2014-02-26 21:36 GMT+01:00 François Chenais <francois.chenais@xxxxxxxxx>:
>
>
>
>
> 2014-02-26 15:10 GMT+01:00 Laine Stump <laine@xxxxxxxxx>:
>
>> On 02/26/2014 02:56 PM, Michal Privoznik wrote:
>> > On 25.02.2014 22:45, François Chenais wrote:
>> >> Hello
>> >>
>> >> I'm trying to setup a bridged guest on an ubuntu 13.10 but it doesn't
>> >> work.
>> >>
>> >> (Everything is ok with NAT)
>> >>
>> >> Network sniffing shows that arp replies don't come back to the guest.
>> >>
>> >>
>> >> Test 1
>> >> ------
>> >>
>> >> Guest : ping host_bridge_ip (ok)
>> >>
>> >>
>> >>
>> >> Test 2
>> >> ------
>> >>
>> >> Guest: ping other_lan_host (KO)
>> >>
>> >> other_lan_host
>> >>
>> >> - receives arp who-is request
>> >> - sends arp reply
>> >> - arp -a shows the guest macaddr
>> >>
>> >>
>> >> => Guest doesn't receive reply
>> >>
>> >>
>> >> Test 3
>> >> ------
>> >>
>> >> other_lan_host ping the Guest (KO)
>> >>
>> >> - arp -a shows "incomplete" addr
>> >> - Guest receives nothing
>> >>
>> >>
>> >> On Host
>> >> -------
>> >>
>> >> network tcpdump on bridge or vnet interfaces shows request but no
>> >> reply ...
>> >>
>> >>
>> >> Thanks in advance for help or ideas
>> >>
>> >>
>> >> François
>> >>
>> >
>> > I suspect firewall. By my experience 99% of network issues is caused
>> > by firewall. Try flushing all tables and see if that helps.
>>
>> ..except that firewall problems usually prevent passing IP traffic, but
>> not ARP requests and responses.
>>
>
> ... and tcpdump get IP traffic before FW .. and I have disable the FW ...
>
>
>>
>> Can the guest ping the host?
>
>
> Yes : see Test 1
>
>>
>> If not, then you may have something setup
>> incorrectly with the bridge. Send "ifconfig br0; ifconfig eth0; brctl
>> show" (replacing "br0" with whatever bridge device you have, and "eth0"
>> with the host physical ethernet that is attached to the bridge). The
>> guest's vnetX (tap device) and the "eth0" should be attached to br0 (the
>> bridge device), and br0 should have an IP address, but eth0 should *not*
>> have an IP address.
>>
>
> That's OK
>
>
>
>>
>> Is this host plugged into a switch port that is locked down to a
>> particular MAC address? You may need to get the guest's MAC address
>> enabled at the switch by your IT department.
>>
>
> I'm the IT department, I'm doing those tests at home :)
>
>
> It's works well at work on CentOS ...
>
>
>>
>>
>> Another thing to check is whether or not the ARP request is ever making
>> it out to the physical network device on the host - try running tcpdump
>> there as well. I've never encountered a Linux system that rejected
>> outgoing arp requests for any reason, but this sysctl makes me wonder
>> how that might get screwed up:
>>
>> root@vlap /home/laine>sysctl -a | grep bridge
>> net.bridge.bridge-nf-call-arptables = 1
>> [...]
>>
>>
> I got 0 there ...
>
>
> I've tried with an DSL box but, because I don't see reply on host,
> I suspect a special configuration. So I used an alternate switch,
> a netgear switch (GS608) but it fails to...
>
>
> I just tried with a direct cable link between the host and other_computer
> and ... ** it's working ... **
>
> It seems the 2 switches don't support multiple mac on the same port !!! :/
>
>
> I didn't expect this but it's not so surprising with low price hardware ...
>
>
> Thanks all !!
>
>
>
> François
>
> PS: do I have to change the subject with RESOLVE ?
>
Not at all ...
I've just tried using macvlan (type bridge), which set new mac addr and ...
it's working .... !!!?:/
___
| |
| 0
| /|\
| /\
|
-------------
As Michal suggests, it's perhaps a bad FW configuration or maybe
I forgot something in my tests or the error is SO BIG that I don't
see it 8-|
I'll make some new tests to understand this error
Thanks a lot ...
_______________________________________________
libvirt-users mailing list
libvirt-users@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/libvirt-users
