[ovirt-users] IP forwarding... Cannot access guest IP

richard.seguin at marisec.ca richard.seguin at marisec.ca
Tue Apr 29 16:40:09 EDT 2014


Hi Alex,

I already did that part. 

It's strange... The xen guest can ping dom0... but nothing beyond it... yet dom0 can ping other addresses... and the guests...  It almost sounds like I have a nat going on here... 

-----Original Message-----
From: "Alexander Wels" <awels at redhat.com>
Sent: Tuesday, April 29, 2014 4:37pm
To: richard.seguin at marisec.ca
Cc: users at ovirt.org, "Dan Kenigsberg" <danken at redhat.com>
Subject: Re: [ovirt-users] IP forwarding... Cannot access guest IP

On Tuesday, April 29, 2014 04:34:29 PM richard.seguin at marisec.ca wrote:
> You have no idea how much I wanted this to work...
> 
> macspoof = true
> 
> nothing changed...
> 

I forgot to mention what Dan DID mention, go to 
http://www.ovirt.org/Vdsm_Hooks

And look at the yum install vdsm-hook-macspoof part. Unless of course you 
already did this.

> -----Original Message-----
> From: "Alexander Wels" <awels at redhat.com>
> Sent: Tuesday, April 29, 2014 8:47am
> To: users at ovirt.org
> Cc: "Dan Kenigsberg" <danken at redhat.com>, richard.seguin at marisec.ca
> Subject: Re: [ovirt-users] IP forwarding... Cannot access guest IP
> 
> On Tuesday, April 29, 2014 01:35:08 PM Dan Kenigsberg wrote:
> > On Tue, Apr 29, 2014 at 06:33:14AM -0400, richard.seguin at marisec.ca wrote:
> > > Hi Dan,
> > > 
> > > Yes I am an ovirt user.  Basically, I am running into an issue running
> > > xen
> > > inside of kvm.  Our scenario is that this is lab environment, and we
> > > enjoy the luxury of spinning up kvm instances (as opposed to installing
> > > on bare metal each time we need something). Our product uses Xen, and we
> > > are pretty much stuck with it for the time being.
> > > 
> > > I think what I am running into is a double bridge issue... Xen has a
> > > bridge, and so does kvm obviously.  I am able to ping dom0 (which is
> > > just
> > > the bridge itself) on Xen from the outside world, but I am not able to
> > > ping udom... and... udom doesn't have access out either.   When I was
> > > using vmware, I enabled promisc mode on the virtual switch, and this
> > > solution worked fine...
> > > 
> > > If we ignore the types of technology that I am using,  and just focus on
> > > the networking, what would I be looking at as possibilities?  Or... a
> > > better question would be, does ovirt have a promiscuous flag somewhere
> > > that I can set?
> > 
> > I cannot say that I understand your setup, but if you have nested
> > virtuallization (such as a Xen udom) you may experience ovirt's
> > no-mac-spoofing rule: by default we disallow our VMs to emit traffic
> > that has different mac address from the one assigned by oVirt.
> > 
> > To avoid this, follow http://www.ovirt.org/Vdsm_Hooks#Installing_a_hook
> > and report if that's the issue.
> 
> If the mac address is the issue wouldn't it be easier for him to just edit
> the VM and in custom properties set macspoof to true?
> 
> > _______________________________________________
> > Users mailing list
> > Users at ovirt.org
> > http://lists.ovirt.org/mailman/listinfo/users





More information about the Users mailing list