Re: Public IP on virtual machine network issue
Hi, as Tom says, check iptables forward rules. Also, you can check host sysctl ipv4/6 global and per interface rules to double check bridge forward capabilities. Finally, check your routes on guest vm, especially the default gw, sometimes you can receive the packet and the answer is sent through the wrong interface because of bad routes. Best Regards. Daniel Romero P. On Sun, Feb 13, 2022 at 7:39 PM Tom Ammon wrote: > Can you post the output of iptables -L? > > By default, the bridge module in the kernel sends packets traversing the > bridge to iptables (in the FORWARD chain I believe) for processing. So if > you have configured a DENY policy on the FORWARD chain, or are otherwise > filtering in the forward chain, you'll be affecting packets traversing the > bridge. Check out this page for details on how to change this behavior: > https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf > > Tom > > On Sun, Feb 13, 2022 at 4:08 PM Marcin Groszek > wrote: > >> I have been struggling with this for weeks and I was unable to find an >> answer on line. Perhaps someone here can help me. >> >> Oracle linux 8 running virtualization: >> >> hardware node has a public IP address on interface bridge0 and physical >> eno1 is a member of the bridge0 >> >> a virtual OS has interface bridged to lan and source is bridge0, Ip >> address of virtual OS is also a public from same class as the hardware >> node. >> >> I can route in and out of virtual, I can ping from hardware node to >> virtual and vice versa, so the routing works as it should, sort of. >> >> When I try tracepath or traceroute from outside to virtual I get !H on >> last hup >> >> same result when I try to do the same form hardware node to virtual I get >> !H >> >> Also, when I telnet (TCP) to a specific port on virtual where I have a >> daemon LISTENING OR NOT I get: No route to host. Same experiment works >> just fine for ssh port. >> >> Firewalld is not running, and I just have very basic iptables rules like >> allowing external address block to ssh to hardware node and to virtual >> dropping connections from all other sources >> >> This issue presented it self when I attempted to setup a galera node on >> virtual and ports 4567 is responding but 4568 and are not, but the >> daemons are running and I can clearly see lsoft showing "LISTENING" >> >> I capture the traffic and the tcp as well as udp are getting to the >> virtual. Is there a preconfigured netfiltering that I am not aware of? >> >> What am I missing? >> >> >> >> >> -- >> Best Regards: >> Marcin Groszek >> Business Voip Resource. >> http://www.voipplus.net >> >> > > -- > > - > Tom Ammon > M: (737) 400-9042 > thomasam...@gmail.com > > - >
Re: qemu+ssh connections to a remote libvirt fail as ssh banner configured
Hi Jiri, Get it! Have tried and it works well, Thank you all! On Thu, Feb 10, 2022 at 6:14 PM Jiri Denemark wrote: > On Thu, Feb 10, 2022 at 17:47:43 +0800, Yalan Zhang wrote: > > Thank you! I tried /etc/motd, and it does not impact the libvirt > connection. > > Happy to learn something new! > > Alternatively if you really need to run commands in .bashrc which can > potentially print some output, you can put them after a check for > interactive shell: > > if [[ $- != *i* ]] ; then > # Shell is non-interactive. Be done now! > return > fi > > echo "Interactive shell here. How are you?" > > Jirka > >
Re: Public IP on virtual machine network issue
Can you post the output of iptables -L? By default, the bridge module in the kernel sends packets traversing the bridge to iptables (in the FORWARD chain I believe) for processing. So if you have configured a DENY policy on the FORWARD chain, or are otherwise filtering in the forward chain, you'll be affecting packets traversing the bridge. Check out this page for details on how to change this behavior: https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf Tom On Sun, Feb 13, 2022 at 4:08 PM Marcin Groszek wrote: > I have been struggling with this for weeks and I was unable to find an > answer on line. Perhaps someone here can help me. > > Oracle linux 8 running virtualization: > > hardware node has a public IP address on interface bridge0 and physical > eno1 is a member of the bridge0 > > a virtual OS has interface bridged to lan and source is bridge0, Ip > address of virtual OS is also a public from same class as the hardware > node. > > I can route in and out of virtual, I can ping from hardware node to > virtual and vice versa, so the routing works as it should, sort of. > > When I try tracepath or traceroute from outside to virtual I get !H on > last hup > > same result when I try to do the same form hardware node to virtual I get > !H > > Also, when I telnet (TCP) to a specific port on virtual where I have a > daemon LISTENING OR NOT I get: No route to host. Same experiment works > just fine for ssh port. > > Firewalld is not running, and I just have very basic iptables rules like > allowing external address block to ssh to hardware node and to virtual > dropping connections from all other sources > > This issue presented it self when I attempted to setup a galera node on > virtual and ports 4567 is responding but 4568 and are not, but the > daemons are running and I can clearly see lsoft showing "LISTENING" > > I capture the traffic and the tcp as well as udp are getting to the > virtual. Is there a preconfigured netfiltering that I am not aware of? > > What am I missing? > > > > > -- > Best Regards: > Marcin Groszek > Business Voip Resource. > http://www.voipplus.net > > -- - Tom Ammon M: (737) 400-9042 thomasam...@gmail.com -
Public IP on virtual machine network issue
I have been struggling with this for weeks and I was unable to find an answer on line. Perhaps someone here can help me. Oracle linux 8 running virtualization: hardware node has a public IP address on interface bridge0 and physical eno1 is a member of the bridge0 a virtual OS has interface bridged to lan and source is bridge0, Ip address of virtual OS is also a public from same class as the hardware node. I can route in and out of virtual, I can ping from hardware node to virtual and vice versa, so the routing works as it should, sort of. When I try tracepath or traceroute from outside to virtual I get !H on last hup same result when I try to do the same form hardware node to virtual I get !H Also, when I telnet (TCP) to a specific port on virtual where I have a daemon LISTENING OR NOT I get: No route to host. Same experiment works just fine for ssh port. Firewalld is not running, and I just have very basic iptables rules like allowing external address block to ssh to hardware node and to virtual dropping connections from all other sources This issue presented it self when I attempted to setup a galera node on virtual and ports 4567 is responding but 4568 and are not, but the daemons are running and I can clearly see lsoft showing "LISTENING" I capture the traffic and the tcp as well as udp are getting to the virtual. Is there a preconfigured netfiltering that I am not aware of? What am I missing? -- Best Regards: Marcin Groszek Business Voip Resource. http://www.voipplus.net
