On 04/20/2014 06:31 AM, Patric Buskas wrote:
Hi,

I'm new to libvirt so please bear with me.

I am trying to set up a routed subnet on my laptop with libvirt, hoping it to be able to communicate with all servers in my nw.
My laptop is on a subnet, 192.168.2.0/24, with a static ip, 192.168.2.27.
I have "more or less" followed this guide for routed networks, https://www.berrange.com/posts/2009/12/13/routed-subnets-without-nat-for-libvirt-managed-virtual-machines-in-fedora/
The "more or less" part is that I have a Asus RT-N56U router with the static route set as in the guide and I'm not running wifi.
With this setup I can reach, within the 192.168.200.0/24, all guests within 192.168.200.0/24, internet and the laptop but I can not reach any server on the laptop subnet.
traceroute from guests to servers in the laptop subnet is only giving "stars" infinitely
nmap from guests to services in the laptop subnet is saying "filtered"

When you say "laptop subnet", you mean the physical network, i.e. 192.168.2.0/24, correct?

If your guests can reach the internet, then 1) the laptop has ip_forwarding set correctly, and 2) your router has a proper static IP to get the response packets back to the guest. And I would assume that the laptop is properly routing packets from guests that are destined for the directly-connected 192.168.2.0/24 subnet. So the two possible failure points left are:

1) possibly the laptop has some other iptables rule setup externally to libvirt which blocks either the outgoing packets towards 192.168.2.0, or incoming responses from 192.168.2.0. You should run tcpdump on the laptop's eth0 (and on the servers on the physical net) looking for packets with the guest & physical server's IP addresses to see just how far the outgoing packet gets (or if it gets all the way, how far back the response gets); that can give you a clue where rules need to be tweaked. (based on the output of iptable -L, this doesn't seem likely, but you should still verify it)

2) possibly your router isn't properly redirecting packets from 192.168.2.0 that are destined for 192.168.200.0 back out the same interface they arrived on (that would be a broken router, but I've seen worse things happen in consumer grade networking equipment). Again, you should run tcpdump on the server to see what kind of traffic it is sending out for response, and to what *MAC* address it is sending it (is it going to the router, or directly to the laptop - add "-e" to the tcpdump commandline to see the ethernet (MAC) addresses of all logged packets.


Obviously I've done something wrong but I can't find out what.
I also may have misunderstood the meaning of routed network within libvirt.
Please give me some advise to solve this problem.

Some facts:
The laptop is running Ubuntu 13.04
The net-dumpxml
https://gist.github.com/kakbit/11103807
Routing on laptop
https://gist.github.com/kakbit/11103832
iptables on laptop
https://gist.github.com/kakbit/11103947


_______________________________________________
libvirt-users mailing list
libvirt-users@redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users