Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-14-2009, 12:47 PM
|
#1
|
LQ Newbie
Registered: Apr 2009
Posts: 14
Rep:
|
Can't Ping Linux KVM from Other Machines on Host Subnet
Hi, I've been getting awfully frustrated over this problem the last couple days, so you're my last resort
I set up a KVM in Fedora 10 using QEMU. I don't remember where it asked me during setup, but somehow the VM was set to use a second interface on the host machine named virbr0 or something, and that adapter was on a different subnet as the host. Why it had to do this, I'm not quite sure.
Anyways, the VM can ping the host machine, the internet, anything just fine. However, my windows server and any other machine on the host subnet cannot ping the virtual machine.
So, my question is, how do I set up the virtual machine to be addressable by other machines on the host subnet (e.g. the windows server)? I'm imagining some type of forwarding going on in the linux host machine, but after 2 hours of tinkering with that I somehow cleared the routing table and now I've lost my remote connection to the box until I get home
Here's a visualization of my network if this makes it clearer:
http://img151.imageshack.us/img151/131/networksetup.jpg
By newmanium2001 at 2009-04-14
Thanks!
|
|
|
04-15-2009, 06:07 AM
|
#2
|
Member
Registered: Oct 2003
Location: UnitedKingdom
Distribution: Debian Bullseye
Posts: 357
Rep:
|
is this your setup ?
/--- virtual machine network
<network1> --- HOST machine ----|
and that the host machine has 2 interfaces ?
then the only way to do this is to add a static route to the virtual network as your host machine ip address
you can bridge the virtual machine interface to the host machine which will make the host machine, virtual machine and the
other machines all in the same network and they will be able to communicate.
Can you give the way you are starting qemu ? (the network -net nic options )
|
|
|
04-15-2009, 09:11 AM
|
#3
|
LQ Newbie
Registered: Apr 2009
Posts: 14
Original Poster
Rep:
|
Yay! I got it working. bhaslinux, the solution you're proposing is something I'd tried before, but I was getting "Destination port unreachable" when I tried to ping the VM. I thought routing wasn't working ... it turns out it was, but ip tables was running and rejecting the packets!
It turns out, when I set up the VM with Virtual Machine Manager, it automatically made a set of iptables rules:
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:domain
2 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
3 ACCEPT udp -- anywhere anywhere udp dpt:bootps
4 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
2 ACCEPT all -- 192.168.122.0/24 anywhere
3 ACCEPT all -- anywhere anywhere
4 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
5 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Notice anything wrong there? Yeah, the REJECT anywhere with port unreachable. Either turning off iptables or deleting that rule (iptables -t filter -D FORWARD 4, iptables -t filter -D FORWARD 5) allowed my VM to be addressable via the static route I added to my router. The static route, btw, is "Destination address: 192.168.122.0, Mask: 255.255.255.0, Gateway: 192.168.1.6 (my host's primary adapter address)".
|
|
|
05-17-2009, 03:53 PM
|
#4
|
LQ Newbie
Registered: May 2009
Posts: 4
Rep:
|
Same problem
Quote:
Originally Posted by newmanium2001
Yay! I got it working. bhaslinux, the solution you're proposing is something I'd tried before, but I was getting "Destination port unreachable" when I tried to ping the VM. I thought routing wasn't working ... it turns out it was, but ip tables was running and rejecting the packets!
It turns out, when I set up the VM with Virtual Machine Manager, it automatically made a set of iptables rules:
Chain INPUT (policy ACCEPT)
num target prot opt source destination
1 ACCEPT udp -- anywhere anywhere udp dpt:domain
2 ACCEPT tcp -- anywhere anywhere tcp dpt:domain
3 ACCEPT udp -- anywhere anywhere udp dpt:bootps
4 ACCEPT tcp -- anywhere anywhere tcp dpt:bootps
Chain FORWARD (policy ACCEPT)
num target prot opt source destination
1 ACCEPT all -- anywhere 192.168.122.0/24 state RELATED,ESTABLISHED
2 ACCEPT all -- 192.168.122.0/24 anywhere
3 ACCEPT all -- anywhere anywhere
4 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
5 REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Notice anything wrong there? Yeah, the REJECT anywhere with port unreachable. Either turning off iptables or deleting that rule (iptables -t filter -D FORWARD 4, iptables -t filter -D FORWARD 5) allowed my VM to be addressable via the static route I added to my router. The static route, btw, is "Destination address: 192.168.122.0, Mask: 255.255.255.0, Gateway: 192.168.1.6 (my host's primary adapter address)".
|
I was having the same problem. No after deleteing those two rules, when I try to ping the Virtual Machines it just times out. I can still ping the vibr0 device on the linux box from both ends of the network.
Any ideas?
|
|
|
05-17-2009, 11:35 PM
|
#5
|
LQ Newbie
Registered: Apr 2009
Posts: 14
Original Poster
Rep:
|
Questions for you:
1) Did you turn off iptables entirely, delete all the rules, or delete just the REJECT ALL rule?
2) Before you adjusted the rules, did you get any sort of response such as the icmp port-unreachable?
|
|
1 members found this post helpful.
|
05-19-2009, 08:01 AM
|
#6
|
LQ Newbie
Registered: May 2009
Posts: 4
Rep:
|
Solution for me
Quote:
Originally Posted by newmanium2001
Questions for you:
1) Did you turn off iptables entirely, delete all the rules, or delete just the REJECT ALL rule?
2) Before you adjusted the rules, did you get any sort of response such as the icmp port-unreachable?
|
Before I removed the rules I got the icmp port-unreachable.
I removed only the last two rules which were the REJECT rules.
The solution to my problem was changing the virtual machine from using a VirtualNet in virtual-machine-manager to using the physical device virbr0. Even though the virtual net is supposed to use virbr0.
Thank you for giving the command to remove rules. I was searching that for awhile till I found this post.
Last edited by CryptoJones; 05-19-2009 at 08:03 AM.
Reason: Spellling
|
|
|
All times are GMT -5. The time now is 10:54 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|