Robert Strickler píše v St 17. 09. 2014 v 18:49 -0700:
I am trying to define a network tht just bridges the traffic between
the virtual machine network and the LAN attached to eth0
No dnsmasq/dhcp as it is difficult to impossible to tie dnsmasq to the
master ISC servers on the LAN.
It should forward/receive packets like a standard hardware bridge
The virtual guests should get their addressing from the dhcp server on
the LAN and DNS from the server as well.
with the following I can not get dhcp discover reply from the LAN
server, nor can I manually code the IP/gateway/DNS and ping the hard
address (172.30.2.33) can anyone tell me what I am missing? Vhost and
vguest are both CENTOS7
There is longstanding bug in Fedora (from F13 to F20, CentOS7 incl.)
which breaks bridge communication for libvirt.
It is combination of systemd/NetworkManager/firewalld/libvirtd. See:
https://bugzilla.redhat.com/show_bug.cgi?id=634736
and solution is described in:
man sysctl.d
If you disable firewalld and it will work you have the same problem.
Or you can check if sysctl returns 0 or 1 for bridge (0 is correct for
bridge settings)
sysctl -a | grep bridge
net.bridge.bridge-nf-call-arptables = 1
net.bridge.bridge-nf-call-ip6tables = 1
net.bridge.bridge-nf-call-iptables = 1
or
net.bridge.bridge-nf-call-arptables = 0
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
One solution is to create udev rule:
echo 'ACTION=="add", SUBSYSTEM=="module",
KERNEL=="bridge", RUN+="/usr/lib/systemd/systemd-sysctl
--prefix=/proc/sys/net/bridge"' > /etc/udev/rules.d/99-bridge.rules
It works for me.
Pavel
======================
<networkstatus>
<class_id bitmap='0-2'/>
<floor sum='0'/>
<network>
<name>plain</name>
<uuid>31f78c2c-257d-4c57-82e5-0c53deadbeef</uuid>
<forward mode='bridge'/>
<bridge name='virbr1' />
<mac address='52:54:00:b1:34:77'/>
<domain name='plain'/>
<ip address='172.30.2.1' netmask='255.255.255.0'>
<dhcp relay='yes'/>
<dhcp enable='no' relay='yes'/>
<!--
The relay will not be started if the "enable" property is 'no':
-->
</ip>
</network>
</networkstatus>
===========================
A routed environment would be acceptable, but bridged is better as it
should not be required to change my routing on the gateway router
TIA,
Bob
_______________________________________________
virt mailing list
virt(a)lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/virt
--
Pavel Lisý <pavel.lisy(a)tmapy.cz>