bridge does not forwarding packets centos
Solution 1
First of all if you are using VirtualBox to host the XEN server please ensure to use Ethernet not Wireless network and set Promiscuous Mode to "Allow All".
Secondly just to make everything clean, let's start with clean installation of CentOS with XEN and install the Bridge Network and CentOS VM on it.
Assuming you have external server 192.168.1.6 with CentOS ISO extracted on /var/www/html/centos/6.3/os/i386/ and kickstart file on /var/www/html/centos/6.3/os/i386/ks.cfg and /var/www/html/centos/6.3/os/i386/repodata with correct names match names in repodata/TRANS.TBL file
On the XEN server (CentOS+XEN) install the following packages:
yum install -y rsync wget vim-enhanced openssh-clients
yum install -y libvirt python-virtinst libvirt-daemon-xen
yum install -y bridge-utils tunctl
Then edit ifcfg-* file to create the bridge
echo "DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes" > /etc/sysconfig/network-scripts/ifcfg-br0
echo "DEVICE=eth0
HWADDR=XX:XX:XX:XX:XX:XX
ONBOOT=yes
TYPE=Ethernet
IPV6INIT=no
USERCTL=no
BRIDGE=br0" > /etc/sysconfig/network-scripts/ifcfg-eth0
edit HWADDR=XX:XX:XX:XX:XX:XX
line to match your MAC address.
Don't reboot on ssh console, use VBox console
reboot
after reboot, assuming you have DHCP server the XEN server will got a new IP, login via VBox console to get the new IP
ifconfig result should be similar to
br0 Link encap:Ethernet HWaddr 08:00:27:23:54:69
inet addr:192.168.1.105 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5063 errors:0 dropped:0 overruns:0 frame:0
TX packets:3142 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:34251267 (32.6 MiB) TX bytes:361205 (352.7 KiB)
eth0 Link encap:Ethernet HWaddr 08:00:27:23:54:69
inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:149910 errors:0 dropped:0 overruns:0 frame:0
TX packets:5045 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:182020057 (173.5 MiB) TX bytes:493792 (482.2 KiB)
Now the bridge is ready you can use the IP of br0 to get ssh console again
To create a virtual machine on XEN which use previous bridge:
cd /var/lib/xen/images/
Create virtual disk:
dd if=/dev/zero of=centos_1.img bs=4K count=0 seek=1024K
qemu-img create -f raw centos_1.img 8G
Then use virt-install to create the VM:
virt-install -d -n TestVM1 -r 512 --vcpus=1 \
--bridge=br0 --disk /var/lib/xen/images/centos_1.img \
--nographics -p -l "http://192.168.1.6/centos/6.3/os/i386" \
--extra-args="text console=com1 utf8 console=hvc0 ks=http://192.168.1.6/centos/6.3/os/i386/ks.cfg"
Now the VM should start and be able to get IP from the DHCP server normally and able to complete unattended remote installation.
The ifconfig result on XEN should be similar to:
br0 Link encap:Ethernet HWaddr 08:00:27:23:54:69
inet addr:192.168.1.105 Bcast:192.168.1.255 Mask:255.255.255.0
inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10247 errors:0 dropped:0 overruns:0 frame:0
TX packets:8090 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:102264338 (97.5 MiB) TX bytes:827859 (808.4 KiB)
eth0 Link encap:Ethernet HWaddr 08:00:27:23:54:69
inet6 addr: fe80::a00:27ff:fe23:5469/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:998780 errors:0 dropped:0 overruns:0 frame:0
TX packets:37992 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:724701715 (691.1 MiB) TX bytes:2897912 (2.7 MiB)
vif5.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF
inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:37 errors:0 dropped:0 overruns:0 frame:0
TX packets:67 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:32
RX bytes:4381 (4.2 KiB) TX bytes:9842 (9.6 KiB)
After the installation complete you can use xen console to get the IP of it, then you can have ssh console on it.
Solution 2
I hope you find this helpful, I got it from here
bridge does not forward all traffic through the bridge
cause: Network bridges will not forward all traffic across the bridge. By definition, a bridge will forward broadcast traffic. Other network traffic is only forwarded when the target (MAC address) is on the the other side of the traffic; if the MAC address is not on the other side of the traffic, then it will not be forwarded.
solution: You will need to set up forwarding rules in "ip tables" to forward all traffic through the bridge. Unfortunately, there are too many variables for this document to detail how to do it. If you need to implement this solution, you may need to contact a Novell Linux partner.
solution: An alternative solution is to do PCI pass through, which is well documented in the Xen documentation. The caveaut, however, is that it is only currently available for para-virtual Domians at this time. Newer chips and motherboards which support the Intel-VTd technology will allow you to use PCI pass through with fully virtual domains.
