LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices

Reply
 
Search this Thread
Old 04-14-2009, 12:47 PM   #1
newmanium2001
LQ Newbie
 
Registered: Apr 2009
Posts: 14

Rep: Reputation: 0
Can't Ping Linux KVM from Other Machines on Host Subnet


Hi, I've been getting awfully frustrated over this problem the last couple days, so you're my last resort

I set up a KVM in Fedora 10 using QEMU. I don't remember where it asked me during setup, but somehow the VM was set to use a second interface on the host machine named virbr0 or something, and that adapter was on a different subnet as the host. Why it had to do this, I'm not quite sure.

Anyways, the VM can ping the host machine, the internet, anything just fine. However, my windows server and any other machine on the host subnet cannot ping the virtual machine.

So, my question is, how do I set up the virtual machine to be addressable by other machines on the host subnet (e.g. the windows server)? I'm imagining some type of forwarding going on in the linux host machine, but after 2 hours of tinkering with that I somehow cleared the routing table and now I've lost my remote connection to the box until I get home

Here's a visualization of my network if this makes it clearer:

http://img151.imageshack.us/img151/131/networksetup.jpg
By newmanium2001 at 2009-04-14


Thanks!
 
Old 04-15-2009, 06:07 AM   #2
bhaslinux
Member
 
Registered: Oct 2003
Location: UnitedKingdom
Distribution: Debian Lenny
Posts: 351

Rep: Reputation: 47
is this your setup ?

/--- virtual machine network
<network1> --- HOST machine ----|

and that the host machine has 2 interfaces ?
then the only way to do this is to add a static route to the virtual network as your host machine ip address

you can bridge the virtual machine interface to the host machine which will make the host machine, virtual machine and the
other machines all in the same network and they will be able to communicate.

Can you give the way you are starting qemu ? (the network -net nic options )
 
Old 04-15-2009, 09:11 AM   #3
newmanium2001
LQ Newbie
 
Registered: Apr 2009
Posts: 14

Original Poster
Rep: Reputation: 0
Yay! I got it working. bhaslinux, the solution you're proposing is something I'd tried before, but I was getting "Destination port unreachable" when I tried to ping the VM. I thought routing wasn't working ... it turns out it was, but ip tables was running and rejecting the packets!

It turns out, when I set up the VM with Virtual Machine Manager, it automatically made a set of iptables rules:

Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:domain
2 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
3 ACCEPT udp -- anywhere anywhere udp dpt:bootps
4 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
2 ACCEPT all -- 192.168.122.0/24 anywhere
3 ACCEPT all -- anywhere anywhere
4 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
5 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable


Notice anything wrong there? Yeah, the REJECT anywhere with port unreachable. Either turning off iptables or deleting that rule (iptables -t filter -D FORWARD 4, iptables -t filter -D FORWARD 5) allowed my VM to be addressable via the static route I added to my router. The static route, btw, is "Destination address: 192.168.122.0, Mask: 255.255.255.0, Gateway: 192.168.1.6 (my host's primary adapter address)".
 
Old 05-17-2009, 03:53 PM   #4
CryptoJones
LQ Newbie
 
Registered: May 2009
Posts: 2

Rep: Reputation: 0
Same problem

Quote:
Originally Posted by newmanium2001 View Post
Yay! I got it working. bhaslinux, the solution you're proposing is something I'd tried before, but I was getting "Destination port unreachable" when I tried to ping the VM. I thought routing wasn't working ... it turns out it was, but ip tables was running and rejecting the packets!

It turns out, when I set up the VM with Virtual Machine Manager, it automatically made a set of iptables rules:

Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:domain
2 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
3 ACCEPT udp -- anywhere anywhere udp dpt:bootps
4 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
2 ACCEPT all -- 192.168.122.0/24 anywhere
3 ACCEPT all -- anywhere anywhere
4 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
5 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable


Notice anything wrong there? Yeah, the REJECT anywhere with port unreachable. Either turning off iptables or deleting that rule (iptables -t filter -D FORWARD 4, iptables -t filter -D FORWARD 5) allowed my VM to be addressable via the static route I added to my router. The static route, btw, is "Destination address: 192.168.122.0, Mask: 255.255.255.0, Gateway: 192.168.1.6 (my host's primary adapter address)".
I was having the same problem. No after deleteing those two rules, when I try to ping the Virtual Machines it just times out. I can still ping the vibr0 device on the linux box from both ends of the network.

Any ideas?
 
Old 05-17-2009, 11:35 PM   #5
newmanium2001
LQ Newbie
 
Registered: Apr 2009
Posts: 14

Original Poster
Rep: Reputation: 0
Questions for you:

1) Did you turn off iptables entirely, delete all the rules, or delete just the REJECT ALL rule?

2) Before you adjusted the rules, did you get any sort of response such as the icmp port-unreachable?
 
Old 05-19-2009, 08:01 AM   #6
CryptoJones
LQ Newbie
 
Registered: May 2009
Posts: 2

Rep: Reputation: 0
Solution for me

Quote:
Originally Posted by newmanium2001 View Post
Questions for you:

1) Did you turn off iptables entirely, delete all the rules, or delete just the REJECT ALL rule?

2) Before you adjusted the rules, did you get any sort of response such as the icmp port-unreachable?
Before I removed the rules I got the icmp port-unreachable.

I removed only the last two rules which were the REJECT rules.

The solution to my problem was changing the virtual machine from using a VirtualNet in virtual-machine-manager to using the physical device virbr0. Even though the virtual net is supposed to use virbr0.

Thank you for giving the command to remove rules. I was searching that for awhile till I found this post.

Last edited by CryptoJones; 05-19-2009 at 08:03 AM. Reason: Spellling
 
  


Reply

Tags
kvm, nat, qemu, routing, tables


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
linux router unable to ping itself or other machines on the LAN cyberfishee Linux - Networking 12 05-31-2007 06:27 PM
Unable to ping my Linux box from other machines on the network Nylex Linux - Networking 3 07-19-2006 05:13 AM
Windows machines not seeing linux server from a new subnet nkeever Linux - Networking 3 04-29-2005 01:51 PM
Unable to ping linux machines on my netowrk molbill Linux - Networking 6 09-13-2004 12:35 AM
Linux machines cant ping server..Windows can. NetAX Linux - Networking 1 05-21-2004 09:55 AM


All times are GMT -5. The time now is 02:09 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration