For all people with the same problem:
I am using "arno-iptables-firewall" on the host. To make any guest
"work" you have to open the forward chain for it:
~$ cat
/etc/arno-iptables-firewall/custom-rules
# Put any custom (iptables) rules here down below:
##################################################
# guest
iptables -A FORWARD -i br0 -d 113.203.209.165 -j ACCEPT
iptables -A FORWARD -o br0 -s 113.203.209.165 -j ACCEPT
Where 113.203.209.165 is the ip number of the guest of course. Keep
in mind, that you have to tell arno-iptables-firewall, that the
external interface on the host is "br0" and not "eth0". On the guest
the external interface is "eth0".
-Thorsten-
Am 18.05.2012 12:37, schrieb Thorsten Göllner:
Ups: I solved it now! On my kvm host the forward chain in iptables
was set to "blocked". Changing it to "accept" solved the problem.
Till this day I though, that the forward chain is only used in
nat-environment. So I will take a deeper look in iptables now.
Am 18.05.2012 12:29, schrieb Thorsten Göllner:
Yes, it was another typo. Sorry for that.
My kvm host is attached to a switch with another 4 servers in
our rack (it is mesh solution düsseldorf and not hetzner).
I tried the following as suggested by serge: On another server
connected to my switch I started tcpdump. On my guest I started
a ping to the server with tcpdump. I can see, that the ping
packet on the guest starts an arp request. My server (with
running tcpdump) replies to the arp request correctly. In the
guest I can see a correct arp table:
~# arp-n
Address HWtype HWaddress Flags Mask Iface
113.203.209.161 ether 00:15:17:0e:6a:a9 C eth0
113.203.209.162 ether 00:22:15:41:13:23 C eth0
The first entry is that of my default gateway. The second one is
that of my server running tcpdump.
On the server running tcpdump (server name ist nostradamus2) I
can see that:
# tcpdump host
113.203.209.165
tcpdump: verbose output suppressed, use -v or -vv for full
protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size
65535 bytes
12:28:19.370690 ARP, Request who-has nostradamus2 tell
165.209.203.113.static.inetbone.net, length 46
12:28:19.370703 ARP, Reply nostradamus2 is-at
00:22:15:41:13:23 (oui Unknown), length 28
So the question sould be: why does the guest not receive the arp
reply from my server?!
Am 18.05.2012 11:52, schrieb Michael Zoet:
Hi,
Am 18.05.2012 10:57, schrieb Thorsten Göllner:
Sorry, my fault. I had a typo. The broadcst is configured
correctly: 113.203.209.191
Any other idea?
yes but may be it is another typo:
ON THE GUEST:
=============
~$
ifconfig
eth0 Link encap:Ethernet HWaddr
52:54:00:d2:d1:73
inet addr:113.203.209.165
Bcast:213.203.09.191 Mask:255.255.255.224
[...]
~$ route -n
Kernel
IP routing table
Destination Gateway Genmask
Flags Metric Ref Use Iface
0.0.0.0 113.203.209.161 0.0.0.0
UG 100 0 0 eth0
1213.203.209.160 0.0.0.0 255.255.255.224
U 0 0 0 eth0
An IP of 1213.203.209.160
in your default route does not exist in IPv4 ;-). The 1213 is
much too high ;-) and I think the 2 should be deleted. But I
also think your routing is not correct. In my opinion there
should be 113.203.209.163(the
IP of your KVM host) instead of 113.203.209.161 and 113.203.209.0
instead of 1213.203.209.16.
But these are only guesses and it depends on how routing is
done in your data center. (I think you are using Hetzner and
Hetzner does not allow you to use their gateway with other MAC
addresses than your KVM host!) Maybe it is a typo but may be
not because you used the command "route -n".
If you realy want some help you should post config files! It
is easier to track problems.
By,
michael
--
Thorsten Göllner
OVM Office Voice Media GmbH
Herderstrasse 68
40237 Düsseldorf
Tel.: +49(0)211 / 618 57 53
Fax: +49(0)211 / 618 57 54
--
Thorsten Göllner
OVM Office Voice Media GmbH
Herderstrasse 68
40237 Düsseldorf
Tel.: +49(0)211 / 618 57 53
Fax: +49(0)211 / 618 57 54
--
Thorsten Göllner
OVM Office Voice Media GmbH
Herderstrasse 68
40237 Düsseldorf
Tel.: +49(0)211 / 618 57 53
Fax: +49(0)211 / 618 57 54
|
--
ubuntu-server mailing list
ubuntu-server@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-server
More info: https://wiki.ubuntu.com/ServerTeam
