Hello, Presently I am running CentOS release 5.5 (Final). I am looking to setup bridging as I would like to setup some KVM virtual hosts on my system as a test lab. I am following the the instruction at this site> http://tldp.org/HOWTO/BRIDGE-STP-HOWTO/index.htmlbut I cannot figure out where I am going wrong and would be thankful if someone could point me in the right direction. Here is what I have done: Check bridge information with the following:> ~ $ modprobe -v bridgeNo issues or errors> ~ $ cat /proc/modules | grep bridge > bidge 91889 0 - Live 0xffffffff89247000Check to ensure forwarding is turned on:> ~ $ cat /proc/sys/net/ipv4/ip_forward > 1Checked that my interface are up and running (Was sure of this but did the check anyway):> ~ $ ifconfig > eth0 Link encap:Ethernet HWaddr 48:5B:39:2A:07:D5 > inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 > inet6 addr: fe80::4a5b:39ff:fe2a:7d5/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:1059 errors:0 dropped:0 overruns:0 frame:0 > TX packets:1080 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:454226 (443.5 KiB) TX bytes:120584 (117.7 KiB) > Interrupt:90 Base address:0x8400 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:92 errors:0 dropped:0 overruns:0 frame:0 > TX packets:92 errors:0 dropped:0 overruns:0 carrier:0[Thu Nov 25So now I begin to create the bridge form CLI as I want to make sure everything works before committing it to the config:> brctl addbr br0 > ifconfig eth0 down > ifconfig br0 192.168.1.100 up > ifconfig eth0 0.0.0.0 up > route add default gw 192.168.1.254I check my interfaces and routing:> ~ $ ifconfig > br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 > inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 > inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:0 (0.0 b) TX bytes:398 (398.0 b) > > eth0 Link encap:Ethernet HWaddr 48:5B:39:2A:07:D5 > inet6 addr: fe80::4a5b:39ff:fe2a:7d5/64 Scope:Link > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > RX packets:64662 errors:0 dropped:0 overruns:0 frame:0 > TX packets:63301 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:1000 > RX bytes:17699194 (16.8 MiB) TX bytes:7958063 (7.5 MiB) > Interrupt:90 Base address:0x8400 > > lo Link encap:Local Loopback > inet addr:127.0.0.1 Mask:255.0.0.0 > inet6 addr: ::1/128 Scope:Host > UP LOOPBACK RUNNING MTU:16436 Metric:1 > RX packets:211 errors:0 dropped:0 overruns:0 frame:0 > TX packets:211 errors:0 dropped:0 overruns:0 carrier:0 > collisions:0 txqueuelen:0 > RX bytes:17346 (16.9 KiB) TX bytes:17346 (16.9 KiB)> ~ $ route -n > Kernel IP routing table > Destination Gateway Genmask Flags Metric Ref UseIface> 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 > 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 br0Time to test if ping works:> ~ $ ping -c3 192.168.1.254 > PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data. > ping: sendmsg: Operation not permitted > ping: sendmsg: Operation not permitted > ping: sendmsg: Operation not permitted > > --- 192.168.1.254 ping statistics --- > 3 packets transmitted, 0 received, 100% packet loss, time 2000msI know the firewall is causing this issue so I stop the firewall:> ~ $ service iptables stop > Flushing firewall rules: [ OK ] > Setting chains to policy ACCEPT: nat filter [ OK ] > Unloading iptables modules: [ OK ]Time to try ping again:> ~ $ ping -c3 192.168.1.254 > PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data. > From 192.168.1.100 icmp_seq=1 Destination Host Unreachable > From 192.168.1.100 icmp_seq=2 Destination Host Unreachable > From 192.168.1.100 icmp_seq=3 Destination Host Unreachable > > --- 192.168.1.254 ping statistics --- > 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 1999msTo back out all I needed to do was:> ifconfig br0 down > brctl delbr br0 > service iptables start > service netowrk restartEverything is back to normal. I cannot figure out what am I missing here? Interfaces and routing look to be setup correctly. Is there something else I need to be looking at? -- Regards Robert Linux The adventure of a life time. Linux User #296285 Get Counted http://counter.li.org/
