1
I might be missing something obvious, as I couldn't find anything that would explain why I can't get this to work. I'm not new to libvirt, kvm, qemu, just to macvtap. To be honest, I can't figure out why macvtap is more beneficial than configuring guests to use an isolated and NAT networks instead, which is straightforward. If anyone could elaborate on that too, it would be terrific.
My situation is this:
I have an Arch Linux host, on which I'm setting up a few Debian guests as a lab.
My physical interface on the host is wi0, a wireless interface, which is connected to my LAN, 192.168.1.0/24.
My “debian_01” guest (192.168.1.251) has the the following stanza, which connects it to macvtap0:
<interface type='direct'>
<mac address='52:54:00:cb:a4:08'/>
<source dev='wi0' mode='bridge'/>
<target dev='macvtap0'/>
<model type='virtio'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x10' function='0x0'/>
</interface>
(Swapping bridge with vepa doesn't make any difference; I tried them both.)
(“debian_02” has a similar stanza, with different MAC address, macvtap1, net1.)
Routing table on “debian_01” has an appropriate entry:
192.168.1.0/24 dev ens16 proto kernel scope link src 192.168.1.251
Both guests (debian_01, debian_02) can ping each other fine; however, pinging anything on the LAN seems to be failing due to ARP. This is what I'm seeing on my Arch host when I'm trying to ping my LAN router:
HOST$ tcpdump -nnnqti macvtap0
ARP, Request who-has 192.168.1.254 tell 192.168.1.251, length 28
ARP, Request who-has 192.168.1.254 tell 192.168.1.251, length 28
ARP, Request who-has 192.168.1.254 tell 192.168.1.251, length 28
ARP, Request who-has 192.168.1.254 tell 192.168.1.251, length 28
Iptables have been updated to -j ACCEPT anything coming either from macvtap0 or 192.168.1.251 (debian_01), but no dice.
sysctl on the host:
net.ipv4.conf.all.forwarding = 1
What else is there to do to make those guests talk to other machines within my LAN through their macvtaps?
I'll be happy to share any more information if needed.
ChubbyPixel
Posted 2017-08-21T03:50:25.647
Reputation: 11