Jerry Geis
2020-Apr-01 12:53 UTC
[CentOS] CentOS 7 host with guests as bridge cannot access host
I have CentOS 7 host. Two guests on bridge network setup by GUI and virt-manager. 1 CentOS 8 guest 1 Win 10 guest Both cannot access the host. They can other machines on the network. Guests can access the internet just not the host. I used virt-manager GUi to set up everything. Selected the eth0:macvtap and Bridge. I "desire" bridge network. If I select something else I get access to host - but of course machine is not on the main network. Thoughts ? Jerry
Alexander Dalloz
2020-Apr-01 18:11 UTC
[CentOS] CentOS 7 host with guests as bridge cannot access host
Am 01.04.2020 um 14:53 schrieb Jerry Geis:> I have CentOS 7 host. Two guests on bridge network setup by GUI and > virt-manager. > 1 CentOS 8 guest > 1 Win 10 guest > Both cannot access the host. They can other machines on the network. Guests > can access the internet just not the host. > > I used virt-manager GUi to set up everything. Selected the eth0:macvtap and > Bridge. > I "desire" bridge network. > > If I select something else I get access to host - but of course machine is > not on the main network. > > Thoughts ? > > JerryWORKSFORME What have you checked so far? On the host: # brctl show virbr1 bridge name bridge id STP enabled interfaces virbr1 8000.525400698fd5 yes virbr1-nic vnet0 vnet1 vnet2 vnet3 vnet4 vnet5 # ip a s virbr1 3: virbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 52:54:0069:8f:d5 brd ff:ff:ff:ff:ff:ff inet 192.168.10.1/24 brd 192.168.10.255 scope global virbr1 valid_lft forever preferred_lft forever # cat /proc/sys/net/ipv4/ip_forward 1 # iptables -L FORWARD -v -n | egrep '(policy|virbr1)' Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) 20337 14M ACCEPT all -- eno1 virbr1 0.0.0.0/0 192.168.10.0/24 ctstate RELATED,ESTABLISHED 29512 3243K ACCEPT all -- virbr1 eno1 192.168.10.0/24 0.0.0.0/0 0 0 ACCEPT all -- virbr1 virbr1 0.0.0.0/0 0.0.0.0/0 0 0 REJECT all -- * virbr1 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable 0 0 REJECT all -- virbr1 * 0.0.0.0/0 0.0.0.0/0 reject-with icmp-port-unreachable Alexander
Jerry Geis
2020-Apr-01 19:56 UTC
[CentOS] CentOS 7 host with guests as bridge cannot access host
Thanks for the info. brctl show virbr0 bridge name bridge id STP enabled interfaces virbr0 8000.525400fc34af yes virbr0-nic brctl show virbr1 bridge name bridge id STP enabled interfaces virbr1 8000.5254009c3902 yes virbr1-nic ip a s virbr0 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:fc:34:af brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever ip a s virbr1 5: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 52:54:00:9c:39:02 brd ff:ff:ff:ff:ff:ff inet 192.168.100.1/24 brd 192.168.100.255 scope global virbr1 valid_lft forever preferred_lft forever cat /proc/sys/net/ipv4/ip_forward 1 iptables -L FORWARD -v -n | egrep '(policy|virbr1)' Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) iptables -L FORWARD -v -n | egrep '(policy|virbr0)' Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) So looks like my IPTables is not correct. What commands do you run for that ? Thanks, Jerry
Alexander Dalloz
2020-Apr-01 20:07 UTC
[CentOS] CentOS 7 host with guests as bridge cannot access host
Am 01.04.2020 um 21:56 schrieb Jerry Geis:> Thanks for the info. > > brctl show virbr0 > bridge name bridge id STP enabled interfaces > virbr0 8000.525400fc34af yes virbr0-nic > > brctl show virbr1 > bridge name bridge id STP enabled interfaces > virbr1 8000.5254009c3902 yes virbr1-nicWhy is no VM started?> ip a s virbr0 > 3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state > DOWN group default qlen 1000 > link/ether 52:54:00:fc:34:af brd ff:ff:ff:ff:ff:ff > inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 > valid_lft forever preferred_lft forever > > ip a s virbr1 > 5: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state > DOWN group default qlen 1000 > link/ether 52:54:00:9c:39:02 brd ff:ff:ff:ff:ff:ff > inet 192.168.100.1/24 brd 192.168.100.255 scope global virbr1 > valid_lft forever preferred_lft forever > > cat /proc/sys/net/ipv4/ip_forward > 1 > > iptables -L FORWARD -v -n | egrep '(policy|virbr1)' > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) > > iptables -L FORWARD -v -n | egrep '(policy|virbr0)' > Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)Is that different when the VMs are up?> So looks like my IPTables is not correct. > > What commands do you run for that ?Simply firewalld. Docker acts by itself.> Thanks, > > JerryAlexander
Jerry Geis
2020-Apr-01 20:52 UTC
[CentOS] CentOS 7 host with guests as bridge cannot access host
>Sorry, have to correct myself. Had to much to do today on OpenShift. >There is no Docker involved in what we discuss. The firewall rules for >the host bridge devices get created by libvirtd.Thanks I was using iptables and not converted to firewalld. I am doing so now. Will I need to delete the VM and re-add it ? I am rebooting first. Jerry
Possibly Parallel Threads
- CentOS 7 host with guests as bridge cannot access host
- guest A from virbr0 can talk to guest B in virbr1 but not vice versa
- unable to ping from guests in virbr0 to guests in virbr1 network
- Inconsistent iptables forwarding rules for virtual networks?
- Re: guest A from virbr0 can talk to guest B in virbr1 but not vice versa