Re: No outbound connectivity from guest VM(fedora 32)

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 6/8/20 8:55 AM, Justin Stephenson wrote:
On Mon, Jun 8, 2020 at 5:09 AM Daniel P. Berrangé <berrange@xxxxxxxxxx> wrote:

On Fri, Jun 05, 2020 at 01:27:08PM -0400, Justin Stephenson wrote:
Hi,

I recently installed a fresh install of Fedora 32 and I am having
trouble with my virtual machine networking, I can ssh and connect into
my guest VMs from my host, but the guest VMs cannot ping out to the
internet.

I am using the "default" NAT virtual network, the interesting thing is
I have made no configuration changes on my host or in the guest VMs,
simply created and installed two VMs(Fedora and RHEL8) in Fedora where
the VMs are having the same issue.

I am happy to provide any logs or command output if that would help.

Do you have "podman" installed on your host ? As there is an issue
with podman loading "br_netfilter" which is harming libvirt default
network traffic..

Hi, yes I am using podman for some development tasks. However I don't
see any br_netfilter module loaded:

  # lsmod | grep br_netfilter
  # grep 'netfilter' /proc/modules

I'm not sure if it matters but my host laptop is also connected wirelessly.

Since it's not the "problem du jour" with F32, here's a few other things you can try:

1) Try "systemctl restart libvirtd.service" (which reloads libvirt's iptables rules), and then start the VM again to see if the problem is solved. (If this fixes it, then something that is starting after libvirtd.service is adding a firewall rule that blocks the outbound guest traffic)

2) You say this was a fresh install of F32. Have yourun dnf update to make sure you have all post-release updates to libvirt and firewalld packages? If not, try that first.

(BTW, can you ssh from guest to host?)

3) see if you can ping from the guest to the outside network. If you can ping but can't ssh, then again there is a firewall problem. make sure the libvirt zone exists in firewalld config, and that virbr0 is a part of that zone. (aside from allowing inbound dns, dhcp and ssh from guests to the host, the libvirt zone has a default "ACCEPT" policy, which will allow packets to be forwarded from the guest through the host. If virbr0 is on a different zone, then the default policy won't be ACCEPT, and forwarded traffic will be rejected. all libvirt networks are put into firewalld's "libvirt" zone by default, so this should always be the case)

Beyond those suggestions, I'm not sure what else to recommend, other than that you might get a quicker response on troubleshooting like this by logging into irc.oftc.net and joining the #virt channel :-)




[Index of Archives]     [Virt Tools]     [Lib OS Info]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Yosemite News]     [KDE Users]

  Powered by Linux