Solution 3
No sure if it will solve the problem, but have you tried opening /etc/sysctl.conf
and setting:
net.ipv4.ip_forward = 1
You might need to restart network
to reload the new configuration:
service network restart
Related videos on Youtube
Steve
Updated on September 18, 2022Comments
-
Steve over 1 year
I am using CentOS 6.5 64 and use xen to create a virtual machine (CentOS)
ifconfig
[root@CentOS ~]# ifconfig eth0 Link encap:Ethernet HWaddr 08:00:27:54:B3:FA inet6 addr: fe80::a00:27ff:fe54:b3fa/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:10087 errors:0 dropped:0 overruns:0 frame:0 TX packets:6094 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:763616 (745.7 KiB) TX bytes:541789 (529.0 KiB) lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:5 errors:0 dropped:0 overruns:0 frame:0 TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:560 (560.0 b) TX bytes:560 (560.0 b) vif2.0 Link encap:Ethernet HWaddr FE:FF:FF:FF:FF:FF inet6 addr: fe80::fcff:ffff:feff:ffff/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:32 errors:0 dropped:0 overruns:0 frame:0 TX packets:3969 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:32 RX bytes:2088 (2.0 KiB) TX bytes:267825 (261.5 KiB) xenbr0 Link encap:Ethernet HWaddr 08:00:27:54:B3:FA inet addr:192.168.1.2 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::a00:27ff:fe54:b3fa/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:9896 errors:0 dropped:0 overruns:0 frame:0 TX packets:1892 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:613149 (598.7 KiB) TX bytes:284945 (278.2 KiB)
brctl show
[root@CentOS ~]# brctl show bridge name bridge id STP enabled interfaces xenbr0 8000.08002754b3fa yes eth0 vif2.0
xl network-list
[root@CentOS ~]# xl network-list xc Idx BE Mac Addr. handle state evt-ch tx-/rx-ring-ref BE-path 0 0 00:16:3e:22:4f:4b 0 4 10 768/769 /local/domain/0/backend/vif/2/0
brctl showmacs xenbr0
[root@CentOS ~]# brctl showmacs xenbr0 port no mac addr is local? ageing timer 2 00:16:3e:22:4f:4b no 89.35 1 00:1e:8c:19:62:67 no 0.00 1 00:22:6b:fe:b9:36 no 4.92 1 08:00:27:54:b3:fa yes 0.00 1 90:c1:15:c4:89:6d no 25.00 1 e0:2a:82:3d:c0:c5 no 3.78 2 fe:ff:ff:ff:ff:ff yes 0.00
Ping
ping the virtual machine from same host
[root@CentOS ~]# ping 192.168.1.120 PING 192.168.1.120 (192.168.1.120) 56(84) bytes of data. 64 bytes from 192.168.1.120: icmp_seq=1 ttl=64 time=2.78 ms 64 bytes from 192.168.1.120: icmp_seq=2 ttl=64 time=0.916 ms 64 bytes from 192.168.1.120: icmp_seq=3 ttl=64 time=0.917 ms ^C --- 192.168.1.120 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2370ms rtt min/avg/max/mdev = 0.916/1.538/2.782/0.879 ms
ping the virtual machine from a device in local network
C:\Users\motaz>ping 192.168.1.120 Pinging 192.168.1.120 with 32 bytes of data: Request timed out. Request timed out. Request timed out.
iptables
[root@CentOS ~]# iptables -L -v Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 11 700 ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED 0 0 ACCEPT icmp -- any any anywhere anywhere 0 0 ACCEPT all -- lo any anywhere anywhere 0 0 ACCEPT tcp -- any any anywhere anywhere state NEW tcp dpt:ssh 0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- any any anywhere anywhere PHYSDEV match --physdev-is-bridged 0 0 REJECT all -- any any anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT 8 packets, 864 bytes) pkts bytes target prot opt in out source destination
Any one who can give me an idea to solve this, i'll be grateful.
-
Steve about 10 yearsI tried it before :(