libvirt users - Sep 2015 - Can't get cable connection working on virtual router machine

I'm pretty new to KVM and have a KVM CentOS 7.1 hypervisor running a few
VMs. I'm moving all my VMs from an ESXi host as I want to use KVM in
future. Most of my VMs are working except for one which is running a Sophos
UTM router (Sophos UTM is similar to products like pfSense
<https://www.pfsense.org/>, Smoothwall <http://www.smoothwall.org/>
etc).

The host has 3 physical NICs which are configured on the Sophos VM as:
1) LAN (fixed IP)
2) DMZ (fixed IP)
3) WAN (which is directly plugged into a cable modem for the internet
connection and is configured DHCP).

I have imported the settings from the "old" Sophos machine so I know
the
configuration of the new one is identical to the old one. I have even tried
configuring the NICs to have the same MAC addresses as the old one.

The problem is that no matter what I try I cannot get the WAN NIC to get an
internet link up and running with my cable modem. I have re-installed the
VM countless times, turned off the modem and VM, done a factory reset of
the modem, and, as I mentioned, ensured the MAC addresses are the same.
Nothing I try has been successful.

The network interfaces on the new Sophos VM look like this:
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
link/ether 00:0c:29:79:d4:de brd ff:ff:ff:ff:ff:ff
inet 192.168.0.254/24 brd 192.168.0.255 scope global eth0
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast state
UP group default qlen 1000
link/ether 00:0c:29:79:d4:e8 brd ff:ff:ff:ff:ff:ff
4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state
UP group default qlen 1000
link/ether 00:0c:29:79:d4:f2 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.254/24 brd 192.168.1.255 scope global eth2
valid_lft forever preferred_lft forever

I also found this in the /var/log/system.log of the Sophos VM:
2015:08:29-12:04:05 sop dhclient: DHCPDISCOVER on eth1 to 255.255.255.255
port 67 interval 6
2015:08:29-12:04:11 sop dhclient: DHCPDISCOVER on eth1 to 255.255.255.255
port 67 interval 13
2015:08:29-12:04:24 sop dhclient: DHCPDISCOVER on eth1 to 255.255.255.255
port 67 interval 2
2015:08:29-12:04:26 sop dhclient: No DHCPOFFERS received.

I have shut down firewalld on the KVM host so I don't think there are any
firewall rules blocking this.

As soon as I fire up the original Sophos VM on ESXi the internet connection
works perfectly again.

If I can't get this VM running on KVM it's a show-stopper. Can anyone
suggest what might be going on that is preventing the WAN link from
connecting? Or suggest a way of troubleshooting this?

Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://listman.redhat.com/archives/libvirt-users/attachments/20150901/fdbba3cb/attachment.htm>

Can you please drop a rough diagram here? I think you are routing through this
VM and must have shared the host interface.


- ajey

On Tue, Sep 1, 2015 at 7:39 AM, Phill Edwards <philledwards at gmail.com>
wrote:
> I'm pretty new to KVM and have a KVM CentOS 7.1 hypervisor running a
few
> VMs. I'm moving all my VMs from an ESXi host as I want to use KVM in
> future. Most of my VMs are working except for one which is running a Sophos
> UTM router (Sophos UTM is similar to products like pfSense
> <https://www.pfsense.org/>, Smoothwall
<http://www.smoothwall.org/> etc).
> The host has 3 physical NICs which are configured on the Sophos VM as:
> 1) LAN (fixed IP)
> 2) DMZ (fixed IP)
> 3) WAN (which is directly plugged into a cable modem for the internet
> connection and is configured DHCP).
> I have imported the settings from the "old" Sophos machine so I
know the
> configuration of the new one is identical to the old one. I have even tried
> configuring the NICs to have the same MAC addresses as the old one.
> The problem is that no matter what I try I cannot get the WAN NIC to get an
> internet link up and running with my cable modem. I have re-installed the
> VM countless times, turned off the modem and VM, done a factory reset of
> the modem, and, as I mentioned, ensured the MAC addresses are the same.
> Nothing I try has been successful.
> The network interfaces on the new Sophos VM look like this:
> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state
> UP group default qlen 1000
> link/ether 00:0c:29:79:d4:de brd ff:ff:ff:ff:ff:ff
> inet 192.168.0.254/24 brd 192.168.0.255 scope global eth0
> valid_lft forever preferred_lft forever
> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1472 qdisc pfifo_fast
state
> UP group default qlen 1000
> link/ether 00:0c:29:79:d4:e8 brd ff:ff:ff:ff:ff:ff
> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state
> UP group default qlen 1000
> link/ether 00:0c:29:79:d4:f2 brd ff:ff:ff:ff:ff:ff
> inet 192.168.1.254/24 brd 192.168.1.255 scope global eth2
> valid_lft forever preferred_lft forever
> I also found this in the /var/log/system.log of the Sophos VM:
> 2015:08:29-12:04:05 sop dhclient: DHCPDISCOVER on eth1 to 255.255.255.255
> port 67 interval 6
> 2015:08:29-12:04:11 sop dhclient: DHCPDISCOVER on eth1 to 255.255.255.255
> port 67 interval 13
> 2015:08:29-12:04:24 sop dhclient: DHCPDISCOVER on eth1 to 255.255.255.255
> port 67 interval 2
> 2015:08:29-12:04:26 sop dhclient: No DHCPOFFERS received.
> I have shut down firewalld on the KVM host so I don't think there are
any
> firewall rules blocking this.
> As soon as I fire up the original Sophos VM on ESXi the internet connection
> works perfectly again.
> If I can't get this VM running on KVM it's a show-stopper. Can
anyone
> suggest what might be going on that is preventing the WAN link from
> connecting? Or suggest a way of troubleshooting this?
> Thanks in advance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL:
<http://listman.redhat.com/archives/libvirt-users/attachments/20150831/15ed912e/attachment.htm>

Hi, I'm not sure what sort of diagram you mean, but I'll have a try.
Does
this help? It sounds like I need to do something to enable routing on what
I've labelled "NIC3" on the diagram - can you please explain what
I need to
do?

