CentOS - Feb 2014 - KVM/NAT help requested

Dear Linux Gurus

I'm having problems with KVM and networking.  My guest cannot use NAT 
through the host's connection.  This is what I've done:

I installed a new version of Centos 6.5 on the hardware.  Starting 
with a Net-Install, I selected the Virtual Hosting, and later added 
"Desktop".  I ran "yum update" with some reboots until
nothing needed updating.

The host networking is IPV4 only, using DHCP.  (A different box on my 
home network provides DHCP and is a gateway to the internet.  I have 
a reservation in that DHCP so that the host always gets a known IP address)

Using a Gnome desktop, as a non-root user, I installed Windows 7 Pro 
from an image of an ISO I had copied onto the host.  In the 
"Networking" configuration, I chose "DEFAULT".  The
documentation of
KVM seems to imply that it should give me a NAT'ted interface to my 
host's connection (I wasn't worried about performance at this point).

When the installation was complete, Windows tries to configure the 
network.  Running the Windows command line "IPCONFIG" program, the 
Windows guest program does get an IP address from the host 
(192.168.122.xxx), but the guest cannot communicate to the outside 
world.  I can ping the host, but nothing else.

Is there some other magic sauce, perhaps in the IPTABLES of the host, 
that will allow the guest to use the internet?  I'm baffled.

On the KVM host, this is the result of  "iptables -L"

--------------------------------------

Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps
ACCEPT     all  --  anywhere             anywhere            state 
RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere
ACCEPT     tcp  --  anywhere             anywhere            state 
NEW tcp dpt:ssh
REJECT     all  --  anywhere             anywhere 
reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24    state 
RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere 
reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere 
reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere 
reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination

-------------------------------------

Thanks for your help.

David

On Fri, Feb 21, 2014 at 1:55 PM, david <david at daku.org>
wrote:
> Dear Linux Gurus
>
> I'm having problems with KVM and networking.  My guest cannot use NAT
> through the host's connection.  This is what I've done:
>
> I installed a new version of Centos 6.5 on the hardware.  Starting
> with a Net-Install, I selected the Virtual Hosting, and later added
> "Desktop".  I ran "yum update" with some reboots until
nothing needed updating.
>
> The host networking is IPV4 only, using DHCP.  (A different box on my
> home network provides DHCP and is a gateway to the internet.  I have
> a reservation in that DHCP so that the host always gets a known IP address)
>
> Using a Gnome desktop, as a non-root user, I installed Windows 7 Pro
> from an image of an ISO I had copied onto the host.  In the
> "Networking" configuration, I chose "DEFAULT".  The
documentation of
> KVM seems to imply that it should give me a NAT'ted interface to my
> host's connection (I wasn't worried about performance at this
point).
>
> When the installation was complete, Windows tries to configure the
> network.  Running the Windows command line "IPCONFIG" program,
the
> Windows guest program does get an IP address from the host
> (192.168.122.xxx), but the guest cannot communicate to the outside
> world.  I can ping the host, but nothing else.
>
> Is there some other magic sauce, perhaps in the IPTABLES of the host,
> that will allow the guest to use the internet?  I'm baffled.
Do you have ip_forwarding enabled in sysctl?

https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Security_Guide/sect-Security_Guide-Firewalls-FORWARD_and_NAT_Rules.html

-- 
   Les Mikesell
    lesmikesell at gmail.com

On 2/21/2014 11:55 AM, david wrote:
> I'm having problems with KVM and networking.  My guest cannot use NAT
> through the host's connection.
did you configure the KVM host to use bridging for the virtual network 
?   in this scenario, the KVM host is using br0 instead of eth0 for its 
own networking, eth0 and the virtual network are both bridged by 
br0.     in this configuration, your VMs appear to be on your LAN same 
as other non-VM systems, they'd get their DHCP stuff from the existing 
gateway router, etc.



-- 
john r pierce                                      37N 122W
somewhere on the middle of the left coast