Hello,
I'm a little confused on which networking option I need to choose when setting up a VM.
I set up two VMs this past weekend both with NAT. Both able to were access the internet.
The first one, I created in my / file system but didn't really have the space so I deleted it.
The second one, I created in /home/kvm, but deleted it as well when I couldn't access it FROM the internet. I had a full backup scheduled for that night and deleted it as well.
I have one of those free domains/DNS from no-ip.com, centos7vm.ddns.net I plan to use as the host name.
I want to be able to access this VM from the internet.
So, how much in the network setup for the new installation do I need to do? Do I need to go with NAT or bridged?
I did four installations last night and could get any of the access the internet with ym. Must have been dumb luck the first two times.
I think it maybe something in iptables from one of the previous installs causing the problem. In ifconfig, I still have virbr0 and virbr1. Didn't have those before.
Here's my iptables:
# Generated by iptables-save v1.4.7 on Tue Sep 27 22:17:35 2016 *mangle :PREROUTING ACCEPT [29980:14598541] :INPUT ACCEPT [4740:1518258] :FORWARD ACCEPT [25240:13080283] :OUTPUT ACCEPT [6749:1743387] :POSTROUTING ACCEPT [30207:14647456] -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill -A POSTROUTING -o virbr1 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill -A POSTROUTING -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill -A POSTROUTING -o virbr1 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill COMMIT # Completed on Tue Sep 27 22:17:35 2016 # Generated by iptables-save v1.4.7 on Tue Sep 27 22:17:35 2016 *nat :PREROUTING ACCEPT [1130:73984] :POSTROUTING ACCEPT [20:1245] :OUTPUT ACCEPT [245:19366] -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE -A POSTROUTING -o eth1 -j MASQUERADE -A POSTROUTING -o br0 -j MASQUERADE -A POSTROUTING -o eth0 -j MASQUERADE COMMIT # Completed on Tue Sep 27 22:17:35 2016 # Generated by iptables-save v1.4.7 on Tue Sep 27 22:17:35 2016 *filter :INPUT ACCEPT [0:0] :FORWARD ACCEPT [0:0] :OUTPUT ACCEPT [0:0] :IP4BOGONS - [0:0] :f2b-default - [0:0] :f2b-dovecot-pop3imap - [0:0] -A INPUT -m set --match-set blacklistnet src -j DROP -A INPUT -m set --match-set blacklist src -j DROP -A INPUT -s 127.0.0.1/32 -j ACCEPT -A INPUT -m set --match-set block src -j DROP COMMIT # Completed on Tue Sep 27 22:17:35 2016
And my ifconfig:
eth0 Link encap:Ethernet HWaddr 44:37:E6:53:1E:E2 inet addr:192.168.1.110 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::4637:e6ff:fe53:1ee2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:601486 errors:0 dropped:0 overruns:0 frame:0 TX packets:601818 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:412662650 (393.5 MiB) TX bytes:508284675 (484.7 MiB) Interrupt:20 Memory:fe500000-fe520000
eth1 Link encap:Ethernet HWaddr 00:1B:21:AF:6D:22 inet addr:192.168.0.111 Bcast:255.255.255.255 Mask:255.255.255.0 inet6 addr: fe80::21b:21ff:feaf:6d22/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:260 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:53372 (52.1 KiB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:44216 errors:0 dropped:0 overruns:0 frame:0 TX packets:44216 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:26786210 (25.5 MiB) TX bytes:26786210 (25.5 MiB)
virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:3 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:162 (162.0 b)
virbr1 Link encap:Ethernet HWaddr 00:00:00:00:00:00 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:4 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:0 (0.0 b) TX bytes:244 (244.0 b)
Currently, the are no VMs installed or running.
Any help would be greatly appreciated!
On 9/28/2016 8:43 AM, tdukes@palmettoshopper.com wrote:
I'm a little confused on which networking option I need to choose when setting up a VM.
the host thats running the VM, is it connected to a LAN behind a firewall/router, or directly to the internet? if directly, is there a dedicated internet IP address that the VM can use? if yes, then you want a bridged network where the VM uses that dedicated internet IP seperate from the host's IP.
if its on a LAN with private addressing, you want to use a dedicated LAN IP address, seperate from the host's LAN IP, but since its behinda NAT router, I really don't know how you'd expect it to use DDNS as that will only see the router's internet IP address.
On Sep 28, 2016, at 9:43 AM, tdukes@palmettoshopper.com tdukes@palmettoshopper.com wrote:
The first one, I created in my / file system but didn't really have the space so I deleted it.
One of the primary advantages of VMs over real machines is that you can pause them, move them, and then restart them, with the VM guest OS not realizing that anything has happened.
Some virtual machine management systems even automate this, letting you move an active VM without any downtime at all.
The second one, I created in /home/kvm, but deleted it as well when I couldn't access it FROM the internet.
