2

I've installed CentOS 5 inside KVN on FC12. I've setup a bridged network that works fine. I can ping the virtualized host from any of my other computers and the other way as well. I can also access apache on the virtualized host from other computers on the LAN. I also have no problems doing 'yum update'

However, when I try to access any UDP service eg. DNS that resides outside my LAN I never get a reply. eg. nslookup google.com - <known nameserver>. When I try this from the host OS, the exact same command I get a reply.

I've tried sniffing the traffic by port mirroring the port that goes to the ADSL modem router (DG834G Netgear) in both directions. The DNS request travels out to the internet but I dont get a reply. Just casually comparing the packet sent by the host and the virtual OS I dont notice any significant differences. Then again I'm not sure what to be looking for.

Other info:

iptables host FORWARD has one rule (guest iptables is off):

ACCEPT all -- 0.0.0.0/0 0.0.0.0/0 PHYSDEV match --physdev-is-bridged

Network is simple, one L2 managed switch and everything connected to it.

I've also tried creating a port forwarding rule for various UDP services and testing them but no luck there either.

The host and guest are configured using static IPs but there is a DHCP entry for the same ip/mac on the router.

Update:

It appears to be the DSL modem router. I just swapped out the current one for a one on loan and it works just fine. I have absolutely no idea why, I just used the default factory settings on the loaner. Any idea what might be the cause? I've tried changing various settings etc. but I'm not sure what specifically it might be.

1 Answers1

1

This sounds relatively complex, if everything you're saying is accurate.

Can the VM host send and receive UDP traffic as well?

Matt Simmons
  • 20,396
  • 10
  • 68
  • 116
  • yes. I've managed to narrow it down to the gateway. just swapped out the DSL router modem for another one and it suddenly works! But I'd like to use the old modem as this was just a loaner. any thoughts why this could be? what setting I should change? –  Dec 11 '09 at 17:27
  • I'd do a factory reset on it, just in case something got screwed up. That's not exactly operating according to spec. – Matt Simmons Dec 11 '09 at 18:55
  • Factory reset fixes it! The strange thing is that I've narrowed it down to changing basic things like static IP reservation for DHCP + firewall rules. It seems that adding static IP reservation to other (not host OR guest mac) mac's causes certain inbound UDP traffic to become blocked, adding firewall rules and everything falls apart. I've reproduced it twice so far. And again any non-guest OS has no problems sending/receiving UDP including PC's on the LAN. I guess it must be some strange router firmware bug then.... –  Dec 12 '09 at 08:37
  • Wow! That is bizarre, but good find! What model of router is it? – Matt Simmons Dec 12 '09 at 12:49
  • Netgear DG834Gv5 f/w V1.6.01.34. I went back and captured a single DNS query packet from both the host & guest and replayed them from another system to rule out config errors on virtualization/networking somehow and got the same result. Compared the packets and the only difference I could come up with was the IP & MAC address. Edit to another MAC - no change but changing the guest IP fixed it(!!??). Thought I had an IP conflict but with the rest of the network isolated the issue persists. The offending static ip 192.168.1.234, changed to .236 works! That was the ONLY change & restart network. –  Dec 12 '09 at 15:24