Since a few days, I'm trying to configure my KVM vm to have a public IP address, without any success.
First, I'm on OVH, and you need to know they don't allow networking from different mac addresses. I have so registered a virtual mac address associated with my failover IP
Here's my configuration:
Guest wanted IP: 46.105.40.x
Host IP: 176.31.240.x
Host configuration
dummy0 interface: ifcfg-dummy0
BOOTPROTO=static
IPADDR=10.0.0.1
NETMASK=255.0.0.0
ONBOOT=yes
NM_CONTROLLED=no
ARP=yes
BRIDGE=br0
br0 bridge: ifcfg-br0
DEVICE=br0
TYPE=Bridge
DELAY=0
ONBOOT=yes
BOOTPROTO=static
IPADDR=192.168.1.1
NETMASK=255.255.255.0
PEERDNS=yes
NM_CONTROLLED=no
ARP=yes
Failover ip is redirected to the br0 bridge with ip route add 46.105.40.xxx dev br0
> cat /proc/sys/net/ipv4/ip_forward
1
> cat /proc/sys/net/ipv4/conf/vnet0/proxy_arp
1
> route -n
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 176.31.240.254 0.0.0.0 UG 0 0 0 eth0
46.105.40.x 0.0.0.0 255.255.255.255 UH 0 0 0 br0
176.31.240.0 0.0.0.0 255.255.255.0 U 0 0 0 eth0
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0
Guest configuration:
KVM:
<interface type='bridge'>
<mac address='02:00:00:30:22:05'/>
<source bridge='br0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</interface>
I've borrowed most of the OVH configuration here (in french, http://guides.ovh.com/BridgeClient) for the guest configuration
eth0 interface: ifcfg-eth0
DEVICE="eth0"
BOOTPROTO=none
HWADDR="02:00:00:30:22:05"
NM_CONTROLLED="yes"
ONBOOT="yes"
TYPE="Ethernet"
UUID="e9138469-0d81-4ee6-b5ab-de0d7d17d1c8"
USERCTL=no
PEERDNS=yes
IPADDR=46.105.40.xxx
NETMASK=255.255.255.255
GATEWAY=176.31.240.254
ARP=yes
For the routes, I have in route-eth0:
176.31.240.254 dev eth0
default via 176.31.240.254 dev eth0
With this configuration, I don't have any access to the internet. The only thing I can do is to ping the public ip of the host, nothing more. My final conclusion is that the route does not work, because, when, on the guest, I run ping 8.8.8.8, I have, on the host:
> tcpdump -i vnet0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:38:09.009324 IP 46-105-40-xxx.kimsufi.com > google-public-dns-a.google.com: ICMP echo request, id 50183, seq 1, length 64
13:38:09.815344 IP 46-105-40-xxx.kimsufi.com > google-public-dns-a.google.com: ICMP echo request, id 50183, seq 2, length 64
I never get the ping reply, only the request. It seems Guest -> Host communication is fine.
On eth0:
> tcpdump -i eth0 icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
13:39:40.240561 IP 46-105-40-xxx.kimsufi.com > google-public-dns-a.google.com: ICMP echo request, id 50439, seq 1, length 64
13:39:40.250161 IP google-public-dns-a.google.com > 46-105-40-xxx.kimsufi.com: ICMP echo reply, id 50439, seq 1, length 64
I have the request and the reply on eth0, but reply is not forwarded to the bridge. I really don't understand why, I though it was the aim of the route to do that!
IPtables is disabled on both host and guest.
I really hope some of you will be able to help me!
Many thanks in advance,
Sébastien
