<div dir="ltr">Hi Mark,<div><br></div><div>I have the feeling the NAT policies are interfering with this. Can you try without applying NAT rules?</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Nov 13, 2013 at 9:08 PM, Mark Biggers <span dir="ltr"><<a href="mailto:mbiggers@ine.com" target="_blank">mbiggers@ine.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">The subject says it all. I am available on IRC -- see my signature, and Google chat.<br>
<br>
I can get no "networking across a bridge" working, for the ONE "ebtables" model.<br>
<br>
The platform is openSUSE 12.3 on a Thinkpad W530, plenty of memory & disk space. Here's the info. ** Thank you in advance. **<br>
(An aside: am quite concerned, that I will *not* get the ONE Virtual Router going in the future, since docs on that seem very thin. And I need to be able to *drop* contextualization; some VMs we will be running can't be modified for that).<br>
<br>
Mark Biggers<br>
INE, Inc.<br>
Durham, NC<br>
Internets: Freenode.net IRC: markb1, #trizpug #trilug #opennebula<br>
.. Google chat: <a href="mailto:mbiggers.01@gmail.com">mbiggers.01@gmail.com</a><br>
<br>
================ Script started on Wed Nov 13 14:36:39 2013<br>
<br>
root@sealion:.../one > netstat -nr<br>
Kernel IP routing table<br>
Destination Gateway Genmask Flags MSS Window irtt Iface<br>
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 br0<br>
127.0.0.0 0.0.0.0 255.255.255.0 U 0 0 0 lo<br>
127.0.0.0 0.0.0.0 255.0.0.0 U 0 0 0 lo<br>
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0<br>
192.168.122.0 192.168.1.250 255.255.255.0 UG 0 0 0 br0<br>
<br>
root@sealion:.../one > ip addr ## EDITED<br>
1: lo:<br>
<br>
2: eth0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP qlen 1000<br>
link/ether 3c:97:0e:ab:0a:de brd ff:ff:ff:ff:ff:ff<br>
<br>
3: wlan0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN qlen 1000<br>
<br>
4: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN qlen 1000<br>
link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff<br>
<br>
13: tun0: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast state DOWN qlen 500<br>
link/ether 4a:2a:6d:26:0c:91 brd ff:ff:ff:ff:ff:ff<br>
<br>
23: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP<br>
link/ether 3c:97:0e:ab:0a:de brd ff:ff:ff:ff:ff:ff<br>
inet <a href="http://192.168.1.250/24" target="_blank">192.168.1.250/24</a> brd 192.168.1.255 scope global br0<br>
<br>
27: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 500<br>
link/ether fe:00:c0:a8:7a:02 brd ff:ff:ff:ff:ff:ff<br>
<br>
29: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN qlen 500<br>
link/ether fe:00:c0:a8:7a:03 brd ff:ff:ff:ff:ff:ff<br>
<br>
<br>
root@sealion:.../one > brctl show<br>
bridge name bridge id STP enabled interfaces<br>
br0 8000.3c970eab0ade no eth0<br>
vnet0<br>
vnet1<br>
root@sealion:.../one > ebtables -t nat -L<br>
Bridge table: nat<br>
<br>
Bridge chain: PREROUTING, entries: 2, policy: ACCEPT<br>
-p IPv4 -i eth0 --ip-dst 192.168.122.2 -j dnat --to-dst 2:0:c0:a8:7a:2 --dnat-target ACCEPT<br>
-p ARP -i eth0 --arp-ip-dst 192.168.122.2 -j dnat --to-dst 2:0:c0:a8:7a:2 --dnat-target ACCEPT<br>
<br>
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: POSTROUTING, entries: 1, policy: ACCEPT<br>
-o eth0 -j snat --to-src 3c:97:e:ab:a:de --snat-arp --snat-target ACCEPT<br>