That’s actually the main reason to use NAT over bridged networking: to *prevent* outsiders from connecting into the VM guest. It’s a good thing for exactly the same reason your home internet service’s router/gateway’s NAT is a good thing.
While it is possible to drill a hole back through the VM’s NAT layer into the guest using port mapping rules, that amounts to double NAT, which adds an unnecessary amount of complexity.
If all of the threats to the VM guest are outside the LAN’s border gateway, it’s simpler to use bridged networking, and set up the port forwarding rules on the LAN border gateway.
Beyond that general advice, you escape anything CentOS-specific, so you need to take the problem up elsewhere, such as https://portforward.com/
I want to be able to access this VM from the internet.
Once the VM is set to use port forwarding and a static IP, you can forward port 22 to the Internet.
I recommend that the port forwarding rule expose the internal port 22 as some random value on the outside. This will cut down on a lot of script kiddie spam in your logs. Some will decry this as “security through obscurity,” but that’s bogus. Obscurity is not a bad thing in itself. The problem comes when obscurity is your *only* security. That’s not the case with SSH.
I don’t recommend forwarding any other ports to the Internet, if you can possibly get away with it. SSH can do its own port forwarding, which reduces your VM’s attack surface from the Internet. With SSH acting as a poor-man’s VPN, an attacker would have to break SSH before they can get into any of your internal VM’s other services.
Alternately, you could set up a VPN, and then you wouldn’t need to mess with port forwarding, either at the LAN border or via SSH.
On 09/28/2016 08:43 AM, tdukes@palmettoshopper.com wrote:
I have one of those free domains/DNS from no-ip.com, centos7vm.ddns.net I plan to use as the host name.
I want to be able to access this VM from the internet.
...
This is what I was seeing. Either it lands on the DSL router's login page or the host's website.
If you only have one address, you'll need to configure port forwarding or a "bastion host" from that DSL router (whatever it supports). Your "no-ip.com" address will simply point at that host.
So, how much in the network setup for the new installation do I need to do? Do I need to go with NAT or bridged?
You have a couple of options for VMs that you want to access from the LAN. The best documented and probably most widely used is bridged. That one also probably requires the most setup:
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm...
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/htm...
You can also use macvtap, which doesn't require the use of a special bridge interface, but you do have to enable hairpin mode if you want the KVM guest to be able to access its guests. I honestly can't find much useful documentation.
https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/htm...
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Gordon Messmer Sent: Thursday, September 29, 2016 11:47 AM To: CentOS mailing list Subject: Re: [CentOS] Virtualization Networking
On 09/28/2016 08:43 AM, tdukes@palmettoshopper.com wrote:
I have one of those free domains/DNS from no-ip.com, centos7vm.ddns.net I plan to use as the host name.
I want to be able to access this VM from the internet.
...
This is what I was seeing. Either it lands on the DSL router's login page or the host's website.
If you only have one address, you'll need to configure port forwarding or
a
"bastion host" from that DSL router (whatever it supports). Your
"no-ip.com"
address will simply point at that host.
So, how much in the network setup for the new installation do I need to do? Do I need to go with NAT or bridged?
You have a couple of options for VMs that you want to access from the LAN. The best documented and probably most widely used is bridged. That one also probably requires the most setup:
https://access.redhat.com/documentation/en- US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/ch- Configure_Network_Bridging.html
https://access.redhat.com/documentation/en- US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Ad ministration_Guide/sect-Network_configuration-Bridged_networking.html
You can also use macvtap, which doesn't require the use of a special
bridge
interface, but you do have to enable hairpin mode if you want the KVM guest to be able to access its guests. I honestly can't find much useful documentation.
https://access.redhat.com/documentation/en- US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Administration_Guide/ sect-attch-nic-physdev.html
Thanks, I am running 6.8.
For whatever reason, the default NAT setup no longer works. I got some kind of bridge network (mactap) setup that has access to the outside but I still can't connect locally.
On 09/29/2016 07:54 PM, TE Dukes wrote:
For whatever reason, the default NAT setup no longer works.
Start over with a new install. Record each change you make, carefully.
I got some kind of bridge network (mactap) setup that has access to the outside but I still can't connect locally.
As I noted, when using the macvtap, the host and guest can't communicate unless you enable hairpin mode.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Gordon Messmer Sent: Friday, September 30, 2016 1:01 AM To: CentOS mailing list Subject: Re: [CentOS] Virtualization Networking
On 09/29/2016 07:54 PM, TE Dukes wrote:
For whatever reason, the default NAT setup no longer works.
Start over with a new install. Record each change you make, carefully.
I got some kind of bridge network (mactap) setup that has access to the outside but I still can't connect locally.
As I noted, when using the macvtap, the host and guest can't communicate unless you enable hairpin mode.
I read something about turning off and disabling NetworkManager. I haven't done this.
I'm getting ready to throw in the towel. If I can't set this up to at least access the VM from the LAN, I can't test CentOS 7 and the software I want to run. It makes it very hard to setup and configure with vi.
