Hi Mark, I have the feeling the NAT policies are interfering with this. Can you try without applying NAT rules?
On Wed, Nov 13, 2013 at 9:08 PM, Mark Biggers <mbigg...@ine.com> wrote: > The subject says it all. I am available on IRC -- see my signature, and > Google chat. > > I can get no "networking across a bridge" working, for the ONE "ebtables" > model. > > The platform is openSUSE 12.3 on a Thinkpad W530, plenty of memory & disk > space. Here's the info. ** Thank you in advance. ** > (An aside: am quite concerned, that I will *not* get the ONE Virtual > Router going in the future, since docs on that seem very thin. And I need > to be able to *drop* contextualization; some VMs we will be running can't > be modified for that). > > Mark Biggers > INE, Inc. > Durham, NC > Internets: Freenode.net IRC: markb1, #trizpug #trilug #opennebula > .. Google chat: mbiggers...@gmail.com > > ================ Script started on Wed Nov 13 14:36:39 2013 > > root@sealion:.../one > netstat -nr > Kernel IP routing table > Destination Gateway Genmask Flags MSS Window irtt > Iface > 0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 > br0 > 127.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 lo > 127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 > br0 > 192.168.122.0 192.168.1.250 255.255.255.0 UG 0 0 0 > br0 > > root@sealion:.../one > ip addr ## EDITED > 1: lo: > > 2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc > pfifo_fast master br0 state UP qlen 1000 > link/ether 3c:97:0e:ab:0a:de brd ff:ff:ff:ff:ff:ff > > 3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000 > > 4: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000 > link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff > > 13: tun0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen > 500 > link/ether 4a:2a:6d:26:0c:91 brd ff:ff:ff:ff:ff:ff > > 23: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP > link/ether 3c:97:0e:ab:0a:de brd ff:ff:ff:ff:ff:ff > inet 192.168.1.250/24 brd 192.168.1.255 scope global br0 > > 27: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > master br0 state UNKNOWN qlen 500 > link/ether fe:00:c0:a8:7a:02 brd ff:ff:ff:ff:ff:ff > > 29: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast > master br0 state UNKNOWN qlen 500 > link/ether fe:00:c0:a8:7a:03 brd ff:ff:ff:ff:ff:ff > > > root@sealion:.../one > brctl show > bridge name bridge id STP enabled interfaces > br0 8000.3c970eab0ade no eth0 > vnet0 > vnet1 > root@sealion:.../one > ebtables -t nat -L > Bridge table: nat > > Bridge chain: PREROUTING, entries: 2, policy: ACCEPT > -p IPv4 -i eth0 --ip-dst 192.168.122.2 -j dnat --to-dst 2:0:c0:a8:7a:2 > --dnat-target ACCEPT > -p ARP -i eth0 --arp-ip-dst 192.168.122.2 -j dnat --to-dst 2:0:c0:a8:7a:2 > --dnat-target ACCEPT > > Bridge chain: OUTPUT, entries: 0, policy: ACCEPT > > Bridge chain: POSTROUTING, entries: 1, policy: ACCEPT > -o eth0 -j snat --to-src 3c:97:e:ab:a:de --snat-arp --snat-target ACCEPT > > Bridge chain: libvirt-I-vnet0, entries: 0, policy: ACCEPT > > Bridge chain: libvirt-O-vnet0, entries: 0, policy: ACCEPT > > Bridge chain: I-vnet0-mac, entries: 0, policy: ACCEPT > > Bridge chain: I-vnet0-ipv4-ip, entries: 0, policy: ACCEPT > > Bridge chain: O-vnet0-ipv4, entries: 0, policy: ACCEPT > > Bridge chain: I-vnet0-arp-mac, entries: 0, policy: ACCEPT > > Bridge chain: I-vnet0-arp-ip, entries: 0, policy: ACCEPT > > Bridge chain: I-vnet0-rarp, entries: 0, policy: ACCEPT > > Bridge chain: O-vnet0-rarp, entries: 0, policy: ACCEPT > > Bridge chain: libvirt-I-vnet1, entries: 0, policy: ACCEPT > > Bridge chain: libvirt-O-vnet1, entries: 0, policy: ACCEPT > > Bridge chain: I-vnet1-mac, entries: 0, policy: ACCEPT > > Bridge chain: I-vnet1-ipv4-ip, entries: 0, policy: ACCEPT > > Bridge chain: O-vnet1-ipv4, entries: 0, policy: ACCEPT > > Bridge chain: I-vnet1-arp-mac, entries: 0, policy: ACCEPT > > Bridge chain: I-vnet1-arp-ip, entries: 0, policy: ACCEPT > > Bridge chain: I-vnet1-rarp, entries: 0, policy: ACCEPT > > Bridge chain: O-vnet1-rarp, entries: 0, policy: ACCEPT > > > r...@sealion.ine.corp:one # ebtables -t broute -L > Bridge table: broute > > Bridge chain: BROUTING, entries: 0, policy: ACCEPT > > root@sealion:.../one > ebtables -t filter -L > Bridge table: filter > > Bridge chain: INPUT, entries: 0, policy: ACCEPT > > Bridge chain: FORWARD, entries: 4, policy: ACCEPT > -s ! 