[CentOS] network not accessible through bridged interface but traffic visible

Wed Jan 9 15:03:02 UTC 2013
Doug Coats <dcoatshca at gmail.com>

I had a major HD failure and need to rebuild my host server and the virtual
servers that resided on it.  I am moving from CentOS 5.6 to CentOS 6.3.  I
am using the same configuration, as best as I can tell, that was working
only hours ago on 5.6 but does not work on 6.3.  My guest server can see
network traffic on the bridged network device but I cannot seem to interact
with it.  Iptables turned off on both the host and guest makes no
difference.

*Host server settings that apply:*

NetworkManager is off
Network is on

/etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=host
GATEWAY=192.168.4.1

/etc/resolv.conf
search domain.com
nameserver 68.87.xx.xx
nameserver 68.87.xx.xx

/etc/sysctl.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

/etc/sysconfig/network-scripts/ifcfg-em2
DEVICE=em2
NM_CONTROLLED=no
BOOTPROTO=none
HWADDR=...
ONBOOT=yes
HOTPLUG=no
BRIDGE=br2

/etc/sysconfig/network-scripts/ifcfg-br2
DEVICE=br2
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes
DELAY=0

/etc/sysconfig/network-scripts/ifcfg-em3
DEVICE=em3
NM_CONTROLLED=no
BOOTPROTO=none
HWADDR=...
ONBOOT=yes
HOTPLUG=no
BRIDGE=br3

/etc/sysconfig/network-scripts/ifcfg-br3
DEVICE=br3
TYPE=Bridge
BOOTPROTO=none
ONBOOT=yes
DELAY=0

On the host I connect to the network using a different nic ifcfg-em5.
Which connects to the gateway server and the internet just fine.

*The guest settings:*

Virtual Network Interface
Source Device: Host device vnet0 (Bridge 'br2')
Device Model: virtio
MAC Address: ...

Virtual Network Interface
Source Device: Host device vnet1 (Bridge 'br3')
Device Model: virtio
MAC Address: ...

NetworkManager is off
Network is on

/etc/sysconfig/network
NETWORKING=yes
NETWORKING_IPV6=no
HOSTNAME=host
GATEWAY=192.168.4.1

/etc/resolv.conf
search domain.com
nameserver 68.87.xx.xx
nameserver 68.87.xx.xx

/etc/sysctl.conf
net.ipv4.ip_forward = 1
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

/etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE="eth0"
BOOTPROTO="static"
HWADDR=...
NM_CONTROLLED="no"
ONBOOT="yes"
IPADDR=192.168.4.3
NETMASK=255.255.255.0
NETWORK=192.168.4.0
DNS1=68.87.XX.XX
DNS2=68.87.XX.XX

/etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE="eth1"
BOOTPROTO="static"
HWADDR=...
NM_CONTROLLED="no"
ONBOOT="yes"
IPADDR=192.168.6.1
NETMASK=255.255.255.0
NETWORK=192.168.6.0

#route
Kernel IP routing table
Destination                Gateway
Genmask                 Flags  Metric  Ref         Use  Iface
192.168.6.0                *
255.255.255.0          U        0         0                 0  eth1
192.168.5.0               otherserver                255.255.255.0
UG      0         0                 0  eth0
192.168.4.0               *
255.255.255.0          U        0         0                 0  eth0
192.168.1.0               anotherserver             255.255.255.0
UG      0         0                 0  eth0
link-local                   *
255.255.0.0             U        1002     0                0  eth0
link-local                   *
255.255.0.0             U        1003     0                0  eth1
default                      gatewayserver
0.0.0.0                    UG      0          0                0  eth0

This is the most bizarre thing.  I can see the nic traffic on the guest
with a tcpdump but I cannot interact with the traffic.

# traceroute 192.168.4.1
traceroute to 192.168.4.1 (192.168.4.1), 30 hops max, 60 byte packets
 1    guestserver (192.168.4.3)        3000.636ms  !H   3000.633ms !H
3000.628 ms  !H

Any fresh ideas and insights are greatly appreciated!

Thanks!