1

I have a server centos 6.2, it has several vm's using https://virt-manager.org/ the vms work great, no problems.

The problem I have is the parent server cant connect out using any protocol. DNS works fine, the vms use the bridged connection fine, but I cant connect out from the parent.

I have tried: - disabled ip tables - various protocols (http, https, firefox, curl, ssh)

The error when I try to connect out is "Network is Unreachable"

This machine was setup years ago by someone else, so it is hard to know what they have done here.

Here is a summary of my ifconfig

em1 - says it is connected, lots of packets in and out, it is setup to bridge to virbr0.

virbr0 - says it has an ip and lots of packets in and out.

All the vm's use virbr0

Just realized, I can also connect to the vm via http from the parent.

What can I check/try?

[![ip addr and ip route][1]][1]

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master virbr0 state UP qlen 1000
    link/ether 84:2b:2b:58:4c:ad brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.38/24 brd 192.168.1.255 scope global em1
       valid_lft forever preferred_lft forever
    inet6 fe80::862b:2bff:fe58:4cad/64 scope link 
       valid_lft forever preferred_lft forever
3: em2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master virbr0 state UP qlen 1000
    link/ether 84:2b:2b:58:4c:ae brd ff:ff:ff:ff:ff:ff
    inet6 fe80::862b:2bff:fe58:4cae/64 scope link 
       valid_lft forever preferred_lft forever
4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 84:2b:2b:58:4c:ad brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.38/24 brd 192.168.1.255 scope global virbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::862b:2bff:fe58:4cad/64 scope link 
       valid_lft forever preferred_lft forever
5: vif1.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master virbr0 state UP qlen 32
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fcff:ffff:feff:ffff/64 scope link 
       valid_lft forever preferred_lft forever

and ip route:

default via 192.168.1.1 dev em1 proto static 

169.254.0.0/16 dev virbr0  scope link  metric 1004 
192.168.1.0/24 dev virbr0  proto kernel  scope link  src 192.168.1.38 
192.168.1.0/24 dev em1  proto kernel  scope link  src 192.168.1.38  metric 1

Added 

brctl show
bridge name bridge id       STP enabled interfaces
virbr0      8000.842b2b584cad   no      em1
                            em2
                            vif1.0
Joelio
  • 177
  • 2
  • 14

2 Answers2

1

Remove ip address from em1 device and ensure your default route go throw virbr0.

pbacterio
  • 276
  • 2
  • 6
1

Could you post the output of "brctl show" as well?

There are two possible setups:

  1. There is an "internal" ip range on virbr0 used by your virtual machines, and your host OS performs NAT
  2. All machines are in the same 192.168.1.24 ip range

I guess 2) is most likely, in which case, as pbacterio mentioned, you have a routing conflict by configuring the same ip address (192.168.1.38) on two interfaces, so removing the ip from em1 should do the trick.

ip a del 192.168.1.38/24 dev em1

If this works, you should edit /etc/sysconfig/network-scripts/ifcfg-em1 so that it says something like the following:

DEVICE=em1
BOOTPROTO=none
ONBOOT=yes
HWADDR=84:2b:2b:58:4c:ad
BRIDGE=virbr0
NM-CONTROLLED=no

This way, the change persists after a reboot.

Nils
  • 301
  • 1
  • 3
  • the ip a del did not work. In my case one of the vm's is 192.168.1.40 and it works fine. I also do have 2 nic cards on this machine and I am wondering if previously it was setup to have the vm's on one and the host on another...not sure what to do. – Joelio Mar 24 '17 at 15:35
  • Could you double check that 192.168.1.1 is the default gateway? What does "tracepath 8.8.8.8" return? Can you compare the ARP entry for 192.168.1.1 with one you receive on the vm? (arp 192.168.1.1) – Nils Mar 24 '17 at 16:24
  • From host - tracepath fails tracepath 8.8.8.8 1: send failed Resume: pmtu 65535 [cmtaylor@new-host-9 ~]$ arp 192.168.1.1 Address HWtype HWaddress Flags Mask Iface FIOS_Quantum_Gateway.fi ether 48:5d:36:a6:16:8e C virbr0 – Joelio Mar 24 '17 at 19:49
  • From vm inside host: arp 192.168.1.1 Address HWtype HWaddress Flags Mask Iface FIOS_Quantum_Gateway.fi ether 48:5d:36:a6:16:8e C eth0 – Joelio Mar 24 '17 at 19:50
  • From vm inside host arp 192.168.1.1 Address HWtype HWaddress Flags Mask Iface FIOS_Quantum_Gateway.fi ether 48:5d:36:a6:16:8e C eth0 [root@SSMonitor ~]# traceroute 192.168.1.1 traceroute to 192.168.1.1 (192.168.1.1), 30 hops max, 60 byte packets 1 FIOS_Quantum_Gateway.fios-router.home (192.168.1.1) 0.448 ms 0.611 ms 0.753 ms [root@SSMonitor ~]# tracepath 8.8.8.8 1: new-host-10.fios-router.home (192.168.1.40) 0.138ms pmtu 1500 1: FIOS_Quantum_Gateway.fios-router.home (192.168.1.1) 0.628ms – Joelio Mar 24 '17 at 19:50
  • I think after I removed the ip em1 maybe I lost my default route, how do I add a default route back after that? – Joelio Mar 24 '17 at 19:51
  • ok I think this works now : I did : route add default gw 192.168.1.1 virbr0 – Joelio Mar 24 '17 at 19:54
  • How do I persist the change to the default route also? – Joelio Mar 24 '17 at 19:54
  • You will want "GATEWAY=192.168.1.1" in /etc/sysconfig/network-scripts/ifcfg-virbr0. If that doesn't exist, it could be that your bridge is managed libvirt, in which case you can put it in /etc/sysconfig/network. – Nils Mar 25 '17 at 19:22