On 04/20/2014 06:31 AM, Patric Buskas wrote:
Hi,
I'm new to libvirt so please bear with me.
I am trying to set up a routed subnet on my laptop with libvirt,
hoping it to be able to communicate with all servers in my nw.
My laptop is on a subnet, 192.168.2.0/24 <
http://192.168.2.0/24>, with
a static ip, 192.168.2.27.
I have "more or less" followed this guide for routed networks,
https://www.berrange.com/posts/2009/12/13/routed-subnets-without-nat-for-...
The "more or less" part is that I have a Asus RT-N56U router with the
static route set as in the guide and I'm not running wifi.
With this setup I can reach, within the 192.168.200.0/24
<
http://192.168.200.0/24>, all guests within 192.168.200.0/24
<
http://192.168.200.0/24>, internet and the laptop but I can not reach
any server on the laptop subnet.
traceroute from guests to servers in the laptop subnet is only giving
"stars" infinitely
nmap from guests to services in the laptop subnet is saying "filtered"
When you say "laptop subnet", you mean the physical network, i.e.
192.168.2.0/24, correct?
If your guests can reach the internet, then 1) the laptop has
ip_forwarding set correctly, and 2) your router has a proper static IP
to get the response packets back to the guest. And I would assume that
the laptop is properly routing packets from guests that are destined for
the directly-connected 192.168.2.0/24 subnet. So the two possible
failure points left are:
1) possibly the laptop has some other iptables rule setup externally to
libvirt which blocks either the outgoing packets towards 192.168.2.0, or
incoming responses from 192.168.2.0. You should run tcpdump on the
laptop's eth0 (and on the servers on the physical net) looking for
packets with the guest & physical server's IP addresses to see just how
far the outgoing packet gets (or if it gets all the way, how far back
the response gets); that can give you a clue where rules need to be
tweaked. (based on the output of iptable -L, this doesn't seem likely,
but you should still verify it)
2) possibly your router isn't properly redirecting packets from
192.168.2.0 that are destined for 192.168.200.0 back out the same
interface they arrived on (that would be a broken router, but I've seen
worse things happen in consumer grade networking equipment). Again, you
should run tcpdump on the server to see what kind of traffic it is
sending out for response, and to what *MAC* address it is sending it (is
it going to the router, or directly to the laptop - add "-e" to the
tcpdump commandline to see the ethernet (MAC) addresses of all logged
packets.
Obviously I've done something wrong but I can't find out
what.
I also may have misunderstood the meaning of routed network within
libvirt.
Please give me some advise to solve this problem.
Some facts:
The laptop is running Ubuntu 13.04
The net-dumpxml
https://gist.github.com/kakbit/11103807
Routing on laptop
https://gist.github.com/kakbit/11103832
iptables on laptop
https://gist.github.com/kakbit/11103947
_______________________________________________
libvirt-users mailing list
libvirt-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users