[image: Inline image 1]

Regards,
Phill

On Tue, Sep 1, 2015 at 4:53 PM, Ajey Gore <ajeygore@gmail.com> wrote:
> Can you please drop a rough diagram here? I think you are routing through
> this VM and must have shared the host interface.
>
> - ajey
>
>
>
> On Tue, Sep 1, 2015 at 7:39 AM, Phill Edwards
<philledwards@gmail.com>
> wrote:
>
>> I'm pretty new to KVM and have a KVM CentOS 7.1 hypervisor running
a few
>> VMs. I'm moving all my VMs from an ESXi host as I want to use KVM
in
>> future. Most of my VMs are working except for one which is running a
Sophos
>> UTM router (Sophos UTM is similar to products like pfSense
>> <https://www.pfsense.org/>, Smoothwall
<http://www.smoothwall.org/> etc).
>>
>> The host has 3 physical NICs which are configured on the Sophos VM as:
>> 1) LAN (fixed IP)
>> 2) DMZ (fixed IP)
>> 3) WAN (which is directly plugged into a cable modem for the internet
>> connection and is configured DHCP).
>>
>> I have imported the settings from the "old" Sophos machine so
I know the
>> configuration of the new one is identical to the old one. I have even
tried
>> configuring the NICs to have the same MAC addresses as the old one.
>>
>> The problem is that no matter what I try I cannot get the WAN NIC to
get
>> an internet link up and running with my cable modem. I have
re-installed
>> the VM countless times, turned off the modem and VM, done a factory
reset
>> of the modem, and, as I mentioned, ensured the MAC addresses are the
same.
>> Nothing I try has been successful.
>>
>> The network interfaces on the new Sophos VM look like this:
>> 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast
>> state UP group default qlen 1000
>> link/ether 00:0c:29:79:d4:de brd ff:ff:ff:ff:ff:ff
>> inet 192.168.0.254/24 brd 192.168.0.255 scope global eth0
>> valid_lft forever preferred_lft forever
>> 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1472 qdisc
pfifo_fast
>> state UP group default qlen 1000
>> link/ether 00:0c:29:79:d4:e8 brd ff:ff:ff:ff:ff:ff
>> 4: eth2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc
pfifo_fast
>> state UP group default qlen 1000
>> link/ether 00:0c:29:79:d4:f2 brd ff:ff:ff:ff:ff:ff
>> inet 192.168.1.254/24 brd 192.168.1.255 scope global eth2
>> valid_lft forever preferred_lft forever
>>
>> I also found this in the /var/log/system.log of the Sophos VM:
>> 2015:08:29-12:04:05 sop dhclient: DHCPDISCOVER on eth1 to
255.255.255.255
>> port 67 interval 6
>> 2015:08:29-12:04:11 sop dhclient: DHCPDISCOVER on eth1 to
255.255.255.255
>> port 67 interval 13
>> 2015:08:29-12:04:24 sop dhclient: DHCPDISCOVER on eth1 to
255.255.255.255
>> port 67 interval 2
>> 2015:08:29-12:04:26 sop dhclient: No DHCPOFFERS received.
>>
>> I have shut down firewalld on the KVM host so I don't think there
are any
>> firewall rules blocking this.
>>
>> As soon as I fire up the original Sophos VM on ESXi the internet
>> connection works perfectly again.
>>
>> If I can't get this VM running on KVM it's a show-stopper. Can
anyone
>> suggest what might be going on that is preventing the WAN link from
>> connecting? Or suggest a way of troubleshooting this?
>>
>> Thanks in advance.
>>
>
>

>
> I'm pretty new to KVM and have a KVM CentOS 7.1 hypervisor running a
few
> VMs. I'm moving all my VMs from an ESXi host as I want to use KVM in
> future. Most of my VMs are working except for one which is running a Sophos
> UTM router (Sophos UTM is similar to products like pfSense
> <https://www.pfsense.org/>, Smoothwall
<http://www.smoothwall.org/> etc).
>
> The host has 3 physical NICs which are configured on the Sophos VM as:
> 1) LAN (fixed IP)
> 2) DMZ (fixed IP)
> 3) WAN (which is directly plugged into a cable modem for the internet
> connection and is configured DHCP).
>
> I have imported the settings from the "old" Sophos machine so I
know the
> configuration of the new one is identical to the old one. I have even tried
> configuring the NICs to have the same MAC addresses as the old one.
>
> The problem is that no matter what I try I cannot get the WAN NIC to get
> an internet link up and running with my cable modem. I have re-installed
> the VM countless times, turned off the modem and VM, done a factory reset
> of the modem, and, as I mentioned, ensured the MAC addresses are the same.
> Nothing I try has been successful.
>
>
>
After hours and hours of trying to get this to work and failing, this is
what I did:

1) Overwrote the CentOS KVM installation with Citrix Xenserver  to see if a
Sophos UTM VM on XenServer would connect to the modem - it did.
2) So then I re-installed CentOS and KVM using instructions from
http://linux.dell.com/files/whitepapers/KVM_Virtualization_in_RHEL_7_Made_Easy.pdf
.
3) Re-installed the Sophos UTM VM (making sure I used the same MAC
addresses for the NICs as the original), turned the modem off and back on,
and hey presto everything worked!

Not sure why all that was necessary but anyway, glad to have it working
now.