A CentOS 6.3 box ("host") runs several KVM virtual machines, each of which
has two interfaces attached to the two bridges br1 and br2 (and each thus
has two IP's; one on 192.168.0.0/22 and one on 192.168.4.0/22);
net.ipv4.ip_forward on the host is 1. Simplified diagram:
host
+---------------+
| |
net1 = 192.168.0.0/22 | | net2 = 192.168.4.0/22
-----------------------+ br1 br2 +---------------------------------
| | | |
| | | |
Client A +---------------+ Client B
(hosts KVM1, KVM2, etc)
Each client uses the bridge's IP address on the same side as default
gateway. Client A can successfully ping or ssh (for example) to a KVM
machine by IP address by using the KVM machine's net1 IP address. Client B
can likewise communicate using the KVM machine's net2 IP address. However,
neither client can communicate by using the address on the opposing
segment (eg, Client A using KVM1_net2_IP); I can see from tcpdump that the
packets are received by the virtual machine but no reply is ever made. Any
clue?
Steve