bridge does not forwarding packets centos

networking centos iptables bridge xen
13,852

Solution 1

First of all if you are using VirtualBox to host the XEN server please ensure to use Ethernet not Wireless network and set Promiscuous Mode to "Allow All".

Secondly just to make everything clean, let's start with clean installation of CentOS with XEN and install the Bridge Network and CentOS VM on it.

Assuming you have external server 192.168.1.6 with CentOS ISO extracted on /var/www/html/centos/6.3/os/i386/ and kickstart file on /var/www/html/centos/6.3/os/i386/ks.cfg and /var/www/html/centos/6.3/os/i386/repodata with correct names match names in repodata/TRANS.TBL file

On the XEN server (CentOS+XEN) install the following packages:

yum install -y rsync wget vim-enhanced openssh-clients
yum install -y libvirt python-virtinst libvirt-daemon-xen
yum install -y bridge-utils tunctl

Then edit ifcfg-* file to create the bridge

echo "DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes" > /etc/sysconfig/network-scripts/ifcfg-br0

echo "DEVICE=eth0
HWADDR=XX:XX:XX:XX:XX:XX
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
BRIDGE=br0" >  /etc/sysconfig/network-scripts/ifcfg-eth0

edit HWADDR=XX:XX:XX:XX:XX:XX line to match your MAC address. Don't reboot on ssh console, use VBox console

reboot

after reboot, assuming you have DHCP server the XEN server will got a new IP, login via VBox console to get the new IP

ifconfig result should be similar to

br0       Link encap:Ethernet  HWaddr 08:00:27:23:54:69  
          inet addr:192.168.1.105  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5063 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3142 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:34251267 (32.6 MiB)  TX bytes:361205 (352.7 KiB)

eth0      Link encap:Ethernet  HWaddr 08:00:27:23:54:69  
          inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:149910 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5045 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:182020057 (173.5 MiB)  TX bytes:493792 (482.2 KiB)

Now the bridge is ready you can use the IP of br0 to get ssh console again

To create a virtual machine on XEN which use previous bridge:

cd /var/lib/xen/images/

Create virtual disk:

dd if=/dev/zero of=centos_1.img bs=4K count=0 seek=1024K
qemu-img create -f raw centos_1.img 8G

Then use virt-install to create the VM:

virt-install -d -n TestVM1 -r 512 --vcpus=1 \
--bridge=br0 --disk /var/lib/xen/images/centos_1.img \
--nographics -p -l "http://192.168.1.6/centos/6.3/os/i386" \
--extra-args="text console=com1 utf8 console=hvc0 ks=http://192.168.1.6/centos/6.3/os/i386/ks.cfg"

Now the VM should start and be able to get IP from the DHCP server normally and able to complete unattended remote installation.

The ifconfig result on XEN should be similar to:

br0       Link encap:Ethernet  HWaddr 08:00:27:23:54:69  
          inet addr:192.168.1.105  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10247 errors:0 dropped:0 overruns:0 frame:0
          TX packets:8090 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:102264338 (97.5 MiB)  TX bytes:827859 (808.4 KiB)

eth0      Link encap:Ethernet  HWaddr 08:00:27:23:54:69  
          inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:998780 errors:0 dropped:0 overruns:0 frame:0
          TX packets:37992 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:724701715 (691.1 MiB)  TX bytes:2897912 (2.7 MiB)


vif5.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF  
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:37 errors:0 dropped:0 overruns:0 frame:0
          TX packets:67 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32 
          RX bytes:4381 (4.2 KiB)  TX bytes:9842 (9.6 KiB)

After the installation complete you can use xen console to get the IP of it, then you can have ssh console on it.

Solution 2

I hope you find this helpful, I got it from here
bridge does not forward all traffic through the bridge

cause: Network bridges will not forward all traffic across the bridge. By definition, a bridge will forward broadcast traffic. Other network traffic is only forwarded when the target (MAC address) is on the the other side of the traffic; if the MAC address is not on the other side of the traffic, then it will not be forwarded.

solution: You will need to set up forwarding rules in "ip tables" to forward all traffic through the bridge. Unfortunately, there are too many variables for this document to detail how to do it. If you need to implement this solution, you may need to contact a Novell Linux partner.

solution: An alternative solution is to do PCI pass through, which is well documented in the Xen documentation. The caveaut, however, is that it is only currently available for para-virtual Domians at this time. Newer chips and motherboards which support the Intel-VTd technology will allow you to use PCI pass through with fully virtual domains.