Thanks!
Date: Friday, September 30, 2016 07:14:59 -0400 From: TE Dukes tdukes@palmettoshopper.com
From: Gordon Messmer Sent: Friday, September 30, 2016 1:01 AM
On 09/29/2016 07:54 PM, TE Dukes wrote:
For whatever reason, the default NAT setup no longer works.
Start over with a new install. Record each change you make, carefully.
I got some kind of bridge network (mactap) setup that has access to the outside but I still can't connect locally.
As I noted, when using the macvtap, the host and guest can't communicate unless you enable hairpin mode.
I read something about turning off and disabling NetworkManager. I haven't done this.
I'm getting ready to throw in the towel. If I can't set this up to at least access the VM from the LAN, I can't test CentOS 7 and the software I want to run. It makes it very hard to setup and configure with vi.
I found this guide from Dell to be easy to follow in getting things set up quickly. Once you have it working you can tweak things, but this might help you get past your initial hurdles.
KVM Virtualization in RHEL 6 Made Easy
https://linux.dell.com/files/whitepapers/KVM_Virtualization_in_RHEL_6_made_easy.pdf
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Richard Sent: Friday, September 30, 2016 8:50 AM To: CentOS mailing list Subject: Re: [CentOS] Virtualization Networking
Date: Friday, September 30, 2016 07:14:59 -0400 From: TE Dukes tdukes@palmettoshopper.com
From: Gordon Messmer Sent: Friday, September 30, 2016 1:01 AM
On 09/29/2016 07:54 PM, TE Dukes wrote:
For whatever reason, the default NAT setup no longer works.
Start over with a new install. Record each change you make, carefully.
I got some kind of bridge network (mactap) setup that has access to the outside but I still can't connect locally.
As I noted, when using the macvtap, the host and guest can't communicate unless you enable hairpin mode.
I read something about turning off and disabling NetworkManager. I haven't done this.
I'm getting ready to throw in the towel. If I can't set this up to at least access the VM from the LAN, I can't test CentOS 7 and the software I want to run. It makes it very hard to setup and configure with vi.
I found this guide from Dell to be easy to follow in getting things set up quickly. Once you have it working you can tweak things, but this might
help
you get past your initial hurdles.
KVM Virtualization in RHEL 6 Made Easy
https://linux.dell.com/files/whitepapers/KVM_Virtualization_in_RHEL_6_ made_easy.pdf
Thanks!! I appreciate the help!!
I deleted all virtualization packages and re-installed.
Something must have been hosed up.
Installing a VM and it didn't even ask to setup the network. Hopefully that's a good sign.
Will know shortly....................
TIA
Deletion does not remove all, Try a erase if that did not work.
Configuration files are not always where you expect then to be.
Regards Michael Cole
On Friday, September 30, 2016 9:16:44 PM TE Dukes wrote:
I deleted all virtualization packages and re-installed.
Something must have been hosed up.
Installing a VM and it didn't even ask to setup the network. Hopefully that's a good sign.
Will know shortly....................
TIA
CentOS mailing list CentOS@centos.org https://lists.centos.org/mailman/listinfo/centos
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Michael Cole Sent: Friday, September 30, 2016 9:41 PM To: centos@centos.org Subject: Re: [CentOS] Virtualization Networking
Deletion does not remove all, Try a erase if that did not work.
Configuration files are not always where you expect then to be.
Regards Michael Cole
On Friday, September 30, 2016 9:16:44 PM TE Dukes wrote:
I deleted all virtualization packages and re-installed.
Something must have been hosed up.
Installing a VM and it didn't even ask to setup the network. Hopefully that's a good sign.
Will know shortly....................
TIA
OK, I'm about done trying to get this to work. I have spent HOURS reading, installing, re-installing, etc.
I can get the guest to access the internet but have tried every was possible to be able to access the guest from the LAN or even the host. Nothing I have tried works.
The only thing all documentation leaves out is how to set up the guest networking during the install. Seems if I don't set anything up or just set it to DHCP it has internet connectivity, but that is all.
I have gone back in after the guest has been installed and changed the networking configuration to match my LAN, that doesn't work either. I lose internet accessibility when I do that.
I have tried to install CentOS 7 and Debian 8, the same problems with each. I have tried CentOS the built in Virt-Manager and VirtualBox. with same results. Can't seem to find the free version of VMware but I suspect I would have the same results as well.
Again, any help would be greatly appreciated.
TI!
On Mon, Oct 3, 2016 at 1:54 PM, TE Dukes tdukes@palmettoshopper.com wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Michael Cole Sent: Friday, September 30, 2016 9:41 PM To: centos@centos.org Subject: Re: [CentOS] Virtualization Networking
Deletion does not remove all, Try a erase if that did not work.
Configuration files are not always where you expect then to be.