On Fri, Nov 26, 2010 at 2:15 PM, Robert Spangler <mlists at zoominternet.net> wrote:> Hello, > > Presently I am running CentOS release 5.5 (Final). ?I am looking to setup > bridging as I would like to setup some KVM virtual hosts on my system as a> Time to test if ping works: > >> ~ $ ping -c3 192.168.1.254 >> PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data. >> ping: sendmsg: Operation not permitted >> ping: sendmsg: Operation not permitted >> ping: sendmsg: Operation not permittedDid you remember to brctl addif the regular interfaces? -- Eduardo Grosclaude Universidad Nacional del Comahue Neuquen, Argentina
On Fri, Nov 26, 2010 at 9:15 AM, Robert Spangler <mlists at zoominternet.net> wrote:> Hello, > > Presently I am running CentOS release 5.5 (Final). ?I am looking to setup > bridging as I would like to setup some KVM virtual hosts on my system as a > test lab. ?I am following the the instruction at this site > >> http://tldp.org/HOWTO/BRIDGE-STP-HOWTO/index.html(snip)> Everything is back to normal. ?I cannot figure out what am I missing here? > Interfaces and routing look to be setup correctly. ?Is there something else I > need to be looking at?I recommend you look at the documentaion available from docs.redhat.com. For setting up bridged networking, see: http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/5/html-single/Virtualization/index.html#sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt Akemi
At Fri, 26 Nov 2010 12:15:51 -0500 CentOS mailing list <centos at centos.org> wrote:> > Hello, > > Presently I am running CentOS release 5.5 (Final). I am looking to setup > bridging as I would like to setup some KVM virtual hosts on my system as a > test lab. I am following the the instruction at this site > > > http://tldp.org/HOWTO/BRIDGE-STP-HOWTO/index.html > > but I cannot figure out where I am going wrong and would be thankful if > someone could point me in the right direction. > > Here is what I have done: > > Check bridge information with the following: > > > ~ $ modprobe -v bridge > > No issues or errors > > > ~ $ cat /proc/modules | grep bridge > > bidge 91889 0 - Live 0xffffffff89247000 > > Check to ensure forwarding is turned on: > > > ~ $ cat /proc/sys/net/ipv4/ip_forward > > 1 > > Checked that my interface are up and running > (Was sure of this but did the check anyway): > > > ~ $ ifconfig > > eth0 Link encap:Ethernet HWaddr 48:5B:39:2A:07:D5 > > inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 > > inet6 addr: fe80::4a5b:39ff:fe2a:7d5/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:1059 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:1080 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:454226 (443.5 KiB) TX bytes:120584 (117.7 KiB) > > Interrupt:90 Base address:0x8400 > > > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > RX packets:92 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:92 errors:0 dropped:0 overruns:0 carrier:0[Thu Nov 25 > > So now I begin to create the bridge form CLI as I want to make sure everything > works before committing it to the config: > > > brctl addbr br0 > > ifconfig eth0 down > > ifconfig br0 192.168.1.100 up > > ifconfig eth0 0.0.0.0 upbrctl addif br0 eth0 You need to add the physical interface(s) to the bridge interface. You can set this up to go automagically like this: sauron.deepsoft.com% cat /etc/sysconfig/network-scripts/ifcfg-eth0 # nVidia Corporation MCP77 Ethernet DEVICE=eth0 BOOTPROTO=static HWADDR=00:19:66:D6:ED:93 ONBOOT=yes BRIDGE=br0 sauron.deepsoft.com% cat /etc/sysconfig/network-scripts/ifcfg-br0 DEVICE=br0 TYPE=Bridge BOOTPROTO=static BROADCAST=192.168.250.255 IPADDR=192.168.250.1 NETMASK=255.255.255.0 NETWORK=192.168.250.0 ONBOOT=yes (change as needed to match your interaces and ipaddresses, etc.)