I built a CentOS 6 machine to host several CentOS 6 guest servers. As all guests will be Internet facing I set up the host with two bridged NICs and assigned an Internet facing IP address to br0 and a local IP address to br1.
Each guest was installed using br0 and br1 with virtio drivers. On each I assigned an Internet facing IP address to eth0 and a local IP address on eth1. So far so good. I can access the guest servers from either IP address as expected. That is HTTP, SSH and SMTP servers on them are accessible and do what they are supposed to do.
Except... Except from any location outside of my Comcast Cable Modem. To be clear, from any machine inside the modem to any address on the guests, all works perfectly. But outside the modem the guest apps either don't receive packets or for some reason don't respond, and I've tired it from four different locations.
Using Wireshark on the guests I can see the packets arrive from the outside sources, but no response is seen. On accesses from inside I can see both incoming and outgoing packets, as expected.
I can ping the outside sources from the guests, yet pings from the outside sources get no response from the guests. All the outside sources get responses when pinging the host. I can ping the guests from any inside machine.
I've tried it with and without firewalls, both on the guests and the host. Including with the following iptables rule:
iptables -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
and the following sysctl adjustments:
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
Both of the guest servers I've built have have same issue.
Any ideas? I am at loss as to how to proceed and am about to reconsider the idea of multiple guests as servers.
All packages are from the CentOS repo and I am using kvm-qemu via libvirtd and virt-manager.
Emmett
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