<br>
Bridge chain: libvirt-I-vnet0, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: libvirt-O-vnet0, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: I-vnet0-mac, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: I-vnet0-ipv4-ip, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: O-vnet0-ipv4, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: I-vnet0-arp-mac, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: I-vnet0-arp-ip, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: I-vnet0-rarp, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: O-vnet0-rarp, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: libvirt-I-vnet1, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: libvirt-O-vnet1, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: I-vnet1-mac, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: I-vnet1-ipv4-ip, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: O-vnet1-ipv4, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: I-vnet1-arp-mac, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: I-vnet1-arp-ip, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: I-vnet1-rarp, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: O-vnet1-rarp, entries: 0, policy: ACCEPT<br>
<br>
<br>
root@sealion.ine.corp:one # ebtables -t broute -L<br>
Bridge table: broute<br>
<br>
Bridge chain: BROUTING, entries: 0, policy: ACCEPT<br>
<br>
root@sealion:.../one > ebtables -t filter -L<br>
Bridge table: filter<br>
<br>
Bridge chain: INPUT, entries: 0, policy: ACCEPT<br>
<br>
Bridge chain: FORWARD, entries: 4, policy: ACCEPT<br>
-s ! 2:0:c0:a8:7a:0/ff:ff:ff:ff:ff:0 -o vnet0 -j DROP<br>
-s ! 2:0:c0:a8:7a:2 -i vnet0 -j DROP<br>
-s ! 2:0:c0:a8:7a:0/ff:ff:ff:ff:ff:0 -o vnet1 -j DROP<br>
-s ! 2:0:c0:a8:7a:3 -i vnet1 -j DROP<br>
<br>
Bridge chain: OUTPUT, entries: 0, policy: ACCEPT<br>
<br>
<br>
root@sealion:.../one > iptables -L<br>
Chain INPUT (policy ACCEPT)<br>
target prot opt source destination<br>
<br>
Chain FORWARD (policy ACCEPT)<br>
target prot opt source destination<br>
TCPMSS tcp -- anywhere anywhere tcp flags:SYN,RST/SYN TCPMSS clamp to PMTU<br>
<br>
Chain OUTPUT (policy ACCEPT)<br>
target prot opt source destination<br>
<br>
<br>
root@sealion:.../one > traceroute -nr 192.168.122.2<br>
traceroute to 192.168.122.2 (192.168.122.2), 30 hops max, 40 byte packets using UDP<br>
Unable to connect to <a href="http://192.168.122.2" target="_blank">192.168.122.2</a>: Network is unreachable<br>
<br>
root@sealion:.../one > traceroute -nr 192.168.122.3<br>
traceroute to 192.168.122.3 (192.168.122.3), 30 hops max, 40 byte packets using UDP<br>
Unable to connect to <a href="http://192.168.122.3" target="_blank">192.168.122.3</a>: Network is unreachable<br>
<br>
root@sealion:.../one > traceroute -nr 192.168.122.1<br>
traceroute to 192.168.122.1 (192.168.122.1), 30 hops max, 40 byte packets using UDP<br>
Unable to connect to <a href="http://192.168.122.1" target="_blank">192.168.122.1</a>: Network is unreachable<br>
<br>
root@sealion:.../one > ping 192.168.122.1<br>
PING 192.168.122.1 (192.168.122.1) 56(84) bytes of data.<br>
64 bytes from <a href="http://192.168.122.1" target="_blank">192.168.122.1</a>: icmp_seq=1 ttl=64 time=0.372 ms<br>
64 bytes from <a href="http://192.168.122.1" target="_blank">192.168.122.1</a>: icmp_seq=2 ttl=64 time=0.232 ms<br>
