[libvirt-users] Can't NAT in KVM
Good morning, list, I've been trying to get my KVM virtual machines to connect to the Interwebs for the last 3 hours with no success. I'm running Debian Wheezy (fully patched) and building virtual machines using KVM in Virt Manager. With the default, factory settings shown in virt manager, I have a default virtual network with the device name virbr0, which starts on boot and uses the default IPv4 subnets. I also have the default lo (loopback) network interface. I have tried creating a Windows 8 Release Preview machine and a Kubuntu Live CD machine. Despite recognising the hardware and network interface, neither machine will connect to the Internet. From what I can see in both virtual machines, it seems that neither is getting a DHCP lease from virbr0. I'm not sure what's broken or where to start looking for trouble because both the logs and the documentation are fairly sparse. Other possibly relevant information: I have a simple firewall configured with Firestarter in Wheezy. I use Network Manager to manage my only wireless connection to the world. I don't want to set up any fancy bridging or override /etc/interfaces because I only use virtual machines rarely but I rely on Network Manager to set up my laptop's networks so I don't have to. Any suggestions on how I can plug the v-machines to the web? With thanks, Borden
On 07/27/2012 09:15 AM, Borden Rhodes wrote:
Good morning, list,
I've been trying to get my KVM virtual machines to connect to the Interwebs for the last 3 hours with no success. I'm running Debian Wheezy (fully patched) and building virtual machines using KVM in Virt Manager.
With the default, factory settings shown in virt manager, I have a default virtual network with the device name virbr0, which starts on boot and uses the default IPv4 subnets. I also have the default lo (loopback) network interface.
I have tried creating a Windows 8 Release Preview machine and a Kubuntu Live CD machine. Despite recognising the hardware and network interface, neither machine will connect to the Internet. From what I can see in both virtual machines, it seems that neither is getting a DHCP lease from virbr0. I'm not sure what's broken or where to start looking for trouble because both the logs and the documentation are fairly sparse.
There is nothing in /var/log/libvirtd.log that could be used? My wild guess would be you don't have dnsmasq installed. If yes, check if some dnsmasq process is running any and if the default network is started. Martin
Thank you for the tips. There was nothing of interest in the libvirt logs and dnsmasq seems to be installed correctly, but perhaps this configuration information will help: LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin HOME=/root USER=root LOGNAME=root QEMU_AUDIO_DRV=spice /usr/bin/kvm -S -M pc-0.15 -cpu core2duo,+lahf_lm,+osxsave,+xsave,+sse4.1,+pdcm,+xtpr,+cx16,+tm2,+est,+vmx,+ds_cpl,+dtes64,+pbe,+tm,+ht,+ss,+acpi,+ds -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -name KubuntuLiveCD -uuid bfe78349-5409-d439-3ba5-545ada8727bc -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/BootDiskTest.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-reboot -no-shutdown -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive file=/home/borden/kubuntu-12.04-desktop-i386.iso,if=none,id=drive-ide0-1-0,readonly=on,format=raw -device ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0,bootindex=1 -netdev tap,fd=20,id=hostnet0 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:e3:80:11,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -spice port=5900,addr=127.0.0.1,disable-ticketing -vga qxl -global qxl-vga.vram_size=67108864 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6 It turns out when I was poking through dmesg that I discovered that Firestarter was, indeed, blocking the virtual machines from getting an IP address. Which ports/services do I have to open in the firewall to let DHCP do its work? I can't find anything in the documentation which says that firewalls can cause problems. Perhaps someone should mention that? The problem isn't quite solved yet. Although the virtual machines can an IP address, they cannot connect to the Internet. The connections time out when I try to connect out. Suggestions? With thanks, Borden
Can you just disable the firewall and see whether it works or not . On Fri, Jul 27, 2012 at 10:26 PM, Borden Rhodes <jrvp@bordenrhodes.com>wrote:
Thank you for the tips. There was nothing of interest in the libvirt logs and dnsmasq seems to be installed correctly, but perhaps this configuration information will help:
LC_ALL=C PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin HOME=/root USER=root LOGNAME=root QEMU_AUDIO_DRV=spice /usr/bin/kvm -S -M pc-0.15 -cpu
core2duo,+lahf_lm,+osxsave,+xsave,+sse4.1,+pdcm,+xtpr,+cx16,+tm2,+est,+vmx,+ds_cpl,+dtes64,+pbe,+tm,+ht,+ss,+acpi,+ds -enable-kvm -m 2048 -smp 2,sockets=2,cores=1,threads=1 -name KubuntuLiveCD -uuid bfe78349-5409-d439-3ba5-545ada8727bc -nodefconfig -nodefaults -chardev
socket,id=charmonitor,path=/var/lib/libvirt/qemu/BootDiskTest.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-reboot -no-shutdown -device piix3-usb-uhci,id=usb,bus=pci.0,addr=0x1.0x2 -device virtio-serial-pci,id=virtio-serial0,bus=pci.0,addr=0x5 -drive
file=/home/borden/kubuntu-12.04-desktop-i386.iso,if=none,id=drive-ide0-1-0,readonly=on,format=raw -device ide-cd,bus=ide.1,unit=0,drive=drive-ide0-1-0,id=ide0-1-0,bootindex=1 -netdev tap,fd=20,id=hostnet0 -device
virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:e3:80:11,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -chardev spicevmc,id=charchannel0,name=vdagent -device
virtserialport,bus=virtio-serial0.0,nr=1,chardev=charchannel0,id=channel0,name=com.redhat.spice.0 -spice port=5900,addr=127.0.0.1,disable-ticketing -vga qxl -global qxl-vga.vram_size=67108864 -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x6
It turns out when I was poking through dmesg that I discovered that Firestarter was, indeed, blocking the virtual machines from getting an IP address. Which ports/services do I have to open in the firewall to let DHCP do its work? I can't find anything in the documentation which says that firewalls can cause problems. Perhaps someone should mention that?
The problem isn't quite solved yet. Although the virtual machines can an IP address, they cannot connect to the Internet. The connections time out when I try to connect out. Suggestions?
With thanks,
Borden
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
-- Thanks Vipul Borikar "Our task must be to free ourselves...by widening our circle of compassion to embrace all living creatures and the whole of nature and its beauty."
On 28 July 2012 01:23, vipul borikar <vipulcell@gmail.com> wrote:
Can you just disable the firewall and see whether it works or not .
I did that. The virtual machine can get an IP address now but can't connect to the Internet. The VMs can, however, connect to the Apache server I run on my laptop (the host) if I direct a browser to the VM's gateway (192.168.122.1). However, it's not a DNS issue because I also cannot connect to, say, Google using its IP address.
On 07/28/2012 01:41 AM, Borden Rhodes wrote:
On 28 July 2012 01:23, vipul borikar <vipulcell@gmail.com> wrote:
Can you just disable the firewall and see whether it works or not . I did that. The virtual machine can get an IP address now but can't connect to the Internet. The VMs can, however, connect to the Apache server I run on my laptop (the host) if I direct a browser to the VM's gateway (192.168.122.1). However, it's not a DNS issue because I also cannot connect to, say, Google using its IP address.
Even though you've disabled your firewall management application, there could still be rules left around that are messing things up, or ip forwarding could have been turned off. Try restarting libvirtd - that will reload all of libvirt's iptables rules as well as setting ip_forward back on. If that doesn't get you going, take a look through the other network-related topics at: http://wiki.libvirt.org/page/Troubleshooting That entire list of topics was created by looking through mailing list archives and IRC logs, an picking out the most common problems and their causes.
On 07/27/2012 03:15 AM, Borden Rhodes wrote:
I have tried creating a Windows 8 Release Preview machine and a Kubuntu Live CD machine. Despite recognising the hardware and network interface, neither machine will connect to the Internet. From what I can see in both virtual machines, it seems that neither is getting a DHCP lease from virbr0. I'm not sure what's broken or where to start looking for trouble because both the logs and the documentation are fairly sparse.
http://wiki.libvirt.org/page/PXE_boot_%28or_dhcp%29_on_guest_failed My first guess would be that the iptables rules installed by libvirt are being overridden.
participants (4)
-
Borden Rhodes -
Laine Stump -
Martin Kletzander -
vipul borikar