Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

kernel config for qemu-kvm
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
difficultcho
n00b
n00b


Joined: 15 Mar 2013
Posts: 14
PostPosted: Wed Jun 26, 2013 8:49 pm    Post subject: kernel config for qemu-kvm Reply with quote
Hi,

I updated my kernel from 3.5.7 to 3.9.7 lately. It seems I messed up my virtual network configuration.

I am using libvirt and virt-manager with qemu-kvm, and want to setup my virtual network in the NAT mode.

In a terminal, if I type:
Code:
virsh net-start default


it returns:
Code:
error: Failed to start network default
error: failed to add iptables rule to block outbound traffic from 'virbr0'


trying to start from virt-manager will get similar error as "network default is not active"

the drivers are compiled as kernel modules, and here is my lsmod results:
Quote:

Module Size Used by
mmc_block 24767 0
ipt_rpfilter 1748 0
nls_cp950 100905 0
nls_cp936 123049 0
firewire_core 50556 0
nbd 9131 0
crc_itu_t 1275 1 firewire_core
sha256_generic 9981 0
virtio_pci 6552 0
virtio_net 17291 0
virtio_ring 4452 2 virtio_net,virtio_pci
virtio 3634 2 virtio_net,virtio_pci
p8022 1051 0
psnap 1821 0
xt_NETMAP 1604 0
xt_REDIRECT 1582 0
xt_nat 1721 0
iptable_nat 2694 0
nf_conntrack_ipv4 6142 1
nf_defrag_ipv4 1187 1 nf_conntrack_ipv4
nf_nat_ipv4 3416 1 iptable_nat
ipt_MASQUERADE 1682 0
nf_nat 11533 6 ipt_MASQUERADE,nf_nat_ipv4,xt_nat,xt_NETMAP,xt_REDIRECT,iptable_nat
nf_conntrack 45729 5 ipt_MASQUERADE,nf_nat,nf_nat_ipv4,iptable_nat,nf_conntrack_ipv4
ebtable_nat 1732 0
ebtables 16743 1 ebtable_nat
xt_tcpudp 2287 0
iptable_filter 1368 0
ip_tables 10142 2 iptable_filter,iptable_nat
x_tables 12898 9 ip_tables,xt_tcpudp,ipt_MASQUERADE,ipt_rpfilter,xt_nat,xt_NETMAP,iptable_filter,ebtables,xt_REDIRECT
bridge 81151 0
stp 1533 1 bridge
llc 3473 4 stp,p8022,psnap,bridge
ecb 1985 0
btusb 12060 0
sdhci_pci 9443 0
sdhci 22954 1 sdhci_pci
mmc_core 82763 2 mmc_block,sdhci
bluetooth 204439 18 btusb
thinkpad_acpi 59518 0
hid_logitech_dj 9940 0


Also, if I try to add an outbound rule to my iptables by
Code:

iptables -A OUTPUT -p tcp --dport 22 -j DROP

It seems working to me.

So, may I ask what module am I missing in my kernel config? Thanks!
Back to top
View user's profile Send private message
difficultcho
n00b
n00b


Joined: 15 Mar 2013
Posts: 14
PostPosted: Tue Jul 02, 2013 10:45 pm    Post subject: solve it by brute force Reply with quote
I tried some brute force method, which means to enable all options, and see if libvirt may start. And then reduce options gradually.

It turns out that:
networking support -->
networking options -->
network package filtering framework -->
netfilter configuration -->
packet filtering
REJECT target support

is the one I missed. It has a (NEW) marked on it, so I thought it wasn't a critical option.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2024 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy