Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
| Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
07-24-2013, 01:20 AM
|
#1
|
|
Member
Registered: May 2004
Location: india
Distribution: Gentoo 2006.1
Posts: 59
Rep: 
|
Bridge Networking: Access VM behind bridge from outside
I am using proxmox(a Debian based distro which adds some scripts for Virtual Machine creation), I have setup a KVM guest with bridge networking.
Here's what the network looks like:
Code:
$ ifconfig vmbr0
vmbr0 Link encap:Ethernet HWaddr 00:15:c5:ec:ba:27
inet addr:192.168.1.142 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::215:c5ff:feec:ba27/64 Scope:Link
$ ifconfig tap100i0
tap100i0 Link encap:Ethernet HWaddr 8e:f5:0c:e8:61:5c
inet6 addr: fe80::8cf5:cff:fee8:615c/64 Scope:Link
$ ifconfig eth0
eth0 Link encap:Ethernet HWaddr 00:15:c5:ec:ba:27
inet6 addr: fe80::215:c5ff:feec:ba27/64 Scope:Link
$ brctl show
bridge name bridge id STP enabled interfaces
vmbr0 8000.0015c5ecba27 no eth0
tap100i0
I can access the services running on the host but not the guest VM. I checked that the networking is setup on guest VM and it's accessible from host too.
Code:
$ ping -q 192.168.1.136
PING 192.168.1.136 (192.168.1.136) 56(84) bytes of data.
--- 192.168.1.136 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.110/0.383/1.179/0.459 ms
$ telnet 192.168.1.136 10022
Trying 192.168.1.136...
Connected to 192.168.1.136.
Escape character is '^]'.
So, I setup firewall rules to forward packets from port 1022 to port 10022 on the VM, the firewall looks as follows:
Code:
$ iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
$ iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
DNAT tcp -- anywhere anywhere tcp dpt:1022 to:192.168.1.136:10022
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
$ cat /proc/sys/net/ipv4/ip_forward
1
But, the packets are not forwarded to the VM
Code:
$ telnet 192.168.1.142 1022
Trying 192.168.1.142...
telnet: Unable to connect to remote host: Connection refused
Also, when I do tcpdump on port 22 which is external ssh port, it shows a lot of activity but when I run it on port 1022, it doesn't show any activity when I initiate ssh connection from my machine.
What am I doing wrong here? |
|
|
|
|
07-24-2013, 03:07 AM
|
#2
|
|
Member
Registered: Apr 2010
Location: Cluj, Romania
Distribution: Debian Testing
Posts: 731
Rep:
|
I dont use proxmox so my setup may not apply to you.
I use plain Debian with libvirt/virt-manager and i use a bridge too - kvm(qemu) creates and adds to the bridge automatically a tap device for each VM when they start (and removes it afterwards).
Using libvirt/virt-manager is very easy, its like VBox' interface. Also if libvirt is installed on a headless server, you can connect to it via ssh and manage the remote vms exactly as if were on your computer, from virt-manager's interface.
Creating a vm (create the host bridge setup prior) is very easy and self-explanatory, for the network device you just have to specify "use shared device" then enter the host's bridge name.
Virt-manager generates the startup command line options resulting in a huge mess, but this seems to be the relevant part:
Code:
-netdev tap,fd=23,id=hostnet0,vhost=on,vhostfd=24 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:41:d7:a3,bus=pci.0,addr=0xc
ifconfig on host (removed some lines for other tap devices not relevant here):
Code:
br0 Link encap:Ethernet HWaddr 94:de:80:00:8b:0c
inet addr:192.168.100.100 Bcast:192.168.100.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1148160 errors:0 dropped:0 overruns:0 frame:0
TX packets:581181 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:541838221 (516.7 MiB) TX bytes:1371155380 (1.2 GiB)
eth0 Link encap:Ethernet HWaddr 94:de:80:00:8b:0c
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1161851 errors:0 dropped:0 overruns:0 frame:0
TX packets:1448975 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:561719982 (535.6 MiB) TX bytes:1419055299 (1.3 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:6593 errors:0 dropped:0 overruns:0 frame:0
TX packets:6593 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:496252 (484.6 KiB) TX bytes:496252 (484.6 KiB)
vnet0 Link encap:Ethernet HWaddr fe:54:00:41:d7:a3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:894 errors:0 dropped:0 overruns:0 frame:0
TX packets:2500 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:785441 (767.0 KiB) TX bytes:315188 (307.8 KiB)
Code:
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.94de80008b0c no eth0
vnet0
The vm is seen exactly as another computer on the network. |
|
|
|
|
07-24-2013, 04:50 AM
|
#3
|
|
Member
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 787
Rep:
|
I think you have same problem with me , but i am using centos
i solve it with dhclient
http://www.linuxquestions.org/questi...ue-4175470651/ |
|
|
|
|
07-24-2013, 05:08 AM
|
#4
|
|
Member
Registered: May 2004
Location: india
Distribution: Gentoo 2006.1
Posts: 59
Original Poster
Rep:
|
Quote:
Originally Posted by gradinaruvasile
I dont use proxmox so my setup may not apply to you.
I use plain Debian with libvirt/virt-manager and i use a bridge too - kvm(qemu) creates and adds to the bridge automatically a tap device for each VM when they start (and removes it afterwards).
Using libvirt/virt-manager is very easy, its like VBox' interface. Also if libvirt is installed on a headless server, you can connect to it via ssh and manage the remote vms exactly as if were on your computer, from virt-manager's interface.
|
proxmox shouldn't matter much. It pretty much does the same thing. If I could, I'd have gone your way too.
Quote:
Originally Posted by gradinaruvasile
Creating a vm (create the host bridge setup prior) is very easy and self-explanatory, for the network device you just have to specify "use shared device" then enter the host's bridge name.
Virt-manager generates the startup command line options resulting in a huge mess, but this seems to be the relevant part:
Code:
-netdev tap,fd=23,id=hostnet0,vhost=on,vhostfd=24 -device virtio-net-pci,netdev=hostnet0,id=net0,mac=52:54:00:41:d7:a3,bus=pci.0,addr=0xc
ifconfig on host (removed some lines for other tap devices not relevant here):
Code:
br0 Link encap:Ethernet HWaddr 94:de:80:00:8b:0c
inet addr:192.168.100.100 Bcast:192.168.100.255 Mask:255.255.255.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1148160 errors:0 dropped:0 overruns:0 frame:0
TX packets:581181 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:541838221 (516.7 MiB) TX bytes:1371155380 (1.2 GiB)
eth0 Link encap:Ethernet HWaddr 94:de:80:00:8b:0c
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:1161851 errors:0 dropped:0 overruns:0 frame:0
TX packets:1448975 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:561719982 (535.6 MiB) TX bytes:1419055299 (1.3 GiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:6593 errors:0 dropped:0 overruns:0 frame:0
TX packets:6593 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:496252 (484.6 KiB) TX bytes:496252 (484.6 KiB)
vnet0 Link encap:Ethernet HWaddr fe:54:00:41:d7:a3
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:894 errors:0 dropped:0 overruns:0 frame:0
TX packets:2500 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:785441 (767.0 KiB) TX bytes:315188 (307.8 KiB)
Code:
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.94de80008b0c no eth0
vnet0
The vm is seen exactly as another computer on the network. |
In my case the bridge device is vmbr0 and tap interface is tap100i0. So, I do have the same devices but just different names. |
|
|
|
|
07-24-2013, 05:10 AM
|
#5
|
|
Member
Registered: May 2004
Location: india
Distribution: Gentoo 2006.1
Posts: 59
Original Poster
Rep:
|
Quote:
Originally Posted by routers
|
I checked, the VM has executed dhclient to get the IP. I ran it again, just in case but this hasn't resolved the issue. |
|
|
|
|
07-24-2013, 05:42 AM
|
#6
|
|
Member
Registered: Aug 2005
Location: Malaysia - KULMY / CNXTH
Distribution: Slackware, Fedora, FreeBSD, Sun O/S 5.10, CentOS
Posts: 787
Rep:
|
would you turn off the vm and start it back
in my case not work with reboot
|
|
|
|
|
07-24-2013, 06:42 AM
|
#7
|
|
Member
Registered: Apr 2010
Location: Cluj, Romania
Distribution: Debian Testing
Posts: 731
Rep:
|
Quote:
Originally Posted by lin_user2004
I checked, the VM has executed dhclient to get the IP. I ran it again, just in case but this hasn't resolved the issue.
|
Have you tried setting the IP address manually in the guest? |
|
|
|
|
07-25-2013, 09:26 AM
|
#8
|
|
Member
Registered: May 2004
Location: india
Distribution: Gentoo 2006.1
Posts: 59
Original Poster
Rep:
|
I tried both, rebooting the VM and assigning static IP but both failed.
|
|
|
|
|
07-25-2013, 01:28 PM
|
#9
|
|
Member
Registered: Apr 2010
Location: Cluj, Romania
Distribution: Debian Testing
Posts: 731
Rep:
|
Maybe its a permission issue somewhere.
How do you run the VM? Under which user? Try under root (if not already, that is).
|
|
|
|
|
07-26-2013, 04:30 AM
|
#10
|
|
Member
Registered: May 2004
Location: india
Distribution: Gentoo 2006.1
Posts: 59
Original Poster
Rep:
|
I figured there's a firewall ahead of the machine that I wasn't aware of. I have asked concerned person to open the required ports. I'll also try forwarding the ports I know are already open and update about it.
|
|
|
|
All times are GMT -5. The time now is 08:03 PM.
|
|
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
|
 Latest Threads
LQ News
|
|
