GUESTS networking not working at all. In other words guest can not ping host or lan gateway.
- I have br0 bridge already created, also brctl show that vnet0 was properly added by KVM to br0 on guest startup
- I have set ip_forward to 1
- Iptables is off and not even installed which should not be needed since I just need the GUESTS
to have direct access to the router/lan through the bridged br0
I have this setup working on other systems with centos host but I'm new to debian and not sure what I may have forgotten to do.
Host networking seems to work fine, eth0 no longer has an IP and br0 has the IP that eth0 used to have. brctl show command shows br0 with eth0 enslaved when Guests are off and when Guest is on it shows both eth0 and vnet0
I JUST GOT IT TO WORK by simply changing from VIRTIO to the RTL network interface, which is the same thing as choosing "hypervisor default".
Also the output of lsmod | grep virtio
virtio_pci 17389 0
virtio_net 26553 0
virtio_blk 17341 0
virtio_ring 17469 3 virtio_blk,virtio_net,virtio_pci
virtio 13058 3 virtio_blk,virtio_net,virtio_pci
I had to manually add virtio with modprobe virtio but it still didn't fix problem. I did not reboot after adding kernel modules with modprobe virtio etc but I did restart libvirtd and virt-manager
It is working properly but not with virtio. Is there potential issue with kernel? how do I check kernel config, this is a debian Jessie with uname -a
output
Linux vmserver 3.14-2-amd64 #1 SMP Debian 3.14.15-2 (2014-08-09) x86_64 GNU/Linux
Thanks to mase. for cleaning up my first post. I just noticed that /sys/devices/virtio folder does not exist on the guest but /sys/devices/virtual/net/lo does, but no /sys/devices/virtual/net/eth0
ifconfig on the centos 6.4 "guest" shows that eth0 got 0 bytes RX but 14kB TX so I guess its not receiving any communication. I don't give up to easy but I wasn't looking forward to rebuilding kernels from scratch on both guest and host.
Best Answer
Did you enable masquerading in iptables?
Check with
You should see something like:
If you don't see MASQUERADE in your iptables, you can allow it using:
Of course, replace the IP range with the one you're using.