Regards Michael Cole
On Friday, September 30, 2016 9:16:44 PM TE Dukes wrote:
I deleted all virtualization packages and re-installed.
Something must have been hosed up.
Installing a VM and it didn't even ask to setup the network. Hopefully that's a good sign.
Will know shortly....................
TIA
OK, I'm about done trying to get this to work. I have spent HOURS reading, installing, re-installing, etc.
I can get the guest to access the internet but have tried every was possible to be able to access the guest from the LAN or even the host. Nothing I have tried works.
The only thing all documentation leaves out is how to set up the guest networking during the install. Seems if I don't set anything up or just set it to DHCP it has internet connectivity, but that is all.
I have gone back in after the guest has been installed and changed the networking configuration to match my LAN, that doesn't work either. I lose internet accessibility when I do that.
I have tried to install CentOS 7 and Debian 8, the same problems with each. I have tried CentOS the built in Virt-Manager and VirtualBox. with same results. Can't seem to find the free version of VMware but I suspect I would have the same results as well.
Again, any help would be greatly appreciated.
TI!
If you still have in place environment with virt-manager, can you send the output of
virsh net-list
Then for every network-name you get into the output of the command above in column "Name"
virsh net-dumpxml network-name
Then brctl show
Feel free to transform any ip you think could be sensible.
Gianluca
On 2016-10-03, TE Dukes tdukes@palmettoshopper.com wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Michael Cole Sent: Friday, September 30, 2016 9:41 PM To: centos@centos.org Subject: Re: [CentOS] Virtualization Networking
Deletion does not remove all, Try a erase if that did not work.
Configuration files are not always where you expect then to be.
Regards Michael Cole
On Friday, September 30, 2016 9:16:44 PM TE Dukes wrote:
I deleted all virtualization packages and re-installed.
Something must have been hosed up.
Installing a VM and it didn't even ask to setup the network. Hopefully that's a good sign.
Will know shortly....................
TIA
OK, I'm about done trying to get this to work. I have spent HOURS reading, installing, re-installing, etc.
I can get the guest to access the internet but have tried every was possible to be able to access the guest from the LAN or even the host. Nothing I have tried works.
The only thing all documentation leaves out is how to set up the guest networking during the install. Seems if I don't set anything up or just set it to DHCP it has internet connectivity, but that is all.
I have gone back in after the guest has been installed and changed the networking configuration to match my LAN, that doesn't work either. I lose internet accessibility when I do that.
I have tried to install CentOS 7 and Debian 8, the same problems with each. I have tried CentOS the built in Virt-Manager and VirtualBox. with same results. Can't seem to find the free version of VMware but I suspect I would have the same results as well.
Again, any help would be greatly appreciated.
TI!
VirtualBox gives you a GUI for setting up port forwarding from the host to the guest. It's under Machine -> Settings -> Network -> Advanced. Did you try it?
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Liam O'Toole Sent: Monday, October 3, 2016 9:19 AM To: centos@centos.org Subject: Re: [CentOS] Virtualization Networking
On 2016-10-03, TE Dukes tdukes@palmettoshopper.com wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Michael Cole Sent: Friday, September 30, 2016 9:41 PM To: centos@centos.org Subject: Re: [CentOS] Virtualization Networking
Deletion does not remove all, Try a erase if that did not work.
Configuration files are not always where you expect then to be.
Regards Michael Cole
On Friday, September 30, 2016 9:16:44 PM TE Dukes wrote:
I deleted all virtualization packages and re-installed.
Something must have been hosed up.
Installing a VM and it didn't even ask to setup the network. Hopefully that's a good sign.
Will know shortly....................
TIA
OK, I'm about done trying to get this to work. I have spent HOURS reading, installing, re-installing, etc.
I can get the guest to access the internet but have tried every was possible to be able to access the guest from the LAN or even the host. Nothing I have tried works.
The only thing all documentation leaves out is how to set up the guest networking during the install. Seems if I don't set anything up or just set it to DHCP it has internet connectivity, but that is all.
I have gone back in after the guest has been installed and changed the networking configuration to match my LAN, that doesn't work either. I lose internet accessibility when I do that.
I have tried to install CentOS 7 and Debian 8, the same problems with each. I have tried CentOS the built in Virt-Manager and VirtualBox. with same results. Can't seem to find the free version of VMware but I suspect I would have the same results as well.
Again, any help would be greatly appreciated.
TI!
VirtualBox gives you a GUI for setting up port forwarding from the host to the guest. It's under Machine -> Settings -> Network -> Advanced. Did you try it?
--
Liam
[Thomas E Dukes] Hi!
Thanks, I did
I portwared 80 to 8080 and 22 to 2222.
