OK, either I have taken a stupid pill and am missing something basic or
routed network do not work.
I assume that, if they did work, it would be in more or less that same
manner as a nat network as far as ping'ing, ssh'ing, etc. to another
real host on the same real LAN as the virtualization host. At least that
is what I believe I should expect.
I have googled for info and everything says that it should work. On of
the referenced documents was this:
http://berrange.com/posts/2009/12/13/routed-subnets-without-nat-for-libvirt-managed-virtual-machines-in-fedora/
I checked through everything and it all matches what is in the
document. I can go from the guest to the host (ping, ssh, etc) but not
from that guest to another real host on the same real LAN.
I am patching the relevant info below:
----------------------------------
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.p32p1.forwarding = 1
net.ipv4.conf.virbr8.forwarding = 1
--------------------------------
<network>
<name>routed</name>
<uuid>1b2a0197-e708-165c-f266-6822e73cfbdd</uuid>
<forward dev='p32p1' mode='route'>
<interface dev='p32p1'/>
</forward>
<bridge name='virbr8' stp='on' delay='0' />
<mac address='52:54:00:B9:59:49'/>
<domain name='routed'/>
<ip address='192.168.123.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.123.128' end='192.168.123.254'
/>
</dhcp>
</ip>
</network>
-------------------------------
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT udp -- virbr8 * 0.0.0.0/0
0.0.0.0/0 udp dpt:53
0 0 ACCEPT tcp -- virbr8 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:53
0 0 ACCEPT udp -- virbr8 * 0.0.0.0/0
0.0.0.0/0 udp dpt:67
0 0 ACCEPT tcp -- virbr8 * 0.0.0.0/0
0.0.0.0/0 tcp dpt:67
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
0 0 ACCEPT all -- p32p1 virbr8 0.0.0.0/0 192.168.123.0/24
0 0 ACCEPT all -- virbr8 p32p1 192.168.123.0/24 0.0.0.0/0
0 0 ACCEPT all -- virbr8 virbr8 0.0.0.0/0 0.0.0.0/0
0 0 REJECT all -- * virbr8 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
0 0 REJECT all -- virbr8 * 0.0.0.0/0
0.0.0.0/0 reject-with icmp-port-unreachable
------------------------------
This is Fedora 17 with an updated libvirt 0.10.1-4.fc17 [another system
with the same "problem" is running libvirt 0.10.2-1.fc17].
Anyone know what is going on?
BTW, I searched bugzilla for the comment containing the string routed
filed against packages libvirt, qemu, qemu-kvm, or kvm ...Result .. no hits!
If this is really a bug rather than something I did or did not do, then
nobody is using routed virtual networks.
BTW, I have a real F17 systems sitting between to networks on two
different NICs and it routes things nicely, thank you very much. It
does work but not for the virtual networks.
I would really like it to be something I am missing.
Gene