Problem in SLES11SP1, masquerading with a private kvm network
I have a basic gateway setup where I have a kvm guest with two interfaces, one
dhcp to the external network (internet access) and the other is a private network.
I have enabled port forwarding and masquerading to the external interface and
from a Windows guest on the private network, I think everything works ok.
When I setup a SLES11SP1 guest on the private network with a static address on
the internal private network and I used the gateway guest (the one with the
masquerade that is attached to both nets)... network traffic won't flow when I
make a request to the Internet. UNTIL... I ping the SLES11SP1 guest from the
gateway guest... then everything works.
So... what do I need to do to make this work without having the kvm gateway
guest have to ping the guests on the private network first.
I do am not protecting the firewall from the internal net.
I know that folks will have a plethora of questions about weird features setup
in SuSEfirewall2... assume, that I have basic forwarding, masquerading and am
not protecting the firewall (running on the gateway guest) from the internal
net. I have also explicitly set that eth0 is the external interface (which it
is) and that eth1 is the internal (the private network mentioned above).
It's somewhat difficult for me to include the WHOLE SuSEfirewall2 file since I
don't have direct visibility into the host on which it resides... from this host
I'm posting from. But it's possible. Just hoping somebody might have seen this
problem before and can comment without having to post "the obvious".
So... again, simply gateway style masquerade. Just using KVM for the guest
involved. I can make things go from the gateway if I ping the guests FIRST...
if I don't then, the guests are not able to masquerade through the gateway to
Surely, somebody else has seen this? This is the first time I've tried to set
this up in kvm... and I'm not using a dhcp setup on the private network at this
time. Also... before I do the ping and make things work... if I'm on a private
network guest, I CAN do Internet lookups through the caching DNS I have residing
on the gateway guest... that works. But that's more or less like a proxy
service at that point. And again, once I ping the private network guest from
the gateway guest... everything flows as expected... private network guest can
then do web surfing, ping internet hosts, etc.... just can't do it before that.