can communicate with the VM from
outside (local network). I'm referring to something as trivial as
pinging. From inside the VM, I can ping anything successfully (0%
packet loss). However, from outside the VM (on the host, or any other
system on the same network), I see 100% packet loss when pinging the
IP address of the VM.
My first question is simply, does anyone else have this working
successfully in F19? And if so, what steps did you need to follow?
I'm not using NetworkManager at all, its all the network service.
There are no firewalls involved anywhere (iptables & firewall services
are currently disabled). Here's the current host configuration:
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.38eaa792efe5 no em2
vnet1
br1 8000.38eaa792efe6 no em3
br2 8000.38eaa792efe7 no em4
vnet0
virbr0 8000.525400db3ebf yes virbr0-nic
# more /etc/sysconfig/network-scripts/ifcfg-em2
TYPE=Ethernet
BRIDGE="br0"
NAME=em2
DEVICE="em2"
UUID=aeaa839e-c89c-4d6e-9daa-79b6a1b919bd
ONBOOT=yes
HWADDR=38:EA:A7:92:EF:E5
NM_CONTROLLED="no"
# more /etc/sysconfig/network-scripts/ifcfg-br0
TYPE=Bridge
NM_CONTROLLED="no"
BOOTPROTO=dhcp
NAME=br0
DEVICE="br0"
ONBOOT=yes
# ifconfig em2 ;ifconfig br0
em2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid
0x20<link>
ether 38:ea:a7:92:ef:e5 txqueuelen 1000 (Ethernet)
RX packets 100093 bytes 52354831 (49.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 25321 bytes 15791341 (15.0 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xf7d00000-f7e00000
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.31.99.226 netmask 255.255.252.0 broadcast
10.31.99.255
inet6 fe80::3aea:a7ff:fe92:efe5 prefixlen 64 scopeid
0x20<link>
ether 38:ea:a7:92:ef:e5 txqueuelen 0 (Ethernet)
RX packets 19619 bytes 1963328 (1.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11 bytes 1074 (1.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
Relevant section from /etc/libvirt/qemu/foo.xml (one of the VMs with
this problem):
<interface type='bridge'>
<mac address='52:54:00:26:22:9d'/>
<source bridge='br0'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03'
function='0x0'/>
</interface>
I can provide additional information, if requested. thanks!
_______________________________________________
virt mailing list
virt@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/virt
_______________________________________________
virt mailing list
virt@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/virt
