2

I have a machine set up running KVM and a bridge on eth0 with the ip address for the machine. The machine has an IP address in a range with no more ip adresses free. I am trying to make a second subnet available for KVM guests to use for their IP addresses.

network -- eth0 ---    bridge0    --|
                    (x.x.x.75/26)   |-- guest0:eth0 (x.x.y.213/28)
                                    |
                                    |-- guest1:eth0 (x.x.y.214/28)

I created the bridge by creating a ifcfg-bridge0 file on the host and it generally seems to be working, however I cannot initiate a connection from the outside world to the guest. What's odd is that the guest has internet access, so obviously the return packets get where they're going, but new connections cannot be established. The example case for this is that if I connect to one of the guests with VNC, I can execute wget http://google.com/ and I get the page.

On both the host and the guest iptables has been flushed so there's not iptables rules. On the host the output of the route command is

host# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
x.x.x.64        0.0.0.0         255.255.255.224 U     0      0        0 bridge0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
169.254.0.0     0.0.0.0         255.255.0.0     U     1004   0        0 bridge0
0.0.0.0         x.x.x.94        0.0.0.0         UG    0      0        0 bridge0

In order to try to get the routing to work I've tried adding a static route to the new subnet on the brdge with a command like route add --net x.x.y.208 netmask 255.255.255.240 bridge0. After adding the route, my route table on the host looks like

host# route -n
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
x.x.y.208       0.0.0.0         255.255.255.240 U     0      0        0 bridge0
x.x.x.64        0.0.0.0         255.255.255.224 U     0      0        0 bridge0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0
169.254.0.0     0.0.0.0         255.255.0.0     U     1004   0        0 bridge0
0.0.0.0         x.x.x.94        0.0.0.0         UG    0      0        0 bridge0

However, the host is still unable to access the guest. If I traceroute the guest I don't see the connection going out, I simply see

host# traceroute x.x.y.213
traceroute to x.x.y.213, 30 hops max, 60 byte packets
 1  x.x.y.213  0.639 ms  0.771 ms  0.784 ms

But when I try to connect to the machine (e.g. telnet x.x.y.213 22) I get no connection (in comparison on the guest if I run telnet x.x.y.213 22 or telnet x.x.x.75 22 I get a result).

Christopher O'Connell
  • 123
  • 5

1 Answers1

3

If the two subnets (the /28 and /26) are both bridged to the same interface then you need addresses in both networks on the upstream network (i.e. a secondary address on the router for the entire network).

Think of the virtual hosts on the bridge as if they were connected to the same switch as the host's NIC. The fact that the host (i.e. bridge0) is in a different IP subnet implies that there needs to be some kind of gateway between the two.

Two options - either renumber all of the hosts into the same network or provide some kind of routed interface between the two.

rnxrx
  • 8,143
  • 3
  • 22
  • 31