From mboxrd@z Thu Jan 1 00:00:00 1970 From: Brian Jackson Subject: Re: KVM VM's facing public network Date: Tue, 29 Jan 2013 15:37:52 -0600 Message-ID: <20130129153752.0eb06687@PeterVenkman> References: <51080C91.8090204@gmail.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: QUOTED-PRINTABLE Cc: kvm@vger.kernel.org To: Hugo R =?ISO-8859-1?Q?Hern=E1ndez-Mora?= Return-path: Received: from theiggy.com ([66.220.1.110]:59302 "EHLO mail.theiggy.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1750809Ab3A2Vh4 convert rfc822-to-8bit (ORCPT ); Tue, 29 Jan 2013 16:37:56 -0500 In-Reply-To: <51080C91.8090204@gmail.com> Sender: kvm-owner@vger.kernel.org List-ID: On Tue, 29 Jan 2013 12:53:21 -0500 Hugo R Hern=E1ndez-Mora wrote: > Hello there, > we are experiencing a problem by configuring a KVM bridged networking > to share a public network interface between the KVM host and the VMs.= =20 > Currently, our KVM server has set three network interfaces as follows= : >=20 > * eth0: 192.168.10.101/23 (main interface for public network - no > bridge) > * eth1 <--> br1: 192.168.10.201/23 (KVM VMs connected to public > network) > * eth3 <--> br3: 10.7.10.201/23 (KVM VMs connected to LAN) >=20 > We have followed instructions as from Red Hat as well as from > diferrent web sites and we are not able to get the VMs to get access > into/from the public network. Here is a more detailed configuration > for the KVM host: >=20 > ifcfg-eth0 > DEVICE=3Deth0 > ONBOOT=3Dyes > HWADDR=3DAC:80:B2:14:C5:EE > BOOTPROTO=3Dnone > IPADDR=3D192.168.10.101 > NETMASK=3D255.255.254.0 >=20 > ifcfg-eth1 > DEVICE=3Deth1 > ONBOOT=3Dyes > HWADDR=3DAC:80:B2:4E:D3:28 > BRIDGE=3Dbr1 >=20 > ifcfg-br1 > DEVICE=3Dbr1 > ONBOOT=3Dyes > TYPE=3DBridge > BOOTPROTO=3Dnone > IPADDR=3D192.168.10.201 > NETMASK=3D255.255.254.0 > STP=3Doff > DELAY=3D0 >=20 > ifcfg-eth3 > DEVICE=3Deth3 > ONBOOT=3Dyes > HWADDR=3DAC:80:B2:4E:D3:2A > BRIDGE=3Dbr3 >=20 > ifcfg-br3 > DEVICE=3Dbr3 > ONBOOT=3Dyes > TYPE=3DBridge > BOOTPROTO=3Dstatic > IPADDR=3D10.7.10.201 > NETMASK=3D255.255.254.0 > STP=3Doff > DELAY=3D0 >=20 > network > NETWORKING=3Dyes > HOSTNAME=3Dkvm1.public-lan.net > GATEWAY=3D192.168.10.1 >=20 > For iptables/routing, we have followed instructions as explained on=20 > http://www.linux-kvm.org/page/Networking#public_bridge > *nat > :POSTROUTING ACCEPT [0:0] > -A POSTROUTING --out-interface br1 -j MASQUERADE > COMMIT > :FORWARD ACCEPT [0:0] > -A FORWARD --in-interface br1 -j ACCEPT >=20 > Hostside: > Allow IPv4 forwarding and add route to client (could be put in a > script=20 > - route has to be added after the client has started): > sysctl -w net.ipv4.ip_forward=3D1 # allow forwarding of IPv4 > route add -host dev # add route to the > client >=20 > Clientside: > Default GW of the client is of course then the host ( has > to be in same subnet as ...): > route add default gw What do the client configs look like? What network options are you passing to qemu/kvm (or just the whole command line)? If your guests and host are in the same subnet, why are you masquerading/routing? Why not just use standard bridging? >=20 > But it doesn't seem to work. My assumption the problem is related > with a wrong setting of the firewall on the iptables. Could you > please advice? Your help will be greatly appreciated! >=20 > We are running Scientific Linux 6.2 on the KVM server as well as on > the VMs. There is no network issue by accessing the LAN between VMs > but only to face the public network. >=20 > Thanks in advance, > -Hugo > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in > the body of a message to majordomo@vger.kernel.org > More majordomo info at http://vger.kernel.org/majordomo-info.html