On 01/02/2013 06:10 AM, Dale Amon wrote: > I have shifted some VM's to a new server running Quantal > and have had a world of trouble. The first one was caused > by issues with an apparently compiled in path in their > apparmor version which forced VM pools to be in /srv or > similar rather than where I wanted them. For now this was > not a big issue, and thankfully the server where it would > be a big time problem (there are individual drives per > major customer or user) is Debian. > > But... I still have issues. The networking has changed > considerably and although I can get my VM running, I cannot > reach it. > > The new quantal machines give you something like this: > > br0 Link encap:Ethernet HWaddr **** > inet addr:10.0.0.xx Bcast:10.0.0.255 Mask:255.255.255.0 > inet6 addr: *****/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > p6p1 Link encap:Ethernet HWaddr **** > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > virbr0 Link encap:Ethernet HWaddr **** > inet addr:192.168.122.1 Bcast:192.168.122.255 Mask:255.255.255.0 > UP BROADCAST MULTICAST MTU:1500 Metric:1 > > vnet0 Link encap:Ethernet HWaddr fe:54:00:84:3c:4f > inet6 addr: fe80::fc54:ff:fe84:3c4f/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > The VM machine has a static ip on the same network, ie 10.0.0.x. It > worked fine on the old server but is not reachable (and cannot > connect outward). > > Forwarding is turned on: > cat /proc/sys/net/ipv4/ip_forward > 1 Since you say the guests have 10.0.0.x IP addresses, I'm assuming that they are connected to br0, and not virbr0 ("virsh dumpxml $guestname" or "brctl show" would give that information). If that's the case, then the setting of ip_forward is irrelevent, since the forwarding will be done at L2 by the Linux host bridge, not at L3 by IP. It's possible that net.bridge.bridge-nf-call-iptables is set to 1 ("sysctl net.bridge.bridge-nf-call-iptables"), which would mean that all guest traffic would go through iptables as it crossed the bridge, and some rule in your host's filters might be blocking it. You can set that to 0 in /etc/sysctl.conf (followed by "sysctl -p"). To see if traffic is being blocked by iptables, you can run this script on the host, then try sending traffic from the guest and see if new lines are printed out: while true; do iptables -S -v -Z | grep -v "c 0 " | grep REJECT; sleep 1; done For some other ideas of what might be going wrong, look at the network-related topics in the libvirt wiki troubleshooting guide: http://wiki.libvirt.org/page/Troubleshooting If you find that you have a problem not already covered there, feel free to add a new entry describing your problem and the eventual solution. > The VM has > > eth0 Link encap:Ethernet HWaddr **** > inet addr:10.0.0.xx Bcast:10.0.0.255 Mask:255.255.255.0 > inet6 addr: *****/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > An attempt to ping from the VM to anything outside gives a "Destination > host unreachable" message. > > It has been a long time since I set the old machine up, so I > may well have forgotten some step.