KVM Networking Hell

Jamie McDonald jmack at iclebyte.com
Thu Jun 10 14:56:25 UTC 2010 

On Thu, Jun 10, 2010 at 9:16 AM, Soren Hansen <soren at ubuntu.com> wrote:

> On Wed, Jun 09, 2010 at 11:09:48PM +0100, Jamie McDonald wrote:
> >> I'm not sure if this output got linebroken somewhere. Can you perhaps
> >> make sure the terminal you're using is large enough to hold the
> >> output and put it on a pastebin so we can be sure noone's e-mail
> >> application is messing with the formatting?
> > I have pasted a new copy here: http://pastebin.org/322148
>
> I still think it looks kind of weird. I was expecting vnet0 to be
> directly underneath eth0, but meh. It's probably fine.
>

You are correct, it does actually appear under eth0 - the paste bin ruined
the formatting too and I wasn't diligent enough to check it.


>
> >> Ok. And you haven't used Eucalyptus? It's the only thing I know of
> >> that might fiddle with brtables behind the scenes.
> > No I have not used Eucalyptus - this is a standard 9.10 build of
> > Ubuntu server from Fasthosts.
>
> Oh. So this is running in a hosted environment?
>

Yes it is, it's a dedicated server running within Fasthosts datacenter in
the UK


>
> > During my experiments this afternoon I have actually become more
> > confused.  I have removed all firewall rules from the host in order to
> > test as suggested by Alex (thankyou for your input kind sir). IP
> > Forwarding is enabled (even though it should make no difference) and
> > the following rules were added (although again I really don't think I
> > should need them).
> >
> > /sbin/iptables -A FORWARD -d 88.208.249.45 -j ACCEPT
> > /sbin/iptables -A FORWARD -s 88.208.249.45 -j ACCEPT
>
> Right, your host does /not/ act as a router or gateway of any kind for
> the guest, so iptables and routing and whatnot does not factor into it
> at all.
>

Thankyou for clarifying this, various sources on the internet seem to have
conflicting information.


>
> > Any other suggestions I could try? Is there anything which Fasthosts
> > could have in place which could inhibit a bridged network from
> > operating correctly?
>
> Certainly. I hadn't considered that this might be running in a hosted
> environment.  Perhaps the port you're connected to only allows one
> specific MAC (your host's, of course) in an effort to prevent MAC
> spoofing on the network.  This is a problem because your VM has its own
> MAC address which is seen on the network (since the host does not act as
> a router for it).
>
> I'm assuming you got assigned multiple IP's. Are they expecting you to
> route those IP's or something?
>

As it turns out Soren, you were correct. I contacted Fasthost's support and
they've added the new MAC address of the VM to the switch for me. They even
came and checked out this mailing list and mentioned you by name in the
support ticket to confirm that your thinking was corrected. I can now ping
the VM from an external location.

Thankyou to everyone on the list who gave input on the issue, and a massive
public thanks to Fasthosts for being so thorough in their support.

Hopefully this thread will help someone else who tries to run virtual
machines on Fasthost infrastructure, at least now I know KVM / Bridging
inside out! =)

Kind Regards,
Jamie.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-server/attachments/20100610/5df47c89/attachment.html>

More information about the ubuntu-server mailing list