[libvirt-users] KVM NAT stops from working
Hi. First of all thank you for the work you are doing with libvirt. I am not sure this is the right place to ask, I'd appreciate if you can give me any hint or directions. I have several similar KVM Linux boxes and one of them has a really strange behavior with the KVM NAT: It just suddenly stops from working. This is a Linux Ubuntu Server 19.04 with - libvirt-bin 4.0.0 - qemu-kvm 1:2.11 Everything works fine and then suddenly the virtual machines can't reach outside. If I run a tcpdump in the host I see the NAT isn't working. When the server just boots I can see the packets with the server address going out: x.y.z.w.49138 > 8.8.8.8.53 Then, it may be some hours or days later, instead the server address I see the internal domains address: 192.168.122.33.19132 > 8.8.8.8.53 ^^^^^^^^^^^^^^ I try to restart the iptables but it won't help. Any hints ? Thank you very much
On 9/2/19 10:31 AM, Francesc Guasch wrote:
Hi. First of all thank you for the work you are doing with libvirt. I am not sure this is the right place to ask, I'd appreciate if you can give me any hint or directions.
I have several similar KVM Linux boxes and one of them has a really strange behavior with the KVM NAT: It just suddenly stops from working.
This is a Linux Ubuntu Server 19.04 with - libvirt-bin 4.0.0 - qemu-kvm 1:2.11
Everything works fine and then suddenly the virtual machines can't reach outside. If I run a tcpdump in the host I see the NAT isn't working.
When the server just boots I can see the packets with the server address going out:
x.y.z.w.49138 > 8.8.8.8.53
Then, it may be some hours or days later, instead the server address I see the internal domains address:
192.168.122.33.19132 > 8.8.8.8.53 ^^^^^^^^^^^^^^
I try to restart the iptables but it won't help.
Any hints ? Thank you very much
1) On a freshly booted machine with running clients connected to libvirt's default network (and successfully sending/receiving traffic, of course :-), get a dump of all active iptables rules with iptables-save >iptables-working.txt 2) At whatever later time when you notice that the NAT is no longer working properly, get another dump of all the rules with iptables-save >iptables-broken.txt and compare those two files to see what has changed. Most likely some other piece of software (a firewall management utility maybe?) has loaded a new rule that takes precedence over one of the rules added by libvirt. If seeing the rule that was added doesn't point you at the culprit, you can see if restarting libvirtd will fix your problem - whenever libvirtd is restarted, all iptables rules associated with libvirt's virtual networks are reloaded (which will put them back at the beginning of the chain, thus fixing any broken precedence).
El 3/9/19 a les 18:15, Laine Stump ha escrit:
On 9/2/19 10:31 AM, Francesc Guasch wrote:
Hi. First of all thank you for the work you are doing with libvirt. I am not sure this is the right place to ask, I'd appreciate if you can give me any hint or directions.
I have several similar KVM Linux boxes and one of them has a really strange behavior with the KVM NAT: It just suddenly stops from working.
Any hints ? Thank you very much
1) On a freshly booted machine with running clients connected to libvirt's default network (and successfully sending/receiving traffic, of course :-), get a dump of all active iptables rules with
iptables-save >iptables-working.txt
2) At whatever later time when you notice that the NAT is no longer working properly, get another dump of all the rules with
iptables-save >iptables-broken.txt
and compare those two files to see what has changed.
Thank you very much Laine, good point ! I am waiting for it to fail again to compare both iptables.
Hi, can the host reach Internet? Send us the route table of the host and some one of the guests. The iptables config file should help too. Best Regards. Daniel Romero P. On Tue, Sep 3, 2019 at 1:22 PM Francesc Guasch <frankie@telecos.upc.edu> wrote:
El 3/9/19 a les 18:15, Laine Stump ha escrit:
On 9/2/19 10:31 AM, Francesc Guasch wrote:
Hi. First of all thank you for the work you are doing with libvirt. I am not sure this is the right place to ask, I'd appreciate if you can give me any hint or directions.
I have several similar KVM Linux boxes and one of them has a really strange behavior with the KVM NAT: It just suddenly stops from working.
Any hints ? Thank you very much
1) On a freshly booted machine with running clients connected to libvirt's default network (and successfully sending/receiving traffic, of course :-), get a dump of all active iptables rules with
iptables-save >iptables-working.txt
2) At whatever later time when you notice that the NAT is no longer working properly, get another dump of all the rules with
iptables-save >iptables-broken.txt
and compare those two files to see what has changed.
Thank you very much Laine, good point !
I am waiting for it to fail again to compare both iptables.
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
participants (3)
-
Daniel Romero -
Francesc Guasch -
Laine Stump