LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Virtualization and Cloud (http://www.linuxquestions.org/questions/linux-virtualization-and-cloud-90/)
-   -   KVM networking: Firewall blocks traffic between guests on private network (http://www.linuxquestions.org/questions/linux-virtualization-and-cloud-90/kvm-networking-firewall-blocks-traffic-between-guests-on-private-network-783268/)

kenneho 01-19-2010 12:20 PM

KVM networking: Firewall blocks traffic between guests on private network
 
Hi all.


I'm playing with KVM, and have three computers: My host and two guest, all running linux of course. The setup is like this:

Code:


Internet -- host -- virbr1 (private network) -- guest1 and guest2
            |
            |
            virbr0 (default KVM network)-- guest1

In words I have a private network defined which uses virbr1, while the default NET'ed KVM network uses virbr0.

Now for the first question, I'm having troubles setting up the firewall. For startes, I'm trying to get guest1 and guest2 to talk to one another on the private network. The host can reach both guests on that network, but they can't reach each other. I've set up forwarding by echoing "1" into /proc/sys/net/ipv4/ip_forward, but without success. Anyone knows why the bridge virbr1 don't forward packets?

Btw, I'm using guarddog to manipulate iptables, so advice on how to get things working using guarddog would be even better.


- kenneho

blacky_5251 01-19-2010 08:57 PM

Are you using SELinux? If so, have you tried this in Permissive mode rather than enforcing?

sreeharsha.t 01-21-2010 03:44 AM

I guess you need to set virbr0 and virbr1 as trusted interfaces in the host's firewall.

greenpoise 12-14-2010 09:24 PM

I am having this exact same problem. Did you get it to work? also, my virbr0 automatically assigns my router ip address thus creating a mess in my network. I have to manually change it everytime the server is rebooted. Any leads??


thanks

kenneho 12-20-2010 05:53 AM

Quote:

Originally Posted by greenpoise (Post 4191781)
I am having this exact same problem. Did you get it to work? also, my virbr0 automatically assigns my router ip address thus creating a mess in my network. I have to manually change it everytime the server is rebooted. Any leads??


thanks

I don't think I got this up and running successfully. Since then I've reinstalled my computer, and are running guests on the default network setup.

mazda 12-20-2010 10:02 AM

Thanks for the info.
 
With new information offline help too.........Thanks for the info.

greenpoise 12-21-2010 02:51 PM

Well just an update, I got this working. It was way simpler than what I thought. I was able to run everything with libvirt. I followed this instructions(just the part of bridge networking):

https://wiki.archlinux.org/index.php...ged_Networking



and then I started a new virtual guest using virt-manager remotely. Also note that when creating a virtual guest using virt-manager you have to explicitly type the bridge network which in this case was br0. I have connectivity between host/guests and LAN. Perfect and simple

Hope this helps anyone out there who struggled like I did.


All times are GMT -5. The time now is 03:46 AM.