^C<br>
--- 192.168.122.1 ping statistics ---<br>
2 packets transmitted, 2 received, 0% packet loss, time 999ms<br>
rtt min/avg/max/mdev = 0.232/0.302/0.372/0.070 ms<br>
<br>
root@sealion:.../one > ping 192.168.122.2<br>
PING 192.168.122.2 (192.168.122.2) 56(84) bytes of data.<br>
^C<br>
--- 192.168.122.2 ping statistics ---<br>
3 packets transmitted, 0 received, 100% packet loss, time 1999ms<br>
<br>
root@sealion:.../one > exit<br>
exit<br>
<br>
Script done on Wed Nov 13 14:41:06 2013<br>
<br>
<br>
neadmin@sealion:~ > onevm show 27 >> <a href="http://netw-email.info" target="_blank">netw-email.info</a><br>
<br>
VIRTUAL MACHINE 27 INFORMATION<br>
ID : 27<br>
NAME : vyatta-router<br>
USER : oneadmin<br>
GROUP : oneadmin<br>
STATE : ACTIVE<br>
LCM_STATE : RUNNING<br>
RESCHED : No<br>
HOST : host01<br>
START TIME : 11/13 11:02:20<br>
END TIME : -<br>
DEPLOY ID : one-27<br>
<br>
VIRTUAL MACHINE MONITORING<br>
USED MEMORY : 1024M<br>
USED CPU : 0<br>
NET_TX : 3K<br>
NET_RX : 157K<br>
<br>
PERMISSIONS<br>
OWNER : um-<br>
GROUP : ---<br>
OTHER : ---<br>
<br>
VM DISKS<br>
ID TARGET IMAGE TYPE SAVE SAVE_AS<br>
0 vda Vyatta Core 6.5R1 - kvm file NO -<br>
<br>
VM NICS<br>
ID NETWORK VLAN BRIDGE IP MAC<br>
0 cloud yes br0 192.168.122.2 02:00:c0:a8:7a:02<br>
fe80::400:c0ff:fea8:7a02<br>
<br>
VIRTUAL MACHINE HISTORY<br>
SEQ HOST ACTION REAS START TIME PROLOG<br>
0 host01 none none 11/13 11:02:30 0d 03h43m 0h00m21s<br>
<br>
VIRTUAL MACHINE TEMPLATE<br>
CONTEXT=[<br>
DISK_ID="1",<br>
ETH0_DNS="192.168.1.1",<br>
ETH0_GATEWAY="192.168.122.1",<br>
ETH0_IP="192.168.122.2",<br>
ETH0_MASK="255.255.255.0",<br>
ETH0_NETWORK="<a href="http://192.168.122.0/24" target="_blank">192.168.122.0/24</a>",<br>
NETWORK="YES",<br>
TARGET="vdb" ]<br>
CPU="1"<br>
GRAPHICS=[<br>
LISTEN="0.0.0.0",<br>
PORT="5927",<br>
TYPE="VNC" ]<br>
MEMORY="1024"<br>
OS=[<br>
ARCH="i686",<br>
BOOT="hd" ]<br>
TEMPLATE_ID="25"<br>
VMID="27"<br>
<br>
oneadmin@sealion:~ > onehost show 5 >> <a href="http://netw-email.info" target="_blank">netw-email.info</a><br>
<br>
HOST 5 INFORMATION<br>
ID : 5<br>
NAME : host01<br>
CLUSTER : -<br>
STATE : MONITORED<br>
IM_MAD : kvm<br>
VM_MAD : kvm<br>
VN_MAD : ebtables<br>
LAST MONITORING TIME : 11/13 14:47:30<br>
<br>
HOST SHARES<br>
TOTAL MEM : 31G<br>
USED MEM (REAL) : 1.9G<br>
USED MEM (ALLOCATED) : 1024M<br>
TOTAL CPU : 800<br>
USED CPU (REAL) : 112<br>
USED CPU (ALLOCATED) : 100<br>
RUNNING VMS : 1<br>
<br>
MONITORING INFORMATION<br>
ARCH="x86_64"<br>
CPUSPEED="3000"<br>
FREECPU="688.0"<br>
FREEMEMORY="30515816"<br>
HOSTNAME="sealion.ine.corp"<br>
HYPERVISOR="kvm"<br>
MODELNAME="Intel(R) Core(TM) i7-3940XM CPU @ 3.00GHz"<br>
NETRX="0"<br>
NETTX="0"<br>
TOTALCPU="800"<br>
TOTALMEMORY="32557228"<br>
USEDCPU="112.0"<br>
USEDMEMORY="2041412"<br>
<br>
VIRTUAL MACHINES<br>
<br>
ID USER GROUP NAME STAT UCPU UMEM HOST TIME<br>
27 oneadmin oneadmin vyatta-router runn 0 1024M host01 0d 03h47<br>
<br>
<br>
<br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
</blockquote></div><br><br clear="all"><div><br></div>-- <br><div dir="ltr"><div>Jaime Melis<br>Project Engineer<br>OpenNebula - Flexible Enterprise Cloud Made Simple<br><a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:jmelis@opennebula.org" target="_blank">jmelis@opennebula.org</a></div>
</div>
</div>