10:31 p.m.
Hi. First of all thank you for the work you are doing with libvirt.
I am not sure this is the right place to ask, I'd appreciate
if you can give me any hint or directions.
I have several similar KVM Linux boxes and one of them has a really
strange behavior with the KVM NAT: It just suddenly stops from
working.
This is a Linux Ubuntu Server 19.04 with
- libvirt-bin 4.0.0
- qemu-kvm 1:2.11
Everything works fine and then suddenly the virtual machines
can't reach outside. If I run a tcpdump in the host I see
the NAT isn't working.
When the server just boots I can see the packets with the
server address going out:
x.y.z.w.49138 > 8.8.8.8.53
Then, it may be some hours or days later, instead the server
address I see the internal domains address:
192.168.122.33.19132 > 8.8.8.8.53
^^^^^^^^^^^^^^
I try to restart the iptables but it won't help.
Any hints ? Thank you very much
12:15 a.m.
On 9/2/19 10:31 AM, Francesc Guasch wrote:
Hi. First of all thank you for the work you are doing with libvirt.
I am not sure this is the right place to ask, I'd appreciate
if you can give me any hint or directions.
I have several similar KVM Linux boxes and one of them has a really
strange behavior with the KVM NAT: It just suddenly stops from
working.
This is a Linux Ubuntu Server 19.04 with
- libvirt-bin 4.0.0
- qemu-kvm 1:2.11
Everything works fine and then suddenly the virtual machines
can't reach outside. If I run a tcpdump in the host I see
the NAT isn't working.
When the server just boots I can see the packets with the
server address going out:
x.y.z.w.49138 > 8.8.8.8.53
Then, it may be some hours or days later, instead the server
address I see the internal domains address:
192.168.122.33.19132 > 8.8.8.8.53
^^^^^^^^^^^^^^
I try to restart the iptables but it won't help.
Any hints ? Thank you very much
1) On a freshly booted machine with running clients connected to
libvirt's default network (and successfully sending/receiving traffic,
of course :-), get a dump of all active iptables rules with
iptables-save >iptables-working.txt
2) At whatever later time when you notice that the NAT is no longer
working properly, get another dump of all the rules with
iptables-save >iptables-broken.txt
and compare those two files to see what has changed.
Most likely some other piece of software (a firewall management utility
maybe?) has loaded a new rule that takes precedence over one of the
rules added by libvirt.
If seeing the rule that was added doesn't point you at the culprit, you
can see if restarting libvirtd will fix your problem - whenever libvirtd
is restarted, all iptables rules associated with libvirt's virtual
networks are reloaded (which will put them back at the beginning of the
chain, thus fixing any broken precedence).
1:20 a.m.
El 3/9/19 a les 18:15, Laine Stump ha escrit:
On 9/2/19 10:31 AM, Francesc Guasch wrote:
> Hi. First of all thank you for the work you are doing with libvirt.
> I am not sure this is the right place to ask, I'd appreciate
> if you can give me any hint or directions.
>
> I have several similar KVM Linux boxes and one of them has a really
> strange behavior with the KVM NAT: It just suddenly stops from
> working.
> Any hints ? Thank you very much
1) On a freshly booted machine with running clients connected to
libvirt's default network (and successfully sending/receiving traffic,
of course :-), get a dump of all active iptables rules with
iptables-save >iptables-working.txt
2) At whatever later time when you notice that the NAT is no longer
working properly, get another dump of all the rules with
iptables-save >iptables-broken.txt
and compare those two files to see what has changed.
Thank you very much Laine, good point !
I am waiting for it to fail again to compare both iptables.
6:28 a.m.
Hi,
can the host reach Internet?
Send us the route table of the host and some one of the guests. The
iptables config file should help too.
Best Regards.
Daniel Romero P.
On Tue, Sep 3, 2019 at 1:22 PM Francesc Guasch <frankie(a)telecos.upc.edu>
wrote:
El 3/9/19 a les 18:15, Laine Stump ha escrit:
> On 9/2/19 10:31 AM, Francesc Guasch wrote:
>> Hi. First of all thank you for the work you are doing with libvirt.
>> I am not sure this is the right place to ask, I'd appreciate
>> if you can give me any hint or directions.
>>
>> I have several similar KVM Linux boxes and one of them has a really
>> strange behavior with the KVM NAT: It just suddenly stops from
>> working.
>> Any hints ? Thank you very much
>
> 1) On a freshly booted machine with running clients connected to
> libvirt's default network (and successfully sending/receiving traffic,
> of course :-), get a dump of all active iptables rules with
>
> iptables-save >iptables-working.txt
>
> 2) At whatever later time when you notice that the NAT is no longer
> working properly, get another dump of all the rules with
>
> iptables-save >iptables-broken.txt
>
> and compare those two files to see what has changed.
>
Thank you very much Laine, good point !
I am waiting for it to fail again to compare both iptables.
_______________________________________________
libvirt-users mailing list
libvirt-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvirt-users
1831
days inactive
1832
days old
3 comments
3 participants
participants (3)
-
Daniel Romero -
Francesc Guasch -
Laine Stump