similar to: Host Machine and Iptables problem

Hi! hopefully someone can give me a hint with this: I need to create a vm with a point-to-point connection to the host using a /30 subnet. Right now i have this in the vm's xml for libvirt: <interface type="network" name="eth0" onboot="yes"> <source network="default"/> <mac address="02:fd:00:00:01:00"/>

Does this work? adding DROP to iptables on the virtual host's iptables, before the phys bridge....will it prevent those ips from getting to the bridged part of iptables? Or would a different syntax be used? -A INPUT -s 66.77.65.128/26 -j DROP -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT -A INPUT -j REJECT --reject-with icmp-host-prohibited -A FORWARD -j REJECT --reject-with

Hello, Firstly THANK YOU for the IPv6 NAT support merged in 6.5. It has been almost impossible to get IPv6 into a VM on a laptop that switches between wifi and wired (dock) connections, because you can not add a wifi interface to a bridge. I know NAT is against the IPv6 end-to-end xen but it makes this "just work" for the vast majority of people like me who need to ssh/curl/talk to

Hi, I'm trying to create a Virtual Machine using Network Install mode (I tried HTTP and FTP). The HTTP/FTP server where the installation files are located is the Host Machine. The URL that I'm using is: http://192.168.1.104/inst and the Automatic detect option detects the OS without problem. When the installation starts I got an error: Unable to retrieve

Hi everyone! :-) I have a problem with making a wireless USB dongle work under CentOS 6. The dongle is known to not work natively under Linux and last time I used it (cca 3 years ago) I managed to get it working using ndiswrapper. This time I was hoping to make it work again in the same way. But the "yum install kmod-ndiswrapper" reports the following (among other regular stuff):

Hi list, this probably isn't a completely libvirt-specific question but I'll try anyway. Please ignore if it is too much off-topic. On an Ubuntu (9.10) virtualisation host, running KVM and libvirt and several guests (Debian, Ubuntu, Windows Server 2003) in a bridged network fashion [1,2] I noticed that performing /etc/init.d/networking restart on the host completely cuts off all

Hi, I got this NOTE on most of the link. But I am not getting reason for this. Why someone should not add physical NIC to virbr0. I tried to add my eth1 to virbr0 and it get added. So whether it affects to some functionality of NAT network? -- Sagar Dilip Shedge, Pune. With Regards.

Hi, all I have a number of machines that are out of sync with one another by virtue of having done a yum update after a base 6.2 install at different times (all were previous CentOS 5.3) Consequently, systems are a mix of 2.6.32-220.7.1, 2.6.32-220.13.1 or 2.6.32-220.17.1. So 2 questions: - Is it possible to perform a yum update (or another other kind of update), specifying installation

After a simple `yum update` I got the following on reboot. Could not load /lib/modules/2.6.32-220.7.1.el6.x86_64/modules.dep: No such file or director FATAL: Could not load /lib/module.el6.x86_64/modules.dep: No such file or directory FATAL: Could not load /lib/modules/2.6.32-220.7.1.el6.x86_64/modules.dep: No such file or directory FATAL: Could not load

Hi all, Is anyone successfully running/has succesfully upgraded to 2.6.32-220 from, say, 2.6.32-71.29.1? (i.e. done a normal run-of-the-mill yum update on, say a 6.0 instance all the way up cleanly to 6.2? Reason I ask is that booting into -220 (and I think also into -131 as well) results in a kernel panic for me. Some digging around and the new kernel seems to be enumerating the drives with the

Hi, We are trying to track some specific rules using LOG as target. Everything is working well but the problem is that iptables is flooding the console with LOG messages. We tried --log level 4 on iptables rules but it didn't work. We fixed the problem changing KLOGD_OPTIONS value in /etc/sysconfig/syslog to: KLOG_OPTIONS="-c 4" Is it the best option or we are missing something?

On Mon, May 08, 2017 at 03:35:19PM +0100, Daniel P. Berrange wrote: >On Sat, May 06, 2017 at 08:09:49PM -0400, Dan wrote: >> On Fri, May 5, 2017 at 4:29 PM, Nicolas Bock <nicolasbock@gmail.com> wrote: >> >> > Hi, >> > >> > I am running a webserver on the libvirt host and would like to add a >> > nwfilter such that a VM can access that

Hello, I have several CentOS 6.2 hosts (2.6.32-220.7.1.el6.x86_64) that lock up when attempting to use the Gnome desktop from the console. I can always log in, but then all I get is the blue root window, the round initial mouse pointer, and nothing else. The last process associated with the console is "xprop -root" which strace shows as hanging indefinitely. There are cases

Hi, I have an fc14 install and would like to install a few kvm guests but am having difficulty with the networking. On the host I have disabled NetworkManager and configured a bridge which has eth0, the only physical interface on the server. I have a dhcp server on the local lan, and if I add a mac address entry to my dhcpd.conf, the guest will find an IP from there. I think somehow the guest

Hi All. I have a dell system with a H700 raid. Within the hardware RAID config I've created a "virtual disk" which I have assigned to one of my guests. On the host the device is "/dev/sdb", on the guest it's "/dev/vdb". This works fine. Within the guest, we have created lvm PV on /dev/vdb (using the whole disk - no partitions) and created a volume

Hello, I've created a routed network that forwards to a physical interface: <network> <name>default</name> <forward dev='eth0' mode='route'/> <mac address='52:54:00:f2:5b:4f'/> <ip address='192.168.100.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.100.10'

Hi all, I am trying to get iptables to work for me... I am running asterisk (11.23.0) on a C5 machine. Working fine on port 5060 udp. I have need to tcpenable=yes SIP and run that on port 5068. Since port 5060 is already running I was going to redirect 5068 to 5060. So I thought I could use iptables to do that - but does not seem to be working. 192.168.10.201 is my machine, 192.168.1.3 is the

Actually I do a similar thing. I use a VM as my home/office firewall. It works quite well and I would argue it is as secure as your standard firewall based on something like openWRT running on dedicated hardware. I also run a wireless AP in bridged mode to allow local network access on an appliance. There should be no reason that you could not put both on the same physical hardware. As for

On 10/18/2018 10:14 AM, Daniel P. Berrangé wrote: > On Wed, Oct 17, 2018 at 05:57:11PM +0200, Roman Vesely wrote: >> Hi everyone, >> >> I use Debian 9.5 Stretch and NFTABLES as a firewall. >> Using NFTABLES together with IPTABLES is not recommended, >> but libvirt depends on IPTABLES. >> >> Is it safe to run libvirt + kvm + virsh without IPTABLES?

Greetings, I've setup an vm with openwrt in it, defined a isolated lan between the vm and the host and booted the vm up. I see the vm is up, made sure the vnic is visible in both the host and guest and added it to the br in the guest. I've issued an dhcpd call on the vnic (labeled vnic0) in the host and got an ip, see: dagg@NCC-5001D ~ $ dhcpcd vnet0 DUID