Solution 3

No sure if it will solve the problem, but have you tried opening /etc/sysctl.conf and setting:

net.ipv4.ip_forward = 1

You might need to restart network to reload the new configuration:

service network restart
Share:
13,852

Related videos on Youtube

Steve
Author by

Steve

Updated on September 18, 2022

Comments

  • Steve
    Steve over 1 year

    I am using CentOS 6.5 64 and use xen to create a virtual machine (CentOS)

    ifconfig

    [root@CentOS ~]# ifconfig
eth0      Link encap:Ethernet  HWaddr 08:00:27:54:B3:FA
          inet6 addr: fe80::a00:27ff:fe54:b3fa/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:10087 errors:0 dropped:0 overruns:0 frame:0
          TX packets:6094 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:763616 (745.7 KiB)  TX bytes:541789 (529.0 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:5 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:560 (560.0 b)  TX bytes:560 (560.0 b)

vif2.0    Link encap:Ethernet  HWaddr FE:FF:FF:FF:FF:FF
          inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:32 errors:0 dropped:0 overruns:0 frame:0
          TX packets:3969 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:32
          RX bytes:2088 (2.0 KiB)  TX bytes:267825 (261.5 KiB)

xenbr0    Link encap:Ethernet  HWaddr 08:00:27:54:B3:FA
          inet addr:192.168.1.2  Bcast:192.168.1.255  Mask:255.255.255.0
          inet6 addr: fe80::a00:27ff:fe54:b3fa/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:9896 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1892 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:613149 (598.7 KiB)  TX bytes:284945 (278.2 KiB)

    brctl show

    [root@CentOS ~]# brctl show
bridge name     bridge id               STP enabled     interfaces
xenbr0          8000.08002754b3fa       yes             eth0
                                                        vif2.0

    xl network-list

    [root@CentOS ~]# xl network-list xc
Idx BE Mac Addr.         handle state evt-ch   tx-/rx-ring-ref BE-path
0   0  00:16:3e:22:4f:4b     0     4     10   768/769         /local/domain/0/backend/vif/2/0

    brctl showmacs xenbr0

    [root@CentOS ~]# brctl showmacs xenbr0
port no mac addr                is local?       ageing timer
  2     00:16:3e:22:4f:4b       no                89.35
  1     00:1e:8c:19:62:67       no                 0.00
  1     00:22:6b:fe:b9:36       no                 4.92
  1     08:00:27:54:b3:fa       yes                0.00
  1     90:c1:15:c4:89:6d       no                25.00
  1     e0:2a:82:3d:c0:c5       no                 3.78
  2     fe:ff:ff:ff:ff:ff       yes                0.00

    Ping

    ping the virtual machine from same host 

    [root@CentOS ~]# ping 192.168.1.120
PING 192.168.1.120 (192.168.1.120) 56(84) bytes of data.
64 bytes from 192.168.1.120: icmp_seq=1 ttl=64 time=2.78 ms
64 bytes from 192.168.1.120: icmp_seq=2 ttl=64 time=0.916 ms
64 bytes from 192.168.1.120: icmp_seq=3 ttl=64 time=0.917 ms
^C
--- 192.168.1.120 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2370ms
rtt min/avg/max/mdev = 0.916/1.538/2.782/0.879 ms

    ping the virtual machine from a device in local network 

    C:\Users\motaz>ping 192.168.1.120

Pinging 192.168.1.120 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.

    iptables

    [root@CentOS ~]#  iptables -L -v
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
   11   700 ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED
    0     0 ACCEPT     icmp --  any    any     anywhere             anywhere
    0     0 ACCEPT     all  --  lo     any     anywhere             anywhere
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            state NEW tcp dpt:ssh
    0     0 REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere            PHYSDEV match --physdev-is-bridged
    0     0 REJECT     all  --  any    any     anywhere             anywhere            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT 8 packets, 864 bytes)
 pkts bytes target     prot opt in     out     source               destination

    Any one who can give me an idea to solve this, i'll be grateful.

  • Steve
    Steve about 10 years
    I tried it before :(

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

xen creating a new virtual machine with bridge networking
tc on bridge port
ssh: connect to host * port 22: Connection timed out
Block port 111 on centos 7
VirtualBox: ifconfig does not show my ip address
how do I build a bridge between two virtual machines?
IPtables string match for some URLs
Unable to access the internet from my VirtualBox CentOS VM via wireless connection
Source Based Policy Routing & NAT (DNAT/SNAT) aka Multi WANs on CentOS 5
Centos/OVH: public IP on KVM virtual machine