2:0:c0:a8:7a:0/ff:ff:ff:ff:ff:0 -o vnet0 -j DROP > -s ! 2:0:c0:a8:7a:2 -i vnet0 -j DROP > -s ! 2:0:c0:a8:7a:0/ff:ff:ff:ff:ff:0 -o vnet1 -j DROP > -s ! 2:0:c0:a8:7a:3 -i vnet1 -j DROP > > Bridge chain: OUTPUT, entries: 0, policy: ACCEPT > > > root@sealion:.../one > iptables -L > Chain INPUT (policy ACCEPT) > target prot opt source destination > > Chain FORWARD (policy ACCEPT) > target prot opt source destination > TCPMSS tcp -- anywhere anywhere tcp > flags:SYN,RST/SYN TCPMSS clamp to PMTU > > Chain OUTPUT (policy ACCEPT) > target prot opt source destination > > > root@sealion:.../one > traceroute -nr 192.168.122.2 > traceroute to 192.168.122.2 (192.168.122.2), 30 hops max, 40 byte packets > using UDP > Unable to connect to 192.168.122.2: Network is unreachable > > root@sealion:.../one > traceroute -nr 192.168.122.3 > traceroute to 192.168.122.3 (192.168.122.3), 30 hops max, 40 byte packets > using UDP > Unable to connect to 192.168.122.3: Network is unreachable > > root@sealion:.../one > traceroute -nr 192.168.122.1 > traceroute to 192.168.122.1 (192.168.122.1), 30 hops max, 40 byte packets > using UDP > Unable to connect to 192.168.122.1: Network is unreachable > > root@sealion:.../one > ping 192.168.122.1 > PING 192.168.122.1 (192.168.122.1) 56(84) bytes of data. > 64 bytes from 192.168.122.1: icmp_seq=1 ttl=64 time=0.372 ms > 64 bytes from 192.168.122.1: icmp_seq=2 ttl=64 time=0.232 ms > ^C > --- 192.168.122.1 ping statistics --- > 2 packets transmitted, 2 received, 0% packet loss, time 999ms > rtt min/avg/max/mdev = 0.232/0.302/0.372/0.070 ms > > root@sealion:.../one > ping 192.168.122.2 > PING 192.168.122.2 (192.168.122.2) 56(84) bytes of data. > ^C > --- 192.168.122.2 ping statistics --- > 3 packets transmitted, 0 received, 100% packet loss, time 1999ms > > root@sealion:.../one > exit > exit > > Script done on Wed Nov 13 14:41:06 2013 > > > neadmin@sealion:~ > onevm show 27 >> netw-email.info > > VIRTUAL MACHINE 27 INFORMATION > ID : 27 > NAME : vyatta-router > USER : oneadmin > GROUP : oneadmin > STATE : ACTIVE > LCM_STATE : RUNNING > RESCHED : No > HOST : host01 > START TIME : 11/13 11:02:20 > END TIME : - > DEPLOY ID : one-27 > > VIRTUAL MACHINE MONITORING > USED MEMORY : 1024M > USED CPU : 0 > NET_TX : 3K > NET_RX : 157K > > PERMISSIONS > OWNER : um- > GROUP : --- > OTHER : --- > > VM DISKS > ID TARGET IMAGE TYPE SAVE SAVE_AS > 0 vda Vyatta Core 6.5R1 - kvm file NO - > > VM NICS > ID NETWORK VLAN BRIDGE IP MAC > 0 cloud yes br0 192.168.122.2 > 02:00:c0:a8:7a:02 > fe80::400:c0ff:fea8:7a02 > > VIRTUAL MACHINE HISTORY > SEQ HOST ACTION REAS START TIME > PROLOG > 0 host01 none none 11/13 11:02:30 0d 03h43m > 0h00m21s > > VIRTUAL MACHINE TEMPLATE > CONTEXT=[ > DISK_ID="1", > ETH0_DNS="192.168.1.1", > ETH0_GATEWAY="192.168.122.1", > ETH0_IP="192.168.122.2", > ETH0_MASK="255.255.255.0", > ETH0_NETWORK="192.168.122.0/24", > NETWORK="YES", > TARGET="vdb" ] > CPU="1" > GRAPHICS=[ > LISTEN="0.0.0.0", > PORT="5927", > TYPE="VNC" ] > MEMORY="1024" > OS=[ > ARCH="i686", > BOOT="hd" ] > TEMPLATE_ID="25" > VMID="27" > > oneadmin@sealion:~ > onehost show 5 >> netw-email.info > > HOST 5 INFORMATION > ID : 5 > NAME : host01 > CLUSTER : - > STATE : MONITORED > IM_MAD : kvm > VM_MAD : kvm > VN_MAD : ebtables > LAST MONITORING TIME : 11/13 14:47:30 > > HOST SHARES > TOTAL MEM : 31G > USED MEM (REAL) : 1.9G > USED MEM (ALLOCATED) : 1024M > TOTAL CPU : 800 > USED CPU (REAL) : 112 > USED CPU (ALLOCATED) : 100 > RUNNING VMS : 1 > > MONITORING INFORMATION > ARCH="x86_64" > CPUSPEED="3000" > FREECPU="688.0" > FREEMEMORY="30515816" > HOSTNAME="sealion.ine.corp" > HYPERVISOR="kvm" > MODELNAME="Intel(R) Core(TM) i7-3940XM CPU @ 3.00GHz" > NETRX="0" > NETTX="0" > TOTALCPU="800" > TOTALMEMORY="32557228" > USEDCPU="112.0" > USEDMEMORY="2041412" > > VIRTUAL MACHINES > > ID USER GROUP NAME STAT UCPU UMEM HOST > TIME > 27 oneadmin oneadmin vyatta-router runn 0 1024M host01 0d > 03h47 > > > > _______________________________________________ > Users mailing list > Users@lists.opennebula.org > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > -- Jaime Melis Project Engineer OpenNebula - Flexible Enterprise Cloud Made Simple www.OpenNebula.org | jme...@opennebula.org
_______________________________________________ Users mailing list Users@lists.opennebula.org http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
