| View previous topic :: View next topic |
| Author |
Message |
Princess Nell
l33t
Joined: 15 Apr 2005
Posts: 916
|
 Posted: Sun May 07, 2023 12:06 pm Post subject: [SOLVED] qemu guest networking |
 |
|
I've worked with qemu and libvirt for years, and only just set up a Gentoo host for this environment for the first time to migrate away from vbox. I've converted all the vbox VMs to qcow2 and imported them, which worked very well. All VMs work perfectly.
What is not working now are new VMs created on this server with virt-manager. At first, I found DNS not working but then realized that they are unable to reach the gateway/DNS server at all. DHCP works, though, as they get their IPs through it (bridge mode), and ssh to other machines on the LAN by IP also works, but not to the gateway.
This looks like a firewall problem, yet disabling the firewall on the host does not help, the gateway remains unreachable. This happens on VMs running Ubuntu and Rocky, i.e. very different guest systems, while at the same time, Ubuntu and Rocky VMs converted from vbox work fine. The xml files for old and new VMs show the differences you would expect, name, uuid, image path etc.
Any ideas what else I could check?
Last edited by Princess Nell on Thu May 18, 2023 10:51 pm; edited 1 time in total |
|
| Back to top |
|
 |
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3879
|
| Posted: Sun May 07, 2023 2:39 pm Post subject: |
|
|
Can you plz post
ip a
from your Gentoo qemu host and from one of your problematic guests?
My guess is you have iptables kernel functionality missing for bridged networking.
_________________
 |
|
| Back to top |
|
|
Princess Nell
l33t
Joined: 15 Apr 2005
Posts: 916
|
| Posted: Mon May 08, 2023 11:23 pm Post subject: |
|
|
| Code: |
qemu-host ~ # ip a |sed 's/192.168.211/192.168.1/g'
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 20:16:b9:fd:51:15 brd ff:ff:ff:ff:ff:ff
altname wlp58s0
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 94:c6:91:a6:0b:3b brd ff:ff:ff:ff:ff:ff
altname eno1
altname enp0s31f6
inet6 fe80::96c6:91ff:fea6:b3b/64 scope link
valid_lft forever preferred_lft forever
4: br0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 92:f8:d3:24:9d:3a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.6/24 brd 192.168.1.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::90f8:d3ff:fe24:9d3a/64 scope link
valid_lft forever preferred_lft forever
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:0c:9e:21 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
qemu-host ~ #
|
| Code: |
root@qemu-guest:~# uname -a
Linux qemu-guest 4.15.0-156-generic #163-Ubuntu SMP Thu Aug 19 23:31:58 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
root@qemu-guest:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:69:5d:4b brd ff:ff:ff:ff:ff:ff
inet 192.168.1.8/24 brd 192.168.211.255 scope global dynamic enp1s0
valid_lft 43077sec preferred_lft 43077sec
inet6 fe80::5054:ff:fe69:5d4b/64 scope link
valid_lft forever preferred_lft forever
root@qemu-guest:~#
|
The host runs on sys-kernel/gentoo-kernel-bin, which is a first for me. I believe it's pretty complete and the bridge module is loaded.
However. I am using nftables and I turned that off for testing. Yet I find that an iptables ruleset has been installed:
| Code: |
qemu-host ~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
LIBVIRT_INP all -- anywhere anywhere
Chain FORWARD (policy ACCEPT)
target prot opt source destination
LIBVIRT_FWX all -- anywhere anywhere
LIBVIRT_FWI all -- anywhere anywhere
LIBVIRT_FWO all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
LIBVIRT_OUT all -- anywhere anywhere
Chain LIBVIRT_FWI (1 references)
target prot opt source destination
ACCEPT all -- anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain LIBVIRT_FWO (1 references)
target prot opt source destination
ACCEPT all -- 192.168.122.0/24 anywhere
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain LIBVIRT_FWX (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain LIBVIRT_INP (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootps
ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain LIBVIRT_OUT (1 references)
target prot opt source destination
ACCEPT udp -- anywhere anywhere udp dpt:domain
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:bootpc
ACCEPT tcp -- anywhere anywhere tcp dpt:bootpc
qemu-host ~ #
|
They are loaded upon libvirt-guest startup, so much is clear, but I can't see where they are configured. And, removing them doesn't fix the problem. |
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3879
|
| Posted: Tue May 09, 2023 4:20 pm Post subject: |
|
|
Everything seems perfect BUT i worry about this in the guest
| Code: |
inet 192.168.1.8/24 brd 192.168.211.255
|
The broadcast address should have been instead
192.168.1.255
Do you mind configuring the guest with static ip and see if the gateway is reachable?
I know lately ubuntu is very stupid with its networking.I advise you to revert to the good old /etc/network/interfaces file.
You basically assign br0 to the guest via virt-manager.Correct?
Here is my iface from a guest
| Code: |
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:5e:5c:ed brd ff:ff:ff:ff:ff:ff
altname enp1s0
inet 192.168.2.8/24 brd 192.168.2.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe5e:5ced/64 scope link
valid_lft forever preferred_lft forever
|
_________________
|
|
| Back to top |
|
|
Princess Nell
l33t
Joined: 15 Apr 2005
Posts: 916
|
| Posted: Sun May 14, 2023 11:27 am Post subject: |
|
|
| Fixed now. But doesn't resolve the problem. |
|
| Back to top |
|
|
Princess Nell
l33t
Joined: 15 Apr 2005
Posts: 916
|
| Posted: Thu May 18, 2023 10:50 pm Post subject: |
|
|
Solved it. arp table on the router showed the wrong MAC. Turned out I had already used the VM's IP on one of the router's other interfaces.
PEBKAC |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