> > route add default gw 192.168.1.254 > > I check my interfaces and routing: > > > ~ $ ifconfig > > br0 Link encap:Ethernet HWaddr 00:00:00:00:00:00 > > inet addr:192.168.1.100 Bcast:192.168.1.255 Mask:255.255.255.0 > > inet6 addr: fe80::200:ff:fe00:0/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:0 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:5 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:0 (0.0 b) TX bytes:398 (398.0 b) > > > > eth0 Link encap:Ethernet HWaddr 48:5B:39:2A:07:D5 > > inet6 addr: fe80::4a5b:39ff:fe2a:7d5/64 Scope:Link > > UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1 > > RX packets:64662 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:63301 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:1000 > > RX bytes:17699194 (16.8 MiB) TX bytes:7958063 (7.5 MiB) > > Interrupt:90 Base address:0x8400 > > > > lo Link encap:Local Loopback > > inet addr:127.0.0.1 Mask:255.0.0.0 > > inet6 addr: ::1/128 Scope:Host > > UP LOOPBACK RUNNING MTU:16436 Metric:1 > > RX packets:211 errors:0 dropped:0 overruns:0 frame:0 > > TX packets:211 errors:0 dropped:0 overruns:0 carrier:0 > > collisions:0 txqueuelen:0 > > RX bytes:17346 (16.9 KiB) TX bytes:17346 (16.9 KiB) > > > > ~ $ route -n > > Kernel IP routing table > > Destination Gateway Genmask Flags Metric Ref Use > Iface > > 192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 br0 > > 0.0.0.0 192.168.1.254 0.0.0.0 UG 0 0 0 br0 > > Time to test if ping works: > > > ~ $ ping -c3 192.168.1.254 > > PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data. > > ping: sendmsg: Operation not permitted > > ping: sendmsg: Operation not permitted > > ping: sendmsg: Operation not permitted > > > > --- 192.168.1.254 ping statistics --- > > 3 packets transmitted, 0 received, 100% packet loss, time 2000ms > > I know the firewall is causing this issue so I stop the firewall: > > > ~ $ service iptables stop > > Flushing firewall rules: [ OK ] > > Setting chains to policy ACCEPT: nat filter [ OK ] > > Unloading iptables modules: [ OK ] > > Time to try ping again: > > > ~ $ ping -c3 192.168.1.254 > > PING 192.168.1.254 (192.168.1.254) 56(84) bytes of data. > > From 192.168.1.100 icmp_seq=1 Destination Host Unreachable > > From 192.168.1.100 icmp_seq=2 Destination Host Unreachable > > From 192.168.1.100 icmp_seq=3 Destination Host Unreachable > > > > --- 192.168.1.254 ping statistics --- > > 3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 1999ms > > To back out all I needed to do was: > > > ifconfig br0 down > > brctl delbr br0 > > service iptables start > > service netowrk restart > > Everything is back to normal. I cannot figure out what am I missing here? > Interfaces and routing look to be setup correctly. Is there something else I > need to be looking at? > >-- Robert Heller -- 978-544-6933 / heller at deepsoft.com Deepwoods Software -- http://www.deepsoft.com/ () ascii ribbon campaign -- against html e-mail /\ www.asciiribbon.org -- against proprietary attachments
On Fri, Nov 26, 2010 at 12:15 PM, Robert Spangler <mlists at zoominternet.net> wrote:> Hello, > > Presently I am running CentOS release 5.5 (Final). ?I am looking to setup > bridging as I would like to setup some KVM virtual hosts on my system as a > test lab. ?I am following the the instruction at this siteDon't bother. The Qemu based tools in libvirt, and their implementation in virt-manager, should be taken out back and forced to read Eric Raymond's screed on open source interfaces (The Luxury of Ignorance). Compatibility with arbitrary virtualization suites is not your friend when it's done that badly. Simple operations, like "set up two disks at first setup", are not possible from the GUI. This is one among numerous utilities available from the command line setup tool that are not accessible from the GUI: that's just a failure of GUI design. KVM, itself, was unusable in my testing due to the "bridged network" mishandling and its complete lack of a concept of failover for network issues, particularly pair bonding for the server itself. PXE for the clients was unusable, and it ran like a dyslexic on too many opiates, slow, twitchy, and unpredicatable. VMWare works well, even the free personal versions, and Xen used to work well (although its purchase by Citrix has me concerned, I've not played with it in 2 years now, and I'm very unhappy with libvirt.)