Re: [libvirt-users] bridge / ubuntu / no arp reply

2014-02-26 15:10 GMT+01:00 Laine Stump <laine(a)laine.org&gt;: > On 02/26/2014 02:56 PM, Michal Privoznik wrote: > > On 25.02.2014 22:45, François Chenais wrote: > >> Hello > >> > >> I'm trying to setup a bridged guest on an ubuntu 13.10 but it doesn't > >> work. > >> > >> (Everything is ok with NAT) > >> > >> Network sniffing shows that arp replies don't come back to the guest. > >> > >> > >> Test 1 > >> ------ > >> > >> Guest : ping host_bridge_ip (ok) > >> > >> > >> > >> Test 2 > >> ------ > >> > >> Guest: ping other_lan_host (KO) > >> > >> other_lan_host > >> > >> - receives arp who-is request > >> - sends arp reply > >> - arp -a shows the guest macaddr > >> > >> > >> => Guest doesn't receive reply > >> > >> > >> Test 3 > >> ------ > >> > >> other_lan_host ping the Guest (KO) > >> > >> - arp -a shows "incomplete" addr > >> - Guest receives nothing > >> > >> > >> On Host > >> ------- > >> > >> network tcpdump on bridge or vnet interfaces shows request but no > >> reply ... > >> > >> > >> Thanks in advance for help or ideas > >> > >> > >> François > >> > > > > I suspect firewall. By my experience 99% of network issues is caused > > by firewall. Try flushing all tables and see if that helps. > > ..except that firewall problems usually prevent passing IP traffic, but > not ARP requests and responses. > ... and tcpdump get IP traffic before FW .. and I have disable the FW ... > > Can the guest ping the host? Yes : see Test 1 > > If not, then you may have something setup > incorrectly with the bridge. Send "ifconfig br0; ifconfig eth0; brctl > show" (replacing "br0" with whatever bridge device you have, and "eth0" > with the host physical ethernet that is attached to the bridge). The > guest's vnetX (tap device) and the "eth0" should be attached to br0 (the > bridge device), and br0 should have an IP address, but eth0 should *not* > have an IP address. > That's OK > > Is this host plugged into a switch port that is locked down to a > particular MAC address? You may need to get the guest's MAC address > enabled at the switch by your IT department. > I'm the IT department, I'm doing those tests at home :) It's works well at work on CentOS ... > > > Another thing to check is whether or not the ARP request is ever making > it out to the physical network device on the host - try running tcpdump > there as well. I've never encountered a Linux system that rejected > outgoing arp requests for any reason, but this sysctl makes me wonder > how that might get screwed up: > > root@vlap /home/laine>sysctl -a | grep bridge > net.bridge.bridge-nf-call-arptables = 1 > [...] > > I got 0 there ... I've tried with an DSL box but, because I don't see reply on host, I suspect a special configuration. So I used an alternate switch, a netgear switch (GS608) but it fails to... I just tried with a direct cable link between the host and other_computer and ... ** it's working ... ** It seems the 2 switches don't support multiple mac on the same port !!! :/ I didn't expect this but it's not so surprising with low price hardware ...

Thanks all !!

François PS: do I have to change the subject with RESOLVE ?