Re: [libvirt-users] Starting libvirtd cuts off host access to external network
On Fri, Jun 24, 2011 at 12:14:50AM +0100, PLD wrote:
I've spent some hours on this without success - any help greatly
appreciated.
I've just done a new RHEL6 setup, with a KVM guest (first time). The
basic installation works fine until I start libvirtd; at this point,
the host machine loses access to the external network:
step 1: ping from host to network works; external machine on network
can ping both eth0 and br1 on the host
step 2: /sbin/service libvirtd start
step 3: ping from host to network fails; external machine on the
network can't ping either eth0 or br1 on the host
Stopping libvirtd (/sbin/service libvirtd stop) makes no difference
- the network remains unreachable.
Any idea why this would happen? I have installed a kvm guest, using
the default network script at
/etc/libvirtd/qemu/networks/default.xml (although I've changed the
IP addresses to be on my subnet, and the DHCP server returns only
one address).
And therein lies your mistake, I believe. The libvirt virtual
network functionality is *not* for attaching your guests to
the physical LAN. If you want guests to have addresses on
the physical LAN, you want to just setup bridging for your
physical NICs and attach the guest to the bridge.
The libvirt virtual network functionality is for providing
NAT based connections to the guest, with the guest network
having a *different* IP range to the physical LAN. By
changing the libvirt network to have an IP address which
is on your LAN subnet, the firewall rules will likely have
killed all your host connectivity.
The virtual network stuff is not deactived when stopping
libvirtd. Instead use the following to stop it
virsh net-destroy default
virsh net-autostart --disable default
and the firewall rules should then go away.
I have also configured a bridge; I've attached ifcfg-eth0,
ifcfg-eth1, and ifcfg-br1 below. I haven't changed any iptables
configuration. If I run the guest (also RHEL6) the guest can talk to
the host, but it can't see the outside world.
Yes, this is what you want. Revert your changes to the default
virtual network and just use this bridge setup.
Basically you want to follow setup 2 here:
http://wiki.libvirt.org/page/Networking
What you have tried todo is to use setup1 & 2 at the same
time which is not good :-)
Regards,
Daniel
--
|: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :|
|: http://libvirt.org -o- http://virt-manager.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|