KVM guest cannot access internet

Neven1986 · 10-19-2012, 06:25 PM

Hello I'm newly registered to forum, but I read forum alot. It's been great source of articles and knowledge for me, as for many other peoples.

I have problem with networking and VM guest (KVM) in CentOS 6.

I have server with one NIC and IP address 81.XXX.10.115, also i configured VM guest (IP of guest 81.XXX.11.141) to communicate through bridge (IP of bridge 81.XXX.11.140). As you can see host NIC IP is I one public subnet and bridge + VM guest are in second public subnet. Both subnets are /24.

VM guest can ping bridge IP.
VM guest can ping host IP and vice versa.

But VM guest cannot ping outside (to the interent) and vice versa.

I don't know how to solve this. On host ip tables firewall is DISABLED.

Sysctl.conf contains:

Code:

net.ipv4.ip_forward = 1
net.ipv4.conf.default.rp_filter = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

Host route table shows.

Code:

81.XXX.10.0/24 dev eth0  proto kernel  scope link  src 81.XXX.10.115
81.XXX.11.0/24 dev bridge0  proto kernel  scope link  src 81.XXX.11.140
192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1
169.254.0.0/16 dev eth0  scope link  metric 1002
default via 81.XXX.10.1 dev eth0

I'm pretty sure that problem lies somewhere in host configuration, but I'm clueless. So any help would be appriciated.

Thank you in advance.

Neven

zoltan1 · 10-24-2012, 06:21 PM

If you want to use the same physical NIC for both subnets then you need to first setup a bridge (let's call it br0) on the host machine and add your eth0 device to that bridge. Instead of assigning your host's IP address to your eth0 adapter, assign that IP address to your br0 adapter! Basically, you need to take your current network settings (for your 1st subnet) from /etc/sysconfig/network-scripts/ifcfg-eth0 file and place them into /etc/sysconfig/network-scripts/ifcfg-br0

Here is how such an ifcfg-br0 file looks like:

DEVICE="br0"
TYPE="Bridge"
ONBOOT="yes"
BOOTPROTO=static
IPADDR=81.XXX.10.115
NETMASK=255.255.255.0
NETWORK=81.XXX.10.0
GATEWAY=XXX.XXX.XXX.XXX
DELAY=0
STP=off
DNS1="YYY.YYY.YYY.YYY"
PEERDNS="yes"
NM_CONTROLLED=no

You also need to change your /etc/sysconfig/network-scripts/ifcfg-eth0 file on your host machine to look something like this:

DEVICE="eth0"
TYPE="Ethernet"
HWADDR=XX:XX:XX:XX:XX:XX <- your physical NIC's MAC address goes here
ONBOOT="yes"
BRIDGE="br0"
NM_CONTROLLED="no"

Double check that everything is right and restart networking:

/etc/init.d/network restart

Inside your VM you just configure the network on the VM's eth0 adapter (for your 2nd subnet) as you would do it on a phycical machine. It should just work.

Note: You DO need these in the host's sysctl.conf :

net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

*Addition: If you are still having network access problems, try to disable SELinux and the iptables firewall on your host.