I also tried the NAT networking, changing the default 10.0.5.0/24 to 192.168.1.0/24
On 2016-10-03, TE Dukes tdukes@palmettoshopper.com wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Liam O'Toole Sent: Monday, October 3, 2016 9:19 AM To: centos@centos.org Subject: Re: [CentOS] Virtualization Networking
On 2016-10-03, TE Dukes tdukes@palmettoshopper.com wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Michael Cole Sent: Friday, September 30, 2016 9:41 PM To: centos@centos.org Subject: Re: [CentOS] Virtualization Networking
Deletion does not remove all, Try a erase if that did not work.
Configuration files are not always where you expect then to be.
Regards Michael Cole
On Friday, September 30, 2016 9:16:44 PM TE Dukes wrote:
I deleted all virtualization packages and re-installed.
Something must have been hosed up.
Installing a VM and it didn't even ask to setup the network. Hopefully that's a good sign.
Will know shortly....................
TIA
OK, I'm about done trying to get this to work. I have spent HOURS reading, installing, re-installing, etc.
I can get the guest to access the internet but have tried every was possible to be able to access the guest from the LAN or even the host. Nothing I have tried works.
The only thing all documentation leaves out is how to set up the guest networking during the install. Seems if I don't set anything up or just set it to DHCP it has internet connectivity, but that is all.
I have gone back in after the guest has been installed and changed the networking configuration to match my LAN, that doesn't work either. I lose internet accessibility when I do that.
I have tried to install CentOS 7 and Debian 8, the same problems with each. I have tried CentOS the built in Virt-Manager and VirtualBox. with same results. Can't seem to find the free version of VMware but I suspect I would have the same results as well.
Again, any help would be greatly appreciated.
TI!
VirtualBox gives you a GUI for setting up port forwarding from the host to the guest. It's under Machine -> Settings -> Network -> Advanced. Did you try it?
--
Liam
[Thomas E Dukes] Hi!
Thanks, I did
I portwared 80 to 8080 and 22 to 2222.
What happens when you issue the command 'ssh -p 2222 localhost' on the host? I'm assuming that an ssh server is running on the guest and that there are no firewalls getting in the way.
I also tried the NAT networking, changing the default 10.0.5.0/24 to 192.168.1.0/24
Never tried that.
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Liam O'Toole Sent: Monday, October 3, 2016 10:28 AM To: centos@centos.org Subject: Re: [CentOS] Virtualization Networking
On 2016-10-03, TE Dukes tdukes@palmettoshopper.com wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Liam O'Toole Sent: Monday, October 3, 2016 9:19 AM To: centos@centos.org Subject: Re: [CentOS] Virtualization Networking
On 2016-10-03, TE Dukes tdukes@palmettoshopper.com wrote:
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Michael Cole Sent: Friday, September 30, 2016 9:41 PM To: centos@centos.org Subject: Re: [CentOS] Virtualization Networking
Deletion does not remove all, Try a erase if that did not work.
Configuration files are not always where you expect then to be.
Regards Michael Cole
On Friday, September 30, 2016 9:16:44 PM TE Dukes wrote:
I deleted all virtualization packages and re-installed.
Something must have been hosed up.
Installing a VM and it didn't even ask to setup the network. Hopefully that's a good sign.
Will know shortly....................
TIA
OK, I'm about done trying to get this to work. I have spent HOURS reading, installing, re-installing, etc.
I can get the guest to access the internet but have tried every was possible to be able to access the guest from the LAN or even the host. Nothing I have tried works.
The only thing all documentation leaves out is how to set up the guest networking during the install. Seems if I don't set anything up or just set it to DHCP it has internet connectivity, but that is all.
I have gone back in after the guest has been installed and changed the networking configuration to match my LAN, that doesn't work either. I lose internet accessibility when I do that.
I have tried to install CentOS 7 and Debian 8, the same problems with each. I have tried CentOS the built in Virt-Manager and VirtualBox. with same results. Can't seem to find the free version of VMware but I suspect I would have the same results as well.
Again, any help would be greatly appreciated.
TI!
VirtualBox gives you a GUI for setting up port forwarding from the host to the guest. It's under Machine -> Settings -> Network -> Advanced. Did you try it?
--
Liam
[Thomas E Dukes] Hi!
Thanks, I did
I portwared 80 to 8080 and 22 to 2222.
What happens when you issue the command 'ssh -p 2222 localhost' on the host? I'm assuming that an ssh server is running on the guest and that there are no firewalls getting in the way.
I haven't tried that on the latest install. I tried on a previous install and it failed, maybe because I was logging as root.
I 've thinking it maybe be a firewall issue as well. Don't think it DNS as I set the guest hostname and IP address PTR in my local zone file on the host.
I also tried the NAT networking, changing the default 10.0.5.0/24 to 192.168.1.0/24
Never tried that.
On Mon, Oct 03, 2016 at 07:54:36AM -0400, TE Dukes wrote:
OK, I'm about done trying to get this to work. I have spent HOURS reading, installing, re-installing, etc.
I can get the guest to access the internet but have tried every was possible to be able to access the guest from the LAN or even the host. Nothing I have tried works.
