On Tue, 29 Jan 2013 12:53:21 -0500 Hugo R Hernández-Mora <hdezmora@xxxxxxxxx> wrote: > Hello there, > we are experiencing a problem by configuring a KVM bridged networking > to share a public network interface between the KVM host and the VMs. > Currently, our KVM server has set three network interfaces as follows: > > * eth0: 192.168.10.101/23 (main interface for public network - no > bridge) > * eth1 <--> br1: 192.168.10.201/23 (KVM VMs connected to public > network) > * eth3 <--> br3: 10.7.10.201/23 (KVM VMs connected to LAN) > > We have followed instructions as from Red Hat as well as from > diferrent web sites and we are not able to get the VMs to get access > into/from the public network. Here is a more detailed configuration > for the KVM host: > > ifcfg-eth0 > DEVICE=eth0 > ONBOOT=yes > HWADDR=AC:80:B2:14:C5:EE > BOOTPROTO=none > IPADDR=192.168.10.101 > NETMASK=255.255.254.0 > > ifcfg-eth1 > DEVICE=eth1 > ONBOOT=yes > HWADDR=AC:80:B2:4E:D3:28 > BRIDGE=br1 > > ifcfg-br1 > DEVICE=br1 > ONBOOT=yes > TYPE=Bridge > BOOTPROTO=none > IPADDR=192.168.10.201 > NETMASK=255.255.254.0 > STP=off > DELAY=0 > > ifcfg-eth3 > DEVICE=eth3 > ONBOOT=yes > HWADDR=AC:80:B2:4E:D3:2A > BRIDGE=br3 > > ifcfg-br3 > DEVICE=br3 > ONBOOT=yes > TYPE=Bridge > BOOTPROTO=static > IPADDR=10.7.10.201 > NETMASK=255.255.254.0 > STP=off > DELAY=0 > > network > NETWORKING=yes > HOSTNAME=kvm1.public-lan.net > GATEWAY=192.168.10.1 > > For iptables/routing, we have followed instructions as explained on > http://www.linux-kvm.org/page/Networking#public_bridge > *nat > :POSTROUTING ACCEPT [0:0] > -A POSTROUTING --out-interface br1 -j MASQUERADE > COMMIT > :FORWARD ACCEPT [0:0] > -A FORWARD --in-interface br1 -j ACCEPT > > Hostside: > Allow IPv4 forwarding and add route to client (could be put in a > script > - route has to be added after the client has started): > sysctl -w net.ipv4.ip_forward=1 # allow forwarding of IPv4 > route add -host <ip-of-client> dev <tap-device> # add route to the > client > > Clientside: > Default GW of the client is of course then the host (<ip-of-host> has > to be in same subnet as <ip-of-client> ...): > route add default gw <ip-of-host> What do the client configs look like? What network options are you passing to qemu/kvm (or just the whole command line)? If your guests and host are in the same subnet, why are you masquerading/routing? Why not just use standard bridging? > > But it doesn't seem to work. My assumption the problem is related > with a wrong setting of the firewall on the iptables. Could you > please advice? Your help will be greatly appreciated! > > We are running Scientific Linux 6.2 on the KVM server as well as on > the VMs. There is no network issue by accessing the LAN between VMs > but only to face the public network. > > Thanks in advance, > -Hugo > -- > To unsubscribe from this list: send the line "unsubscribe kvm" in > the body of a message to majordomo@xxxxxxxxxxxxxxx > More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line "unsubscribe kvm" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
