PDA

View Full Version : SLES 12 SP2 VM cannot access internet through gateway after migration



chas
17-Sep-2017, 11:53
I have migrated 5 vms from SLES11 SP4 to SLES12 SP3 and now find that none of the vms can access the internet. They are a mixture of sles11sp4 oes2015 and win 12. All the setting are the same and I have used YAST to configure the SLES12 KVM server. All the vms can see each other and the gateway, but internet access through the gateway does not occur. The YAST settings for networking and bridging on the SLES12 server correspond to the SLES11 from which the vms were migrated, but where I could ping the external gateway from the vm computers on SLES11, this is prevented on the SLES system. Internet access on the SLES12 kvm server is fine.

Anyone have any ideas how to fix this?

Cheers

ChasR

KBOYLE
17-Sep-2017, 16:39
I have migrated 5 vms from SLES11 SP4 to SLES12 SP3 and now find that none of the vms can access the internet.
Hi Chas,

I find this statement to be a bit ambiguous. Can I assume it means you didn't upgrade or change any of the VMs but simply moved them from a SLES11 SP4 host to a new SLES12 SP3 host?



They are a mixture of sles11sp4 oes2015 and win 12. All the setting are the same and I have used YAST to configure the SLES12 KVM server. All the vms can see each other and the gateway, but internet access through the gateway does not occur. The YAST settings for networking and bridging on the SLES12 server correspond to the SLES11 from which the vms were migrated, but where I could ping the external gateway from the vm computers on SLES11, this is prevented on the SLES system. Internet access on the SLES12 kvm server is fine.

Anyone have any ideas how to fix this?

Cheers

ChasR
I have highlighted what your issue appears to be and will try to offer a few suggestions but my systems are still on SLES11 SP4 and I haven't had an opportunity to work with SLES12 so others are welcome to jump in.

Is this a new SLES12 installation or did you upgrade from SLES11?

From the information you provided, this appears to be a forwarding issue.


Have you enabled forwarding?
Is your firewall enabled?

The first thing I would do is check /var/log/messages for any clues then check your firewall settings. If you check /etc/sysconfig/SuSEfirewall2, it has all the firewall settings. You should be able to see if forwarding is enabled and just what might be forwarded.

Please report back what you learn.

chas
17-Sep-2017, 18:37
Hi,
I have retired the old SLES11SP4 server and the new SLES12SP3 has the same network settings as the old server. ip forwarding is enabled for ipv4 and firewall settings are exactly the same as for the earlier server. tried with firewall on and off, no difference. You can move the KVM vms from 11 to 12 with no changes in settings if the servers networking settings are both the same (Note: a SLES12 native vm does not go back to SLES11 without problems and changes have to be made!!). Good example is the OES2015 server which I have moved has 2 ISCSI volumes, and can be accessed with no problems from workstations with no changes required when it was migrated to the ne server, but it will not connect to the internet.

The SLES12SP3 server is a new installation on an exactly the same hardware as the earlier SLES11 server. All the settings are replicated between machines.

Will check the messages tomorrow.

Cheers,

ChasR.

ChasR.

KBOYLE
17-Sep-2017, 23:08
Hi,
I have retired the old SLES11SP4 server and the new SLES12SP3 has the same network settings as the old server. ip forwarding is enabled for ipv4 and firewall settings are exactly the same as for the earlier server. tried with firewall on and off, no difference.

If everything were exactly the same it should just work so we have to figure out what has changed. The obvious thing, of course, is the OS and sometimes a new version of the OS can interpret the the configuration settings a bit differently.


You can move the KVM vms from 11 to 12 with no changes in settings if the servers networking settings are both the same (Note: a SLES12 native vm does not go back to SLES11 without problems and changes have to be made!!). Good example is the OES2015 server which I have moved has 2 ISCSI volumes, and can be accessed with no problems from workstations with no changes required when it was migrated to the ne server, but it will not connect to the internet.
Again, this makes me suspect this is a forwarding issue.


The SLES12SP3 server is a new installation on an exactly the same hardware as the earlier SLES11 server. All the settings are replicated between machines.
How, may I ask, did you replicate the settings?

To begin troubleshooting we will need some more details. Can you please post the output from these commands using CODE tags (#).


cat /proc/sys/net/ipv4/ip_forward
brctl show
ifconfig

chas
18-Sep-2017, 11:14
Hi,
It looks like it is not a KVM problem at all. When I found that the vm's would not connect to the internet and the KVM server would, I assumed that there was a problem with the vm settings. However, I didn't try out a client computer on the network routed out of the new SLES12 server gateway. Should have thought of this first as the client computer cannot connect to the internet either. There is a problem with the NAT ip forwarding through the gateway here and once this is resolved, I am sure that the vms will start working as expected.

Networking has changed on SLES12 as it now uses wizard for setting up. Problem is that it shows the default route setting of ipv4 to be correct.

Will have to investigate further to resolve the issue.

Cheers

ChasR.

chas
18-Sep-2017, 12:28
Solved it!!

My fault as I forgot to enable masquerading on the SLES12 firewall, which prevented accessing the internet for client devices. All the other setting were correct, and a simple thing like this was causing me the problem.

Hope no one else makes this mistake,

ChasR

KBOYLE
18-Sep-2017, 20:09
chas wrote:

>
> Solved it!!
>
> My fault as I forgot to enable masquerading on the SLES12 firewall,
> which prevented accessing the internet for client devices.

I'm glad you figured it out and appreciate your posting the solution.
Hopefully, it will help others.

--
Kevin Boyle - Knowledge Partner
If you find this post helpful and are logged into the web interface,
please show your appreciation and click on the star below this post.
Thank you.