Charles Curley wrote: > On Thu, 17 Jun 2010 19:45:50 -0600 > Richard Esplin <richard-li...@esplins.org> wrote: > > >> What virtualization software (hypervisor) are you using? VMWare, >> VirtualBox, KVM, Xen? >> > qemu > >> How did you set up the NIC in the hypervisor? NAT vs bridged vs >> host-only? >> > > It says here, "Forwarding: NAT to any physical device". > >> In Virtualbox I set up two NICs, one as NAT and one as host-only in >> order to make my VM available to other VMs, the host, and enable >> access to the outside world while still protecting it from the host's >> physical network. >> > > What's the difference between NAT and host-only? > > I assume that in this context NAT means Network Address Translation, > i.e. the host acts as a firewall and does NATting. > > The software I'm using is libvirt 0.7.0. > > I also see that from a VM I can ping the host's virtual interface, i.e. > the IF on the virtual network. I can also ping its physical IF, which > is on a separate network >> Richard >> >> On Thursday, June 17, 2010 18:32:17 Charles Curley >> <charlescur...@charlescurley.com> wrote: >> >>> I have several VMs on a Ubuntu 9.10 host, and they have networking >>> set up. I can ssh in to them from the host, but not from other >>> machines, in spite of having the route set up correctly on the >>> other machines. >>> >>> I also notice that I can get updates on the VMs (yum, apt, etc.) but >>> not web pages from the outside world. But I can get web pages from >>> the host. >>> >>> So something is filtering the virtual network. What is it and how >>> do I control it? >>> are you using a gui or wrapper around libvirt to manage your VMs or are you using the libvirt tools directly? can you see the XML domain definitions for the VMs? if so, how is the networking configured for the VMs and on the host? what is the full command line that was used to invoke the qemu process? `cat /proc/<pid of vm qemu process>/cmdline` to get that.
as i understand it, the difference between a 'NAT' configuration and a 'host-only' configuration is that the necessary stuff for the host to perform NAT is done during the network configuration where host-only doesn't. so in host-only, there are no routes configured for the vms to reach outside networks automatically. from your description, it almost sounds like you are configuring multiple networks. one for each vm and then doing routing on the host between the vms. if this is how it is done, is ip forwarding enabled on the host? `cat /proc/sys/net/ipv4/ip_forward` to check. it sounds like it might not be since you are having trouble getting to the outside world from your vms. my next guess would be that there are rules in the iptables firewall that are preventing FORWARD traffic from getting between the hosts. these links may also help you in your quest. http://libvirt.org/formatnetwork.html http://wiki.qemu.org/Documentation/Networking hope that helps mike /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
