Debian – Guest networking not working on Debian Jessie Host server KVM with br0 bridged network

bridgedebiankvm-virtualizationqemuvirtualization

GUESTS networking not working at all. In other words guest can not ping host or lan gateway.

  • I have br0 bridge already created, also brctl show that vnet0 was properly added by KVM to br0 on guest startup
  • I have set ip_forward to 1
  • Iptables is off and not even installed which should not be needed since I just need the GUESTS
    to have direct access to the router/lan through the bridged br0

I have this setup working on other systems with centos host but I'm new to debian and not sure what I may have forgotten to do.

Host networking seems to work fine, eth0 no longer has an IP and br0 has the IP that eth0 used to have. brctl show command shows br0 with eth0 enslaved when Guests are off and when Guest is on it shows both eth0 and vnet0

I JUST GOT IT TO WORK by simply changing from VIRTIO to the RTL network interface, which is the same thing as choosing "hypervisor default".
Also the output of lsmod | grep virtio

virtio_pci             17389  0
virtio_net             26553  0
virtio_blk             17341  0
virtio_ring            17469  3 virtio_blk,virtio_net,virtio_pci
virtio                 13058  3 virtio_blk,virtio_net,virtio_pci

I had to manually add virtio with modprobe virtio but it still didn't fix problem. I did not reboot after adding kernel modules with modprobe virtio etc but I did restart libvirtd and virt-manager

It is working properly but not with virtio. Is there potential issue with kernel? how do I check kernel config, this is a debian Jessie with uname -a output

Linux vmserver 3.14-2-amd64 #1 SMP Debian 3.14.15-2 (2014-08-09) x86_64 GNU/Linux

Thanks to mase. for cleaning up my first post. I just noticed that /sys/devices/virtio folder does not exist on the guest but /sys/devices/virtual/net/lo does, but no /sys/devices/virtual/net/eth0

ifconfig on the centos 6.4 "guest" shows that eth0 got 0 bytes RX but 14kB TX so I guess its not receiving any communication. I don't give up to easy but I wasn't looking forward to rebuilding kernels from scratch on both guest and host.

Best Answer

Did you enable masquerading in iptables?

Check with 

iptables -L -t nat

You should see something like:

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  all  --  10.0.0.0/24          !10.0.0.0/24

If you don't see MASQUERADE in your iptables, you can allow it using:

iptables -t nat -A POSTROUTING -s 10.0.0.0/24 ! -d 10.0.0.0/24 -j MASQUERADE

Of course, replace the IP range with the one you're using.

Related Topic