Configure kvm (libvirt) routed network on Ubuntu 16.04 host - networking

I have an Ubuntu 16.04 KVM hypervisor behind a Debian-based firewall, and I'm trying to make the guest VMs IP-reachable, preferably matching the subnet I'm using for that collection of machines.
The firewall is hosting a 10.4.0.0/16 network, and successfully NAT'ing and accepting applicable traffic.
The hypervisor is at 10.4.20.250, with the virsh network configuration shown below. Of note, I've extended the netmask to try separating the clients from the host:
<network>
<name>default</name>
<uuid>02b5de1a-cde4-45dd-b8f5-a9fdfa1c6809</uuid>
<forward mode='route'/>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:a3:f0:e9'/>
<ip address='10.4.20.20' netmask='255.255.255.128'>
</ip>
</network>
The hypervisor (10.4.20.250) also has the following:
# ip r
default via 10.4.0.1 dev enp0s25 onlink
10.4.0.0/16 dev enp0s25 proto kernel scope link src 10.4.20.250
10.4.20.0/25 dev virbr0 proto kernel scope link src 10.4.20.20
169.254.0.0/16 dev enp0s25 scope link metric 1000
# brctl show
bridge name bridge id STP enabled interfaces
virbr0 8000.fe54009e64d0 yes vnet0
# ip link show virbr0
3: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether fe:54:00:9e:64:d0 brd ff:ff:ff:ff:ff:ff
# virsh domiflist myguest
Interface Type Source Model MAC
-------------------------------------------------------
vnet0 bridge virbr0 virtio 52:54:00:9e:64:d0
The guest ("myguest") at 10.4.20.25 is able to reach the internet at large; it's configured with:
ip r
default via 10.4.20.20 dev eth0
10.4.0.0/17 dev eth0 proto kernel scope link src 10.4.20.25
From a terminal session connected to the hypervisor (10.4.20.250), I can ping itself, the bridge at 10.4.20.20, the guest at 10.4.20.25, the firewall at 10.4.0.1, and the internet at large.
From the firewall (10.4.0.1) I can ping the hypervisor (10.4.20.250) and the bridge (10.4.20.20) .. but pings to the client (10.4.20.25) are lost. Similarly, from another machine on the 10.4 network, I can ping the firewall, the hypervisor, and the bridge, but not the client. I have the following rules set:
ip r
default via 10.4.0.1 dev enp4s0 onlink
10.4.0.0/16 dev enp4s0 proto kernel scope link src 10.4.2.1
10.4.20.0/25 via 10.4.20.20 dev enp4s0
192.168.15.0/24 dev enp1s0 proto kernel scope link src 192.168.15.242
Any help what configuration I might be missing to make my client be reachable from remote devices?
Note, I have tried to set the forward mode as 'open' but virsh net-edit gives me the following error:
error: unsupported configuration: unknown forwarding type 'open'

Related

I can't remove default routing during a boot of Linux

I setup network through systemd.network service. I have two interfaces. eth0(wire) and wwan0(wireless). I described it in two files:
20-wire.network
[Match]
Name=eth0
[Network]
Address=192.168.100.1/24
#Gateway=192.168.2.16
DefaultRouteOnDevice=false
[Route]
Gateway=192.168.2.16
25-wireless.network
[Match]
Name=wwan0
[Network]
DHCP=yes
DNS=8.8.8.8
DefaultRouteOnDevice=true
I would want my default routing always was through wwan0.
But after booting or creating ssh-session occurs added default routing through eth0.
unnecessary route-->default dev eth0 scope link
default via 192.168.2.16 dev wwan0 proto dhcp src 192.168.2.136 metric 1024
169.254.0.0/16 dev eth0 proto kernel scope link src 169.254.73.67
192.168.2.0/24 dev wwan0 proto kernel scope link src 192.168.2.136
192.168.2.16 dev wwan0 proto dhcp scope link src 192.168.2.136 metric 1024
192.168.100.0/24 dev eth0 proto kernel scope link src 192.168.100.1
Networkmanager - connman set up default routing. I disabled it in the /var/lib/connman/ethernet_00049f05e066_cable/settings. I changed the parameter:
AutoConnect=true on false

PPP and ethernet interface not working at the same time

My device is running on Debian OS strech version (not desktop).
I am not an IT personal, but a programmer. I need to know how to configure the network on the debian so both PPP cellular modem & the ethernet interface can access the internet.
There are 3 network interfaces:
1. Ethernet interface enp1s0: dhcp client. (gets ip from the dhcp server and access to the internet)
2. Ethernet interface snp2s0: static ip
3. Modem PPP: wvdial gets access to the internet using the modem
/etc/network/interface file:
auto lo
iface lo inet loopback
allow-hotplug enp1s0
iface enp1s0 inet dhcp
auto enp2s0
iface enp2s0 inet static
address 10.0.13.1
netmask 255.0.0.0
manual ppp0
iface ppp0 inet wvdial
ip route
default via 10.0.0.100 dev enp1s0
10.0.0.0/24 dev enp1s0 proto kernel scope link src 10.0.0.11
10.0.0.0/8 dev enp2s0 proto kernel scope link src 10.0.13.1
/etc/resolv.conf file:
domain mydomain.local
search mydomain.local
nameserver 10.0.0.3
/etc/wvdial.conf file:
[Dialer Defaults]
Init1 = ATZ
Init2 = ATQ0 V1 E1 S0=0
Init3 = AT+CGDCONT=1,"IP","internetg"
Init4 = AT+CGATT=1
Phone = *99***1#
Modem Type = USB Modem
Baud = 460800
New PPPD = yes
Modem = /dev/ttyACM2
ISDN = 0
Password = ''
Username = ''
Auto DNS = Off
/etc/ppp/peers/wvdial file:
noauth
name wvdial
usepeerdns
Problem:
1. My device is running and enp1s0 is connected to the internet. (modem is down)
2. I then run command to perform dialup of the ppp: ifup ppp0
3. As a result the device ppp0 appears in the 'ip a' command, but the ethernet interface enp1s0 is not connected to the internet anymore and also the modem is not connected, but has ip which means there is some problem with routing table and/or dns.
After dialup the ip route table does not have any default/rule for the PPP.
ip route:
default via 10.0.0.100 dev enp1s0
10.0.0.0/24 dev enp1s0 proto kernel scope link src 10.0.0.11
10.0.0.0/8 dev enp2s0 proto kernel scope link src 10.0.13.1
After dialup I noticed that the /etc/resolv.conf file changed and the dns of the ethernet interface is deleted and now appears the PPP dns entries:
/etc/resolv.conf
nameserver 194.90.0.11
nameserver 212.143.0.11
domain mydomain.local
search mydomain.local
The network should behave as follows:
1. If both PPP and ethernet interface are up, then both should have access to the internet at the same time
2. If only 1 of the devices are up (PPP or ethernet interface) then it should work
3. Dialup/Dialdown should not affect the ethernet connection to the internet
What are the exact commands needed and file configuration in order to be able to have PPP and ethernet interface enp1s0 work at the same time?
- ip routing table
- dns
- wvdial
for default route, add defaultroute and replacedefaultroute option to /etc/ppp/peers/wvdial file.

How to Create a virtual network interface and connect it to a bridge

I am trying to create a network of virtal qemu machines and the host using a bridge on Arch Linux to test a distributed program I wrote. I have found many howtos on using the physical NIC of the host on the bridge to connect to the VMs. This works fine. However, I don't want the VMs to be visible to the outside network but rather create a virtual interface on the host to connect to the VMs. This is what I have tried so far after creating the bridge and starting the VMs on it:
ip tuntap add tap2 mode tap
ip link set tap2 up
ip addr add dev tap2 10.10.10.2/24
ip link set tap2 master br0
Since I can't reach the VMs from the host I must be missing something.
ip link output is:
➜ ~ ip link
[...]
7: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether e6:69:29:67:cb:41 brd ff:ff:ff:ff:ff:ff
10: tap2: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel master br0 state DOWN mode DEFAULT group default qlen 1000
link/ether e6:69:29:67:cb:41 brd ff:ff:ff:ff:ff:ff
Also, the route is shown to be down:
➜ ~ ip route
[...]
10.10.10.0/24 dev tap2 proto kernel scope link src 10.10.10.2 linkdown
Does anyone know what I am missing?
Setting up another virtual interface is not necessary since one can assign an IP to the bridge:
ip addr add dev br0 <ip>
This can then be used to communicate with the other devices on the bridge if these have IPs in the same subnet

openstack instance getting ip and not getting ip

I am new to openstack and I followed the installation guide of icehouse for ubuntu 12.04/14.04
I chose 3 node architecture. Controller, Nova, Neutron.
The 3 nodes are installed in VM's. I used nested KVM. Inside VM's kvm is supported so nova will use virt_type=kvm. In controller I created 2 nics. eth0 is a NAT interface with ip 203.0.113.94 and eth1 a host only interface with ip 10.0.0.11.
In nova there are 3 nics. eth0 NAT - 203.0.113.23, eth1 host only 10.0.0.31 and eth2 another host only 10.0.1.31
In neutron 3 nics. eth0 NAT 203.0.113.234, eth1 host only 10.0.0.21 and eth2 another hosty only 10.0.1.21 (during installation guide in neutron node i created a br-ex (and a port to eth0) which took the settings of eth0 and eth0 settings are:
auto eth0 iface eth0 inet manual up ifconfig $IFACE 0.0.0.0 up
up ip link set $IFACE promisc on
down ip link set $IFACE promisc off
down ifconfig $IFACE down)
Everything seemed fine. I can create networks, routers etc, boot instances but I have this error.
When I launch an instance it takes a fixed ip but when I log in into instance (cirros) can't ping anything. ifconfig with no ip.
I noticed that in demo-net (tenant network) properties under subnet in the ports field it has 3 ports. 172.16.1.1 network:router_interface active 172.16.1.3 network:dhcp active 172.16.1.6 compute:nova down
I searched for solutions over the net but couldn't find anything!
Any help?
Ask me if you want specific logs because I don't know which ones to post!
Thanks anyway!
Looks like you are using Fixed IP to ping..If so please assign floating IP to your instance, and then try to ping..
If you have already assigned floating IP and you are pinging using that IP..please upload log of your instance

Unable to connect to Vagrant private network from host

I have a vagrant virtual box up and running. So far I have been unable to connect to the web server. here is the start up:
[jesse#Athens VVV-1.1]$ vagrant up
Bringing machine 'default' up with 'virtualbox' provider...
==> default: Clearing any previously set forwarded ports...
==> default: Clearing any previously set network interfaces...
==> default: Preparing network interfaces based on configuration...
default: Adapter 1: nat
default: Adapter 2: hostonly
==> default: Forwarding ports...
default: 22 => 2222 (adapter 1)
==> default: Running 'pre-boot' VM customizations...
==> default: Booting VM...
==> default: Waiting for machine to boot. This may take a few minutes...
default: SSH address: 127.0.0.1:2222
default: SSH username: vagrant
default: SSH auth method: private key
default: Warning: Connection timeout. Retrying...
==> default: Machine booted and ready!
==> default: Checking for guest additions in VM...
default: The guest additions on this VM do not match the installed version of
default: VirtualBox! In most cases this is fine, but in rare cases it can
default: prevent things such as shared folders from working properly. If you see
default: shared folder errors, please make sure the guest additions within the
default: virtual machine match the version of VirtualBox you have installed on
default: your host and reload your VM.
default:
default: Guest Additions Version: 4.2.0
default: VirtualBox Version: 4.3
==> default: Setting hostname...
==> default: Configuring and enabling network interfaces...
==> default: Mounting shared folders...
default: /vagrant => /home/jesse/vagrant/vvvStable/VVV-1.1
default: /srv/www => /home/jesse/vagrant/vvvStable/VVV-1.1/www
default: /srv/config => /home/jesse/vagrant/vvvStable/VVV-1.1/config
default: /srv/database => /home/jesse/vagrant/vvvStable/VVV-1.1/database
default: /var/lib/mysql => /home/jesse/vagrant/vvvStable/VVV-1.1/database/data
==> default: VM already provisioned. Run `vagrant provision` or use `--provision` to force it
==> default: Checking for host entries
on my host console, ip addr show yields:
4: vboxnet0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
5: vboxnet1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 0a:00:27:00:00:01 brd ff:ff:ff:ff:ff:ff
on the guest it yields:
vagrant#vvv:~$ ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:12:96:98 brd ff:ff:ff:ff:ff:ff
inet 10.0.2.15/24 brd 10.0.2.255 scope global eth0
inet6 fe80::a00:27ff:fe12:9698/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000
link/ether 08:00:27:2c:d4:3e brd ff:ff:ff:ff:ff:ff
inet 192.168.50.4/24 brd 192.168.50.255 scope global eth1
For now, all I want to do is access the web server on the virtual machine, whatever way works. I have tried a variety of things, just shooting in the dark. I would be happy to provide any specific info. Any help or suggestions would be greatly appreciated
Based on the output provided, the box has 2 network interfaces, 1 is the default NAT and the other private - ask you said.
The reason why you are not able to access the web site hosted within the VM thru the private interface: it could be that host eth0 or wlan0 IP address is not in the same network as the private interface -> 192.168.50.4/24 and there is no route.
To access the the site hosted by the web server within the guest, you have the following options:
1. NAT port forwarding
Forward the web port, e.g. 80 to host's 8080 (you can't use 80 because it is a privileged port on *NIX). Add the following
Vagrant.configure("2") do |config|
config.vm.network "forwarded_port", guest: 80, host: 8080,
auto_correct: true
end
NOTE: auto_correct will resolve port conflicts if the port on host is already in use.
DO a vagrant reload and you'll be able to access the site via http://localhost:8080/
2. Public Network (VirtualBox Bridged networking)
Add a public network interface
Vagrant.configure("2") do |config|
config.vm.network "public_network"
end
Get the IP of VM after it is up and running, port forwarding does NOT apply to bridged networking. So you'll be accessing the site by using http://IP_ADDR, if within the VM it binds to 80, otherwise specify the port.
One more possibility just for future reference.
Normally when you create VMs using private networking, Vagrant (Virtualbox? not sure) creates corresponding entries in the host's routing table. You can see these using
netstat -rn
Somehow my host had gotten into a state where creating the VMs did not result in new routes appearing in the routing table, with the corresponding inability to connect. Again you can see the routes not appearing using the command above.
Creating the route manually allowed me to reach the VMs. For example:
sudo route -nv add -net 10.0.4 -interface vboxnet
(Substitute the appropriate network and interface.) But I didn't want to have to do that.
Based on this question, I tried restarting my host and Vagrant started automatically creating the routing table entries again.
Not sure exactly what the issue was, but hopefully this helps somebody.
Your interface is down
I had the same issue. It was my vboxnet0 interface who was down. Within the listing of ip addr you have <BROADCAST,MULTICAST> for your interface but it should be <BROADCAST,MULTICAST,UP,LOWER_UP>.
That's mean you interface is down.
You can confirm with sudo ifconfig. The interface will not be shown but if you add -a you will see it : sudo ifconfig -a.
how to bring it up
So to bring it up you can do :
sudo ifconfig vbox
OR
sudo ip link set vboxnet0 up
Both works.
Alternatively, you could use manual port forwarding via SSH (SSH tunneling):
ssh -L 80:127.0.0.1:80 vagrant#127.0.0.1 -p 2222
That binds host port 80 to VM port 80 via your SSH session to the VM.
I ended up getting the private network to work as well by deleting it within Virtual Box. When I recreated it again with vagrant up, the ip config became:
vboxnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
inet 192.168.50.1/24 brd 192.168.50.255 scope global vboxnet0
valid_lft forever preferred_lft forever
I had a similar issue on my Mac. VirtualBox uses host only for private networks. To use as an internal network I had to add this to the private network configuration:
"virtualbox__intnet: true"
This may not apply exactly, but "private network" in the title brought me here and others may benefit that are trying to run multiple guest boxes on Mac OS X:
I use "private_network" and don't do any port forwarding. I.e. I access my VMs by hosts like "project1.local", "project2.local".
So, I was surprised when I tried to launch a second box (a scotch/box ubuntu for LAMP) and it refused to launch with an error (excerpt):
"...The forwarded port to 2222 is already in use on the host machine..."
The error message's proposed solution doesn't work. I.e. add this to your Vagrantfile:
config.vm.network :forwarded_port, guest: 22, host: 1234
#Where 1234 would be a different port.
I am not sure why it happens because I've run multiples before (but not scotch/box). The problem is that even if you use private_network, Vagrant uses port forwarding for SSH.
The solution is to set ports SPECIFICALLY FOR SSH by adding this to your Vagrant files:
# Specify SSH config explicitly with unique host port for each box
config.vm.network :forwarded_port,
guest: 22,
host: 1234,
id: "ssh",
auto_correct: true
Note: auto_correct may make non-unique port #s work, but I haven't tested that.
Now, you can run multiple VMs at the same time using private networking.
(Thanks to Aaron Aaron and his posting here: https://groups.google.com/forum/#!topic/vagrant-up/HwqFegoCXOc)
Was having the same issue with Arch (2017-01-01). Had to install net-tools: sudo pacman -S net-tools
Virtual Box 5.1.12r112440, Vagrant 1.9.1.
You have set a private network in for your vagrant machine
If that ip is not visible then ssh to your vagrant machine and fire this command
sudo /etc/init.d/networking restart
Check to stop your firewall and iptables too

Resources