From: Sebastian Frenger <sf@frenger-it.de>
To: "Alpár Török" <torokalpar@gmail.com>
Cc: kvm@vger.kernel.org
Subject: Re: ssh into kvm-guests
Date: Fri, 11 Jun 2010 20:39:03 +0200 [thread overview]
Message-ID: <1276281543.2306.16.camel@webClient> (raw)
In-Reply-To: <1276267764.2053.19.camel@webClient>
so, finally, some news:
embarassing, that i didn't check it, but, when i disable iptables in
kvm-guest, it works...
interestingly, i set up ssh allows by system-config-firewall, as always
in the past (on physically, real machines, none virtual), and it looks
al right, ssh is allowed. nevertheless it does not work in my
kvm-guests. i will now continue to 'patch' my iptables-rules.
thank you, without your hint with tcpdump and the prohibited-line the
fog would never have been lifted for me.
Am Freitag, den 11.06.2010, 16:49 +0200 schrieb brizly vaan van
Ulciputz:
> Am Freitag, den 11.06.2010, 10:10 +0300 schrieb Alpár Török :
> > What i ment is stopping the VPN server. Completely, just to make sure
> > it isn't interfering
> done. that was the easiest part.
>
> > tcpdump -i br0 port 22 (or whatever port you have sshd running on)
> server is 192.168.23.29
> kvm-guest is 192.168.23.108
> gateway is 192.168.23.254 (which should not be part of route, here?)
>
> i started dump on server, than tried to "ssh 192.168.23.108", and
> this is it: http://fpaste.org/Usfs/
> (could it paste directly here, but think it's hard to read in here).
>
> Interesting i think is line 7:
> IP 192.168.23.108 > 192.168.23.29: ICMP host 192.168.23.108 unreachable
> - admin prohibited, length 68
>
> but i don't know how to fix ist. which admin has prohibited what?
>
> > I'm not familiar with openVPN. Does it use one of the bridges ?
> > I will assume it uses tun0 and br0 , and the VM uses vnet0 as a tap
> > since it doesn't have an IP assigned, while tap0 has. Still it's
> > strange that the bridges are on different subnets.
> i see just one bridge, br0?
> openvpn uses 192.168.24.0, which, i think, is tunX for.
> the _real_ network is 192.168.23.0, which is 'linked' to br0 and used by
> eth0.
> > Is this
> > intentional? Which subnet is the actual _real_ network. If you want
> > your guests on a separate subnet, you need to set the host as GW and
> > enable ip_forward, but it's probably simpler to just bridge them to
> > the real network.
> for me it's no matter if the guests are on same physical network or bridged.
> at the end i want to reach them by another openvpn-network-client (e.g.
> remote notebook). Nice if the although should be reachable local without
> vpn, but there is not really a need.
>
> bevore 'installing' the bridge the kvm-guests was on separate network,
> the default kvm-generated network (in my case, 192.168.122.0), but the
> effects was the same :-(
prev parent reply other threads:[~2010-06-11 19:10 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2010-06-09 17:42 ssh into kvm-guests brizly vaan van Ulciputz
[not found] ` <AANLkTikCxlBx859Ed-lB24l13qaSfoJ_0YMBOi0CTayC@mail.gmail.com>
[not found] ` <1276204426.1995.7.camel@webClient>
[not found] ` <AANLkTilJqGNREtLOIVkziWMpoV5nVZnGR_dsoXj1nz44@mail.gmail.com>
[not found] ` <1276267764.2053.19.camel@webClient>
2010-06-11 18:39 ` Sebastian Frenger [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=1276281543.2306.16.camel@webClient \
--to=sf@frenger-it.de \
--cc=kvm@vger.kernel.org \
--cc=torokalpar@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.