On 19/07/2011 08:14, James Hogarth wrote: > > > > I built a CentOS 6 machine to host several CentOS 6 guest servers. > As all guests will be Internet facing I set up the host with two > bridged NICs and assigned an Internet facing IP address to br0 and a > local IP address to br1. > > > > Each guest was installed using br0 and br1 with virtio drivers. On > each I assigned an Internet facing IP address to eth0 and a local IP > address on eth1. So far so good. I can access the guest servers from > either IP address as expected. That is HTTP, SSH and SMTP servers on > them are accessible and do what they are supposed to do. > > > > Except... Except from any location outside of my Comcast Cable > Modem. To be clear, from any machine inside the modem to any address > on the guests, all works perfectly. But outside the modem the guest > apps either don't receive packets or for some reason don't respond, > and I've tired it from four different locations. > > > > Using Wireshark on the guests I can see the packets arrive from the > outside sources, but no response is seen. On accesses from inside I > can see both incoming and outgoing packets, as expected. > > > > I can ping the outside sources from the guests, yet pings from the > outside sources get no response from the guests. All the outside > sources get responses when pinging the host. I can ping the guests > from any inside machine. > > > A bit of a long shot but does turning on STP on the br* interfaces help? I vaguely remember I had to do the following on one of my machines that uses bonding + bridges: # brctl stp br0 on I have put this in the machines' /etc/rc.local so it's applied upon every reboot.