Quantcast
Channel: LowEndTalk
Viewing all articles
Browse latest Browse all 39981

Problem with KVM setup (no internet access on guests)

$
0
0

So I have this lovely low-end dedicated server on its own subnet (the server is part of same subnet) and I want to use it for KVM virtualization. I'm using a dead simple bridged network setup (like I did many times before on other servers) so my guests are able to connect to the internet without any routing configuration in the host.

Now here's the problem: my guest doesn't get any inbound traffic from the internet.

Some more facts:
- All netfilter chains are set to ACCEPT per default, no rules are present (guest and host)
- Even though I don't think it's needed in bridged setups, ip forwarding is allowed on the KVM host
- The KVM host has full internet connectivity
- The KVM host and the guest are able to ping each other
- The guest uses the switch's gateway address as its gateway
- The guest gets ARP broadcasts from the switch's gateway address
- The guest puts the switch's MAC address into its ARP table (and tells its virtual MAC address to the switch)
- The guest doesn't get an ICMP echo back from the switch's gateway address even though the KVM host sees the outgoing request (but neither see a reply from the switch for the guest's IP)
- A remote host under my control gets the guest's ICMP request as well but the guest never gets the reply, nor does the KVM host see the reply
- Rewriting the guests MAC address on the host replacing it with the hosts eth0 MAC address using fancy ebtables rules leads to full internet connectivity on the guest
- I initially had a smaller subnet from the same provider. Using the same bridged libvirt setup, everything was working nicely. It stopped working after they assigned the new subnet.

I asked my provider if there is a MAC filter active for my switch port and they denied this 3 (!) times. However, the guest gets full internet connectivity once the provider manually adds the guest's MAC address to the switch's static ARP table.

At this time I'm a little bit out of ideas. Does anyone have an idea what could possibly cause this problem?


Viewing all articles
Browse latest Browse all 39981

Trending Articles