The only thing all documentation leaves out is how to set up the guest networking during the install. Seems if I don't set anything up or just set it to DHCP it has internet connectivity, but that is all.
I have gone back in after the guest has been installed and changed the networking configuration to match my LAN, that doesn't work either. I lose internet accessibility when I do that.
I have tried to install CentOS 7 and Debian 8, the same problems with each. I have tried CentOS the built in Virt-Manager and VirtualBox. with same results. Can't seem to find the free version of VMware but I suspect I would have the same results as well.
Again, any help would be greatly appreciated.
Don't know about the other VM software, but I have several VM guests under VirtualBox. Each of them has their networking set up as "bridged adapter". Although they could use DHCP then, I've used each virtual guest's network software to set them up with static address configs.
No problems reaching other lan hosts in either direction nor in reaching the internet.
Jon
On 10/03/2016 04:54 AM, TE Dukes wrote:
I can get the guest to access the internet but have tried every was possible to be able to access the guest from the LAN or even the host. Nothing I have tried works.
The only thing all documentation leaves out is how to set up the guest networking during the install.
"All documentation" doesn't leave out this information. The links I sent earlier clearly and specifically document the process for setting up a network bridge, which you need to do if you want to access your VM from the LAN.
If you need help, you need to provide more information than "I can't get this to work" and "I've tried everything." Those don't tell us anything about the state of your system. Useful information would include: your configuration files (/etc/sysconfig/network-scripts/ifcfg-*), the output of "ip link show" and "ip addr show", the output of "brctl show", and maybe the output of "virsh iface-list".
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Gordon Messmer Sent: Monday, October 3, 2016 4:25 PM To: CentOS mailing list Subject: Re: [CentOS] Virtualization Networking
On 10/03/2016 04:54 AM, TE Dukes wrote:
I can get the guest to access the internet but have tried every was possible to be able to access the guest from the LAN or even the host. Nothing I have tried works.
The only thing all documentation leaves out is how to set up the guest networking during the install.
"All documentation" doesn't leave out this information. The links I sent earlier clearly and specifically document the process for setting up a
network
bridge, which you need to do if you want to access your VM from the LAN.
If you need help, you need to provide more information than "I can't get
this
to work" and "I've tried everything." Those don't tell us anything about
the
state of your system. Useful information would include: your
configuration
files (/etc/sysconfig/network-scripts/ifcfg-*), the output of "ip link
show"
and "ip addr show", the output of "brctl show", and maybe the output of "virsh iface-list".
I posted some files previously but that was like 20 or so installs ago. I don't know the files you need.
For this installation:
/etc/sysconfig/ifcfg-eth0
NAME="eth0" BOOTPROTO=none GATEWAY=192.168.1.1 NM_CONTROLLED=no HWADDR=44:37:E6:53:1E:E2 MACADDR="" IPV6INIT=no DEVICE=eth0 NETMASK=255.255.255.0 MTU="" BROADCAST=192.168.1.255 IPADDR=192.168.1.110 NETWORK=192.168.1.0 ONBOOT=yes TYPE=Ethernet
/etc/sysconfig/ifcfg-eth1
GATEWAY=192.168.1.1 NAME="" BOOTPROTO=none NM_CONTROLLED=no MACADDR="" IPV6INIT=no DEVICE=eth1 NETMASK=255.255.255.0 MTU="" BROADCAST=255.255.255.255 IPADDR=192.168.0.111 NETWORK=192.168.0.0 ONBOOT=yes
/etc/sysconfig/ifcfg-lo
GATEWAY=192.168.1.1 NAME=loopback BOOTPROTO=none MACADDR="" IPV6INIT=no DEVICE=lo NETMASK=255.0.0.0 MTU="" BROADCAST=127.255.255.255 IPADDR=127.0.0.1 NETWORK=127.0.0.0 ONBOOT=yes
# ip link show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 44:37:e6:53:1e:e2 brd ff:ff:ff:ff:ff:ff 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:1b:21:af:6d:22 brd ff:ff:ff:ff:ff:ff 4: vboxnet0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
Absolutely no clue on that!!
# ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 44:37:e6:53:1e:e2 brd ff:ff:ff:ff:ff:ff inet 192.168.1.110/24 brd 192.168.1.255 scope global eth0 inet6 fe80::4637:e6ff:fe53:1ee2/64 scope link valid_lft forever preferred_lft forever 3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether 00:1b:21:af:6d:22 brd ff:ff:ff:ff:ff:ff inet 192.168.0.111/24 brd 255.255.255.255 scope global eth1 inet6 fe80::21b:21ff:feaf:6d22/64 scope link valid_lft forever preferred_lft forever 4: vboxnet0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff inet 192.168.56.1/24 brd 192.168.56.255 scope global vboxnet0
No clue on that one either
# brctl show
bridge name bridge id STP enabled interfaces
# virsh iface-list
I have uninstalled all Centos kvm/virtualization packages and trying Vitualbox.
