newmanium2001

[Log in to get rid of this advertisement]

Hi, I've been getting awfully frustrated over this problem the last couple days, so you're my last resort

I set up a KVM in Fedora 10 using QEMU. I don't remember where it asked me during setup, but somehow the VM was set to use a second interface on the host machine named virbr0 or something, and that adapter was on a different subnet as the host. Why it had to do this, I'm not quite sure.

Anyways, the VM can ping the host machine, the internet, anything just fine. However, my windows server and any other machine on the host subnet cannot ping the virtual machine.

So, my question is, how do I set up the virtual machine to be addressable by other machines on the host subnet (e.g. the windows server)? I'm imagining some type of forwarding going on in the linux host machine, but after 2 hours of tinkering with that I somehow cleared the routing table and now I've lost my remote connection to the box until I get home

Here's a visualization of my network if this makes it clearer:

http://img151.imageshack.us/img151/131/networksetup.jpg
By newmanium2001 at 2009-04-14


Thanks!

bhaslinux

is this your setup ?

/--- virtual machine network
<network1> --- HOST machine ----|

and that the host machine has 2 interfaces ?
then the only way to do this is to add a static route to the virtual network as your host machine ip address

you can bridge the virtual machine interface to the host machine which will make the host machine, virtual machine and the
other machines all in the same network and they will be able to communicate.

Can you give the way you are starting qemu ? (the network -net nic options )

newmanium2001

Yay! I got it working. bhaslinux, the solution you're proposing is something I'd tried before, but I was getting "Destination port unreachable" when I tried to ping the VM. I thought routing wasn't working ... it turns out it was, but ip tables was running and rejecting the packets!

It turns out, when I set up the VM with Virtual Machine Manager, it automatically made a set of iptables rules:

Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:domain
2 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
3 ACCEPT udp -- anywhere anywhere udp dpt:bootps
4 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
2 ACCEPT all -- 192.168.122.0/24 anywhere
3 ACCEPT all -- anywhere anywhere
4 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
5 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable


Notice anything wrong there? Yeah, the REJECT anywhere with port unreachable. Either turning off iptables or deleting that rule (iptables -t filter -D FORWARD 4, iptables -t filter -D FORWARD 5) allowed my VM to be addressable via the static route I added to my router. The static route, btw, is "Destination address: 192.168.122.0, Mask: 255.255.255.0, Gateway: 192.168.1.6 (my host's primary adapter address)".

CryptoJones

I was having the same problem. No after deleteing those two rules, when I try to ping the Virtual Machines it just times out. I can still ping the vibr0 device on the linux box from both ends of the network.

Any ideas?

newmanium2001

Questions for you:

1) Did you turn off iptables entirely, delete all the rules, or delete just the REJECT ALL rule?

2) Before you adjusted the rules, did you get any sort of response such as the icmp port-unreachable?

CryptoJones

Before I removed the rules I got the icmp port-unreachable.

I removed only the last two rules which were the REJECT rules.

The solution to my problem was changing the virtual machine from using a VirtualNet in virtual-machine-manager to using the physical device virbr0. Even though the virtual net is supposed to use virbr0.

Thank you for giving the command to remove rules. I was searching that for awhile till I found this post.