On 02/26/2014 02:56 PM, Michal Privoznik wrote: > On 25.02.2014 22:45, François Chenais wrote: >> Hello >> >> I'm trying to setup a bridged guest on an ubuntu 13.10 but it doesn't >> work. >> >> (Everything is ok with NAT) >> >> Network sniffing shows that arp replies don't come back to the guest. >> >> >> Test 1 >> ------ >> >> Guest : ping host_bridge_ip (ok) >> >> >> >> Test 2 >> ------ >> >> Guest: ping other_lan_host (KO) >> >> other_lan_host >> >> - receives arp who-is request >> - sends arp reply >> - arp -a shows the guest macaddr >> >> >> => Guest doesn't receive reply >> >> >> Test 3 >> ------ >> >> other_lan_host ping the Guest (KO) >> >> - arp -a shows "incomplete" addr >> - Guest receives nothing >> >> >> On Host >> ------- >> >> network tcpdump on bridge or vnet interfaces shows request but no >> reply ... >> >> >> Thanks in advance for help or ideas >> >> >> François >> > > I suspect firewall. By my experience 99% of network issues is caused > by firewall. Try flushing all tables and see if that helps. ..except that firewall problems usually prevent passing IP traffic, but not ARP requests and responses. Can the guest ping the host? If not, then you may have something setup incorrectly with the bridge. Send "ifconfig br0; ifconfig eth0; brctl show" (replacing "br0" with whatever bridge device you have, and "eth0" with the host physical ethernet that is attached to the bridge). The guest's vnetX (tap device) and the "eth0" should be attached to br0 (the bridge device), and br0 should have an IP address, but eth0 should *not* have an IP address. Is this host plugged into a switch port that is locked down to a particular MAC address? You may need to get the guest's MAC address enabled at the switch by your IT department. Another thing to check is whether or not the ARP request is ever making it out to the physical network device on the host - try running tcpdump there as well. I've never encountered a Linux system that rejected outgoing arp requests for any reason, but this sysctl makes me wonder how that might get screwed up: root@vlap /home/laine>sysctl -a | grep bridge net.bridge.bridge-nf-call-arptables = 1 [...] _______________________________________________ libvirt-users mailing list libvirt-users@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvirt-users