Got home late this evening. I can un-install VB and re-install Centos virtualization
TIA
On 10/3/2016 7:00 PM, TE Dukes wrote:
4: vboxnet0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
are there any other /etc/sysconfig/network-scripts/ifcfg-**** files beyond the ones you listed?
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of John R Pierce Sent: Monday, October 3, 2016 10:18 PM To: centos@centos.org Subject: Re: [CentOS] Virtualization Networking
On 10/3/2016 7:00 PM, TE Dukes wrote:
4: vboxnet0: <BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000 link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
are there any other /etc/sysconfig/network-scripts/ifcfg-**** files beyond the ones you listed?
Hi,
Yes, that is all there were, but ifconfig shows:
eth0 Link encap:Ethernet HWaddr 44:37:E6:53:1E:E2 inet addr:192.168.1.110 Bcast:192.168.1.255 Mask:255.255.255.0 inet6 addr: fe80::4637:e6ff:fe53:1ee2/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:1140835 errors:0 dropped:0 overruns:0 frame:0 TX packets:915202 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:726508027 (692.8 MiB) TX bytes:272942663 (260.2 MiB) Interrupt:20 Memory:fe500000-fe520000
eth1 Link encap:Ethernet HWaddr 00:1B:21:AF:6D:22 inet addr:192.168.0.111 Bcast:255.255.255.255 Mask:255.255.255.0 inet6 addr: fe80::21b:21ff:feaf:6d22/64 Scope:Link UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:513 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:115018 (112.3 KiB)
lo Link encap:Local Loopback inet addr:127.0.0.1 Mask:255.0.0.0 inet6 addr: ::1/128 Scope:Host UP LOOPBACK RUNNING MTU:65536 Metric:1 RX packets:2616 errors:0 dropped:0 overruns:0 frame:0 TX packets:2616 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:0 RX bytes:25973275 (24.7 MiB) TX bytes:25973275 (24.7 MiB)
vboxnet0 Link encap:Ethernet HWaddr 0A:00:27:00:00:00 inet addr:192.168.56.1 Bcast:192.168.56.255 Mask:255.255.255.0 UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 RX packets:0 errors:0 dropped:0 overruns:0 frame:0 TX packets:0 errors:0 dropped:0 overruns:0 carrier:0 collisions:0 txqueuelen:1000 RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)
On 10/03/2016 07:00 PM, TE Dukes wrote:
/etc/sysconfig/ifcfg-eth1 GATEWAY=192.168.1.1
...
/etc/sysconfig/ifcfg-lo GATEWAY=192.168.1.1
Don't specify GATEWAY in interface files where it isn't used. This should be set on eth0 only.
# brctl show
bridge name bridge id STP enabled interfaces
OK, so you don't have a bridge interface. If you want to access guest VMs from the LAN, you need to set one up. Refer to the documentation I sent earlier. You'll create a bridge interface configuration, and the move the IP configuration from whichever ethX device you want to enslave to the bridge. The ethX configuration file, then, won't have any IP configuration specified, instead it'll contain "BRIDGE=br0".
Am 04.10.2016 um 08:46 schrieb Gordon Messmer gordon.messmer@gmail.com:
On 10/03/2016 07:00 PM, TE Dukes wrote:
/etc/sysconfig/ifcfg-eth1 GATEWAY=192.168.1.1
...
/etc/sysconfig/ifcfg-lo GATEWAY=192.168.1.1
Don't specify GATEWAY in interface files where it isn't used. This should be set on eth0 only.
# brctl show
bridge name bridge id STP enabled interfaces
OK, so you don't have a bridge interface. If you want to access guest VMs from the LAN, you need to set one up. Refer to the documentation I sent earlier. You'll create a bridge interface configuration, and the move the IP configuration from whichever ethX device you want to enslave to the bridge. The ethX configuration file, then, won't have any IP configuration specified, instead it'll contain "BRIDGE=br0".
This can be accomplished by just this (generates ifcfg files etc):
# virsh iface-bridge eth0 br0
If eth0 is the LAN interface otherwise change this. The VM configuration must then use br0/bridge as interface/type.
-- LF
On 10/04/2016 03:24 AM, Leon Fauster wrote:
This can be accomplished by just this (generates ifcfg files etc):
# virsh iface-bridge eth0 br0
Brilliant! I'm not sure why I haven't noticed that in the docs, before. I've definitely been to the page where Red Hat documents it... Thanks.
On Tue, Oct 4, 2016 at 1:15 PM, Gordon Messmer gordon.messmer@gmail.com wrote:
On 10/04/2016 03:24 AM, Leon Fauster wrote:
This can be accomplished by just this (generates ifcfg files etc):
# virsh iface-bridge eth0 br0
Brilliant! I'm not sure why I haven't noticed that in the docs, before. I've definitely been to the page where Red Hat documents it... Thanks.
Does this also work if the bridge target is a bonded pair?
