From mboxrd@z Thu Jan 1 00:00:00 1970 From: Lorenzo Milesi Subject: Weird networking problem Date: Tue, 18 Dec 2012 17:45:05 +0100 (CET) Message-ID: <684330288.74269.1355849105068.JavaMail.root@yetopen.it> References: <2075397403.74263.1355849057712.JavaMail.root@yetopen.it> Mime-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit To: kvm@vger.kernel.org Return-path: Received: from mail.ufficyo.com ([109.69.131.226]:43858 "EHLO mail.ufficyo.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S932097Ab2LRQvu (ORCPT ); Tue, 18 Dec 2012 11:51:50 -0500 Received: from localhost (localhost [127.0.0.1]) by mail.ufficyo.com (Postfix) with ESMTP id 456A81C327E for ; Tue, 18 Dec 2012 17:45:40 +0100 (CET) Received: from mail.ufficyo.com ([127.0.0.1]) by localhost (mail.ufficyo.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4jq0D4B7BP7V for ; Tue, 18 Dec 2012 17:45:17 +0100 (CET) Received: from mail.ufficyo.com (quaglia.yetopen.it [10.22.22.190]) by mail.ufficyo.com (Postfix) with ESMTP id E90521C31D1 for ; Tue, 18 Dec 2012 17:45:15 +0100 (CET) In-Reply-To: <2075397403.74263.1355849057712.JavaMail.root@yetopen.it> Sender: kvm-owner@vger.kernel.org List-ID: Hi. I'm experiencing weird network problems on a KVM installation. OS is Ubuntu 12.04, qemu 1.0+noroms-0ubuntu14.3, kernel 3.2.0-34-generic. eth0 is attached to LAN -> br0 eth2 is attached to WAN -> br1 Debian config follows: auto eth0 iface eth0 inet manual auto br0 iface br0 inet static address 192.168.1.47 netmask 255.255.255.0 gateway 192.168.1.1 dns-nameservers 192.168.1.1 8.8.8.8 bridge_ports eth0 bridge_stp off bridge_fd 0 bridge_maxwait 0 auto eth2 iface eth2 inet manual auto br1 iface br1 inet manual bridge_ports eth2 bridge_stp off bridge_fd 0 bridge_maxwait 0 I've configured a single guest to work a firewall (pfsense). Using version 2.1 beta which supports virtualized drivers. XML config [1]. Problem: I've configured a VPN to another network (network B). >>From Network B, I can ping & ssh to 192.168.1.49 (another physical host on the lan), but I can only ping my kvm physical host, all TCP connection (ssh) gets lost. I have similar problem with port forward, while I can ssh to .49 I cannot to .47. I managed to catch a tcpdump while trying to ssh to .47: tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on vtnet0, link-type EN10MB (Ethernet), capture size 96 bytes 12:18:21.720364 IP my.host.com.34242 > 192.168.1.47.ssh: Flags [S], seq 2689263164, win 14600, options [mss 1412,sackOK,TS val 2912170 ecr 0,nop,wscale 7], length 0 12:18:21.720760 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127905521 ecr 2912170,nop,wscale 7], length 0 12:18:22.718447 IP my.host.com.34242 > 192.168.1.47.ssh: Flags [S], seq 2689263164, win 14600, options [mss 1412,sackOK,TS val 2912420 ecr 0,nop,wscale 7], length 0 12:18:22.718814 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127905770 ecr 2912170,nop,wscale 7], length 0 12:18:22.923054 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127905821 ecr 2912170,nop,wscale 7], length 0 12:18:24.723703 IP my.host.com.34242 > 192.168.1.47.ssh: Flags [S], seq 2689263164, win 14600, options [mss 1412,sackOK,TS val 2912921 ecr 0,nop,wscale 7], length 0 12:18:24.724103 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127906272 ecr 2912170,nop,wscale 7], length 0 12:18:24.935085 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127906325 ecr 2912170,nop,wscale 7], length 0 12:18:28.734360 IP my.host.com.34242 > 192.168.1.47.ssh: Flags [S], seq 2689263164, win 14600, options [mss 1412,sackOK,TS val 2913924 ecr 0,nop,wscale 7], length 0 12:18:28.734737 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127907274 ecr 2912170,nop,wscale 7], length 0 12:18:28.947166 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127907328 ecr 2912170,nop,wscale 7], length 0 12:18:36.751056 IP my.host.com.34242 > 192.168.1.47.ssh: Flags [S], seq 2689263164, win 14600, options [mss 1412,sackOK,TS val 2915928 ecr 0,nop,wscale 7], length 0 12:18:36.751477 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127909279 ecr 2912170,nop,wscale 7], length 0 12:18:36.975114 IP 192.168.1.47.ssh > my.host.com.34242: Flags [S.], seq 1214622068, ack 2689263165, win 14480, options [mss 1460,sackOK,TS val 127909335 ecr 2912170,nop,wscale 7], length 0 I know it's not an issue with the firewall, because I've tried another distro and I had other kind of issue, always network related. Any idea? thanks! P.S. please reply all as I'm not subscribed [1] pfsense 36d77162-3e9c-5317-d011-9b61a9bfb887 1548288 1548288 1 hvm destroy restart restart /usr/bin/qemu-system-x86_64