From: Lorenzo Milesi <maxxer@ufficyo.com>
To: kvm@vger.kernel.org
Subject: Weird networking problem
Date: Tue, 18 Dec 2012 17:45:05 +0100 (CET) [thread overview]
Message-ID: <684330288.74269.1355849105068.JavaMail.root@yetopen.it> (raw)
In-Reply-To: <2075397403.74263.1355849057712.JavaMail.root@yetopen.it>
Hi.
I'm experiencing weird network problems on a KVM installation.
OS is Ubuntu 12.04, qemu 1.0+noroms-0ubuntu14.3, kernel 3.2.0-34-generic.
eth0 is attached to LAN -> br0
eth2 is attached to WAN -> br1
Debian config follows:
auto eth0
iface eth0 inet manual
auto br0
iface br0 inet static
address 192.168.1.47
netmask 255.255.255.0
gateway 192.168.1.1
dns-nameservers 192.168.1.1 8.8.8.8
bridge_ports eth0
bridge_stp off
bridge_fd 0
bridge_maxwait 0
auto eth2
iface eth2 inet manual
auto br1
iface br1 inet manual
bridge_ports eth2
bridge_stp off
bridge_fd 0
bridge_maxwait 0
I've configured a single guest to work a firewall (pfsense). Using version 2.1 beta which supports virtualized drivers.
XML config [1].
Problem: I've configured a VPN to another network (network B).
>From Network B, I can ping & ssh to 192.168.1.49 (another physical host on the lan), but I can only ping my kvm physical host, all TCP connection (ssh) gets lost.
I have similar problem with port forward, while I can ssh to .49 I cannot to .47.
I managed to catch a tcpdump while trying to ssh to .47:
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on vtnet0, link-type EN10MB (Ethernet), capture size 96 bytes
12:18:21.720364 IP my.host.com.34242 > 192.168.1.47.ssh: Flags [S], seq 2689263164, win 14600, options [mss 1412,sackOK,TS val 2912170 ecr 0,nop,wscale 7], length 0
12:18:21.720760 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127905521 ecr 2912170,nop,wscale 7], length 0
12:18:22.718447 IP my.host.com.34242 > 192.168.1.47.ssh: Flags [S], seq 2689263164, win 14600, options [mss 1412,sackOK,TS val 2912420 ecr 0,nop,wscale 7], length 0
12:18:22.718814 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127905770 ecr 2912170,nop,wscale 7], length 0
12:18:22.923054 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127905821 ecr 2912170,nop,wscale 7], length 0
12:18:24.723703 IP my.host.com.34242 > 192.168.1.47.ssh: Flags [S], seq 2689263164, win 14600, options [mss 1412,sackOK,TS val 2912921 ecr 0,nop,wscale 7], length 0
12:18:24.724103 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127906272 ecr 2912170,nop,wscale 7], length 0
12:18:24.935085 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127906325 ecr 2912170,nop,wscale 7], length 0
12:18:28.734360 IP my.host.com.34242 > 192.168.1.47.ssh: Flags [S], seq 2689263164, win 14600, options [mss 1412,sackOK,TS val 2913924 ecr 0,nop,wscale 7], length 0
12:18:28.734737 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127907274 ecr 2912170,nop,wscale 7], length 0
12:18:28.947166 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127907328 ecr 2912170,nop,wscale 7], length 0
12:18:36.751056 IP my.host.com.34242 > 192.168.1.47.ssh: Flags [S], seq 2689263164, win 14600, options [mss 1412,sackOK,TS val 2915928 ecr 0,nop,wscale 7], length 0
12:18:36.751477 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127909279 ecr 2912170,nop,wscale 7], length 0
12:18:36.975114 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127909335 ecr 2912170,nop,wscale 7], length 0
I know it's not an issue with the firewall, because I've tried another distro and I had other kind of issue, always network related.
Any idea?
thanks!
P.S. please reply all as I'm not subscribed
[1]
<domain type='qemu' id='5'>
<name>pfsense</name>
<uuid>36d77162-3e9c-5317-d011-9b61a9bfb887</uuid>
<memory>1548288</memory>
<currentMemory>1548288</currentMemory>
<vcpu>1</vcpu>
<os>
<type arch='x86_64' machine='pc-1.0'>hvm</type>
<boot dev='hd'/>
<bootmenu enable='no'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/bin/qemu-system-x86_64</emulator>
<disk type='block' device='disk'>
<driver name='qemu' type='raw'/>
<source dev='/dev/depsrv01lv/pfsense'/>
<target dev='vda' bus='virtio'/>
<alias name='virtio-disk0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</disk>
<disk type='block' device='cdrom'>
<driver name='qemu' type='raw'/>
<target dev='hdc' bus='ide'/>
<readonly/>
<alias name='ide0-1-0'/>
<address type='drive' controller='0' bus='1' unit='0'/>
</disk>
<controller type='ide' index='0'>
<alias name='ide0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<interface type='bridge'>
<mac address='52:54:00:7e:03:aa'/>
<source bridge='br0'/>
<target dev='vnet0'/>
<model type='virtio'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</interface>
<interface type='bridge'>
<mac address='52:54:00:08:e5:84'/>
<source bridge='br1'/>
<target dev='vnet1'/>
<model type='virtio'/>
<alias name='net1'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
</interface>
<serial type='pty'>
<source path='/dev/pts/2'/>
<target port='0'/>
<alias name='serial0'/>
</serial>
<console type='pty' tty='/dev/pts/2'>
<source path='/dev/pts/2'/>
<target type='serial' port='0'/>
<alias name='serial0'/>
</console>
<input type='mouse' bus='ps2'/>
<graphics type='vnc' port='5900' autoport='yes'/>
<video>
<model type='cirrus' vram='9216' heads='1'/>
<alias name='video0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
</video>
<memballoon model='virtio'>
<alias name='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</memballoon>
</devices>
<seclabel type='dynamic' model='apparmor' relabel='yes'>
<label>libvirt-36d77162-3e9c-5317-d011-9b61a9bfb887</label>
<imagelabel>libvirt-36d77162-3e9c-5317-d011-9b61a9bfb887</imagelabel>
</seclabel>
</domain>
--
Lorenzo Milesi - lorenzo.milesi@yetopen.it
GPG/PGP Key-Id: 0xE704E230 - http://keyserver.linux.it
next parent reply other threads:[~2012-12-18 16:51 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <2075397403.74263.1355849057712.JavaMail.root@yetopen.it>
2012-12-18 16:45 ` Lorenzo Milesi [this message]
2012-12-19 11:57 ` Weird networking problem Stefan Hajnoczi
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=684330288.74269.1355849105068.JavaMail.root@yetopen.it \
--to=maxxer@ufficyo.com \
--cc=kvm@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.