On 04/10/16 11:24, Leon Fauster wrote:
Am 04.10.2016 um 08:46 schrieb Gordon Messmer gordon.messmer@gmail.com:
On 10/03/2016 07:00 PM, TE Dukes wrote:
/etc/sysconfig/ifcfg-eth1 GATEWAY=192.168.1.1
...
/etc/sysconfig/ifcfg-lo GATEWAY=192.168.1.1
Don't specify GATEWAY in interface files where it isn't used. This should be set on eth0 only.
# brctl show
bridge name bridge id STP enabled interfaces
OK, so you don't have a bridge interface. If you want to access guest VMs from the LAN, you need to set one up. Refer to the documentation I sent earlier. You'll create a bridge interface configuration, and the move the IP configuration from whichever ethX device you want to enslave to the bridge. The ethX configuration file, then, won't have any IP configuration specified, instead it'll contain "BRIDGE=br0".
This can be accomplished by just this (generates ifcfg files etc):
# virsh iface-bridge eth0 br0
If eth0 is the LAN interface otherwise change this. The VM configuration must then use br0/bridge as interface/type.
I've just tried that on my machine (CentOS 7):
# virsh iface-bridge enp4s0 br2 error: An error occurred, but the cause is unknown
# virsh iface-bridge enp3s0 br1 error: An error occurred, but the cause is unknown
# command -v virsh /bin/virsh
# ip add 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000 link/ether <redacted> brd ff:ff:ff:ff:ff:ff inet 192.168.1.2/24 brd 192.168.1.255 scope global enp3s0 valid_lft forever preferred_lft forever inet6 <redacted>/64 scope link valid_lft forever preferred_lft forever 3: enp4s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000 link/ether <redacted> brd ff:ff:ff:ff:ff:ff inet 192.168.2.2/24 brd 192.168.2.255 scope global enp4s0 valid_lft forever preferred_lft forever 4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN link/ether <redacted> brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500 link/ether <redacted> brd ff:ff:ff:ff:ff:ff # brctl show bridge name bridge id STP enabled interfaces virbr0 8000.<redacted> yes virbr0-nic
Regards, Martin
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Gordon Messmer Sent: Tuesday, October 4, 2016 2:47 AM To: CentOS mailing list Subject: Re: [CentOS] Virtualization Networking
On 10/03/2016 07:00 PM, TE Dukes wrote:
/etc/sysconfig/ifcfg-eth1 GATEWAY=192.168.1.1
...
/etc/sysconfig/ifcfg-lo GATEWAY=192.168.1.1
Don't specify GATEWAY in interface files where it isn't used. This should
be
set on eth0 only.
# brctl show
bridge name bridge id STP enabled interfaces
OK, so you don't have a bridge interface. If you want to access guest VMs from the LAN, you need to set one up. Refer to the documentation I sent earlier. You'll create a bridge interface configuration, and the move the
IP
configuration from whichever ethX device you want to enslave to the
bridge.
The ethX configuration file, then, won't have any IP configuration
specified,
instead it'll contain "BRIDGE=br0".
I did. I disabled NetworkManager and created one. Its not there now because I have started over so many times.
Thanks
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Gordon Messmer Sent: Tuesday, October 4, 2016 1:18 PM To: CentOS mailing list Subject: Re: [CentOS] Virtualization Networking
On 10/04/2016 04:18 AM, TE Dukes wrote:
I disabled NetworkManager and created one.
You don't need to do that on CentOS 7, and I wouldn't recommend it. Use NetworkManager where it works.
The host is 6.8, the guest is 7.x. I read somewhere in one of the 6.8 Virtualization guides to turn it off to use a bridge. That may be outdated now.
On the other hand, I setup a bridge just now and its working!! YEAH!!!!!
I can access the guest from the LAN. Will know tomorrow if I can access it from work.
The only problem is the virt manager I'm using is VirtualBox.
I'm just guessing but I probably can't run the CentOS virt mangaer with VirtualBox. I got errors trying to do so unless I unloaded some kvm kernel modules.
I really appreciate everyone's help and patience.
Thomas E Dukes
Date: Monday, October 03, 2016 22:00:07 -0400 From: TE Dukes tdukes@palmettoshopper.com
I posted some files previously but that was like 20 or so installs ago. I don't know the files you need.
From what you've indicated, you appear to be deleting/reinstalling
when the networking isn't working right. If the issue is simply one of routing (as mostly seems to be the case) you should be able to fix that by tweaking/building the appropriate ifcfg file on the host or guest. You shouldn't have to be deleting everything and starting over just to resolve that type of issue.
-
Gianluca Cecchi -
Gordon Messmer -
J Martin Rushton -
John R Pierce -
Jon LaBadie -
Leon Fauster -
Liam O'Toole -
Michael Cole -
Richard -
tdukes@palmettoshopper.com -
TE Dukes
-
Tony Schreiner -
Warren Young