<div dir="ltr"><div>On Thu, Mar 24, 2016 at 4:30 PM, Kevin Ross <span dir="ltr"><<a href="mailto:sedecim@gmail.com" target="_blank">sedecim@gmail.com</a>></span> wrote:<br></div><div class="gmail_extra"><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">Thanks, Mike. When running tcpdump on the VM I'm not seeing traffic<br>
unless it's explicitly intended for that particular VM, so no traffic<br>
between the other VMs is getting forwarded from the virtual interface<br>
to the "network appliance" VM.<br>
<br>
There is connectivity between the VMs on the private network and the<br>
"network appliance" VM which is acting as a gateway.<br>
<br>
Here's the output of the brctl command:<br>
<br>
virbr1<br>
bridge id 8000.5254007e2f5b<br>
designated root 8000.5254007e2f5b<br>
root port 0 path cost 0<br>
max age 19.99 bridge max age 19.99<br>
hello time 1.99 bridge hello time 1.99<br>
forward delay 0.00 bridge forward delay 0.00<br>
ageing time 299.95<br>
hello timer 0.29 tcn timer 0.00<br>
topology change timer 0.00 gc timer 0.29<br>
hash elasticity 4 hash max 512<br>
mc last member count 2 mc init query count 2<br>
mc router 1 mc snooping 1<br>
mc last member timer 0.99 mc membership timer 259.96<br>
mc querier timer 254.96 mc query interval 124.98<br>
mc response interval 9.99 mc init query interval 31.24<br>
flags<br>
<br>
<br>
virbr1-nic (0)<br>
port id 0000 state disabled<br>
designated root 8000.5254007e2f5b path cost 100<br>
designated bridge 8000.5254007e2f5b message age timer 0.00<br>
designated port 8001 forward delay timer 0.00<br>
designated cost 0 hold timer 0.00<br>
mc router 1<br>
flags<br>
<br>
I'm not sure why virbr1-nic is showing up as disabled, and also why<br></blockquote><div><br></div><div>That STP output says the virbr1-nic interface is disabled -- maybe your VM is powered off?</div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
the vnet# interfaces don't show up (they do show up on another host,<br>
although VMs on that host are having the same non-promiscuous issue as<br>
these VMs). I've tried this with and without NAT, as well as with STP<br>
on/off with no effect.<br></blockquote><div><br></div><div><div>You'll need to enable IP forwarding and set rules to route the traffic for those VMs.</div><div><a href="http://www.linux-kvm.org/page/Networking#Routing_with_iptables">http://www.linux-kvm.org/page/Networking#Routing_with_iptables</a></div></div><div><br></div><div style="">The gotcha is that if you're not doing any IP routing on the KVM node, your "network appliance" VM needs to have one NIC bridged to your real network and the other as part of virbr1. You could NAT it on the KVM host as well.</div><div style=""><br></div><div style="">Read the KVM networking documentation as it will help you determine what configuration you have and if that's what you want.</div></div><br>-- <br><div class="gmail_signature">---~~.~~---<br>Mike<br>// SilverTip257 //</div>
</div></div>