2014-02-26 15:10 GMT+01:00 Laine Stump <laine@laine.org>:
On 02/26/2014 02:56 PM, Michal Privoznik wrote:
> On 25.02.2014 22:45, François Chenais wrote:
>> Hello
>>
>> I'm trying to setup a bridged guest on an ubuntu 13.10 but it doesn't
>> work.
>>
>> (Everything is ok with NAT)
>>
>> Network sniffing shows that arp replies don't come back to the guest.
>>
>>
>> Test 1
>> ------
>>
>> Guest : ping host_bridge_ip   (ok)
>>
>>
>>
>> Test 2
>> ------
>>
>> Guest: ping other_lan_host (KO)
>>
>>       other_lan_host
>>
>>              - receives arp who-is request
>>              - sends arp reply
>>              - arp -a   shows the guest macaddr
>>
>>
>>       => Guest doesn't receive reply
>>
>>
>> Test 3
>> ------
>>
>> other_lan_host ping the Guest   (KO)
>>
>>     - arp -a shows "incomplete" addr
>>     - Guest receives nothing
>>
>>
>> On Host
>> -------
>>
>> network tcpdump on bridge or vnet interfaces shows request but no
>> reply ...
>>
>>
>> Thanks in advance for help or ideas
>>
>>
>>      François
>>
>
> I suspect firewall. By my experience 99% of network issues is caused
> by firewall. Try flushing all tables and see if that helps.

..except that firewall problems usually prevent passing IP traffic, but
not ARP requests and responses.


... and tcpdump get IP traffic before FW .. and I have disable the FW ...

 
Can the guest ping the host?

Yes : see  Test 1
 
If not, then you may have something setup
incorrectly with the bridge. Send "ifconfig br0; ifconfig eth0; brctl
show" (replacing "br0" with whatever bridge device you have, and "eth0"
with the host physical ethernet that is attached to the bridge). The
guest's vnetX (tap device) and the "eth0" should be attached to br0 (the
bridge device), and br0 should have an IP address, but eth0 should *not*
have an IP address.


That's OK


 
Is this host plugged into a switch port that is locked down to a
particular MAC address? You may need to get the guest's MAC address
enabled at the switch by your IT department.


I'm the IT department, I'm doing those tests at home :)


It's works well at work on CentOS ...

 

Another thing to check is whether or not the ARP request is ever making
it out to the physical network device on the host - try running tcpdump
there as well. I've never encountered a Linux system that rejected
outgoing arp requests for any reason, but this sysctl makes me wonder
how that might get screwed up:

  root@vlap /home/laine>sysctl -a | grep bridge
  net.bridge.bridge-nf-call-arptables = 1
  [...]


I got 0 there ...


I've tried with an DSL box but, because I don't see reply on host,
I suspect a special configuration.  So I used  an alternate switch,
a netgear switch (GS608) but it fails to...


I just tried with a direct cable link between the host and other_computer
and ...  ** it's working ... **

It seems the 2 switches don't support multiple mac on the same port !!! :/


I didn't expect this but it's not so surprising with low price hardware ...

Thanks all !!


   François
 
PS: do I have to change the subject with RESOLVE ?