Results 1 to 2 of 2

Thread: Problem in SLES11SP1, masquerading with a private kvm network

  1. #1
    cjcox NNTP User

    Problem in SLES11SP1, masquerading with a private kvm network

    I have a basic gateway setup where I have a kvm guest with two interfaces, one
    dhcp to the external network (internet access) and the other is a private network.

    I have enabled port forwarding and masquerading to the external interface and
    from a Windows guest on the private network, I think everything works ok.

    When I setup a SLES11SP1 guest on the private network with a static address on
    the internal private network and I used the gateway guest (the one with the
    masquerade that is attached to both nets)... network traffic won't flow when I
    make a request to the Internet. UNTIL... I ping the SLES11SP1 guest from the
    gateway guest... then everything works.

    So... what do I need to do to make this work without having the kvm gateway
    guest have to ping the guests on the private network first.

    I do am not protecting the firewall from the internal net.

    I know that folks will have a plethora of questions about weird features setup
    in SuSEfirewall2... assume, that I have basic forwarding, masquerading and am
    not protecting the firewall (running on the gateway guest) from the internal
    net. I have also explicitly set that eth0 is the external interface (which it
    is) and that eth1 is the internal (the private network mentioned above).

    It's somewhat difficult for me to include the WHOLE SuSEfirewall2 file since I
    don't have direct visibility into the host on which it resides... from this host
    I'm posting from. But it's possible. Just hoping somebody might have seen this
    problem before and can comment without having to post "the obvious".

    So... again, simply gateway style masquerade. Just using KVM for the guest
    involved. I can make things go from the gateway if I ping the guests FIRST...
    if I don't then, the guests are not able to masquerade through the gateway to
    the Internet.

    Surely, somebody else has seen this? This is the first time I've tried to set
    this up in kvm... and I'm not using a dhcp setup on the private network at this
    time. Also... before I do the ping and make things work... if I'm on a private
    network guest, I CAN do Internet lookups through the caching DNS I have residing
    on the gateway guest... that works. But that's more or less like a proxy
    service at that point. And again, once I ping the private network guest from
    the gateway guest... everything flows as expected... private network guest can
    then do web surfing, ping internet hosts, etc.... just can't do it before that.

  2. #2
    cjcox NNTP User

    Re: Problem in SLES11SP1, masquerading with a private kvm network

    On 09/05/2011 11:36 PM, cjcox wrote:
    > I have a basic gateway setup where I have a kvm guest with two interfaces, one
    > dhcp to the external network (internet access) and the other is a private network.
    >
    > I have enabled port forwarding and masquerading to the external interface and
    > from a Windows guest on the private network, I think everything works ok.
    >


    So.. here's the issue. The vibr* interfaces for the private network in kvm gets
    assigned an IP address. In my case it gets assigned the address 10.44.1.1.

    Well.. .that was the IP I was hoping to use for my gateway host... so this is
    where the problem begins. I'm wondering why a private network bridge has to
    have a default IP assigned by kvm at all? I tried editing out the ip address
    definition from the private.xml file... but that made the interface
    non-functional. Sigh...

    Anyhow, the fix was to move the IP of my gateway guest.

    Just in case anyone else finds this same issue...


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •