Good afternoon. I have a RHEL6 host, running RHEL 3.8 as a guest. The NIC is bridged. From the guest, I can ping successfully to a variety of network devices. From the host, I can ping successfully to a variety of network devices AND the guest OS. But from my workstation, I can only ping the HOST, not the guest. And it looks like the packets are being discarded. IPtables is NOT enabled on either the guest or the host (our application does not support iptables filtering - go figure). I am seeing lots of documentation for enabling outbound pings from guest, but very little about enabling inbound pings. And again, our software relies on pings for parts of its operations and validations. Any clues as to what I might have missed? Thanks, DAVID -- David A. Lane, KG4GIY EC/RO Prince William County ARES?/RACES +1.703.628.3868 http://www.pwcares.org/ http://www.linuxjournal.com/forums/hot-topics/ham-radio IM/Skype/Twitter: kg4giy -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://listman.redhat.com/archives/libvirt-users/attachments/20101222/4d6e74e1/attachment.htm>
On 12/22/2010 04:02 PM, David Lane wrote:> Good afternoon. > > I have a RHEL6 host, running RHEL 3.8 as a guest. The NIC is > bridged. From the guest, I can ping successfully to a variety of > network devices. From the host, I can ping successfully to a variety > of network devices AND the guest OS. But from my workstation, I can > only ping the HOST, not the guest. And it looks like the packets are > being discarded. > > IPtables is NOT enabled on either the guest or the host (our > application does not support iptables filtering - go figure). > > I am seeing lots of documentation for enabling outbound pings from > guest, but very little about enabling inbound pings. And again, our > software relies on pings for parts of its operations and validations. > > Any clues as to what I might have missed?Just a long shot - what does "sysctl net.bridge.bridge-nf-call-iptables" on the host show? If it's set to 1, try setting it to 0. Alternately, you can make sure the following rule is in iptables: iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT (I'm thinking this shouldn't matter, as I had thought having it wrong would prevent *outbound* connections as well, but it's worth looking at). BTW, is it just icmp that isn't allowed incoming, or does ssh (for example) also not get in? Have you run wireshark on the bridge interface, or on the host tap interface connecting the guest to the bridge? That might give you more clues as to where it's getting lost.
Reasonably Related Threads
- Re: [Xen-devel] xen 4.1.2* dhcp issue/bug when installing/booting HVM domU domains (CentOS 6, unbuntu 11.04 server). Debian/OpenSolaris work fine.
- What I learned about Linux bridging
- idmap_rid problem - winbindd_sid_to_uid: Could not get uid for sid
- [PATCH] PVH: remove code to map iomem from guest
- Linux Gateway Qos_2 interfaces (1 lan and 1 internet) problem