Ubuntu 16.04 kvm bridges not working












0














i've got a windows 2008 server vm running on kvm, it had an rtl nic. i did a patch install on the vm, did a 'dist-upgrade' on the host, and now the bridges do not appear to be forwarding packets! the host has several nics and all are statically assigned. brDMZ is the bridge i'm interested in, its assigned 192.168.4.4 and i can ping that from another (physical) host. i've tried rolling back to 4.4.0-98 with no luck. any suggestions!? here's some output:



uname -a

Linux vmhost-01 4.4.0-101-generic #124-Ubuntu SMP Fri Nov 10 18:29:59 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux



brctl show

bridge name     bridge id               STP enabled     interfaces

brCSS           8000.001e0b480aba       yes             eth0

brDMZ           8000.d485644f4aee       yes             eth3

docker0         8000.0242823a37ed       no

virbr0          8000.525400cf415c       yes             virbr0-nic



sudo ifconfig brDMZ

brDMZ     Link encap:Ethernet  HWaddr d4:85:64:4f:4a:ee

          inet addr:192.168.4.4  Bcast:192.168.4.255  Mask:255.255.255.0

          inet6 addr: fe80::d685:64ff:fe4f:4aee/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:168 errors:0 dropped:0 overruns:0 frame:0

          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:9004 (9.0 KB)  TX bytes:648 (648.0 B)



brctl showstp brDMZ

brDMZ

 bridge id              8000.d485644f4aee

 designated root        8000.d485644f4aee

 root port                 0                    path cost                  0

 max age                  20.00                 bridge max age            20.00

 hello time                2.00                 bridge hello time          2.00

 forward delay             2.00                 bridge forward delay       2.00

 ageing time             300.00

 hello timer               0.52                 tcn timer                  0.00

 topology change timer     0.00                 gc timer                 171.35

 flags





eth3 (1)

 port id                8001                    state                forwarding

 designated root        8000.d485644f4aee       path cost                  4

 designated bridge      8000.d485644f4aee       message age timer          0.00

 designated port        8001                    forward delay timer        0.00

 designated cost           0                    hold timer                 0.00

 flags



brctl showmacs brDMZ

port no mac addr                is local?       ageing timer

  1     00:06:5b:f6:8b:dc       no               179.48

  1     00:0c:29:04:87:83       no               157.46

  1     00:0c:29:f1:90:8e       no                52.99

  1     00:14:5e:77:f7:d7       no                59.09

  1     d4:85:64:4f:4a:ee       yes                0.00

  1     d4:85:64:4f:4a:ee       yes                0.00



sudo ebtables -t filter -L

Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT





networking virtualization kvm







share|improve this question






















  • update: i created an ubuntu 16.04 host on the same bridge, with same results. however, if i run tcpdump IN the vm, it sees ARP requests coming from machine out on the network trying to ping it!?
    – david
    Nov 27 '17 at 17:23
















0














i've got a windows 2008 server vm running on kvm, it had an rtl nic. i did a patch install on the vm, did a 'dist-upgrade' on the host, and now the bridges do not appear to be forwarding packets! the host has several nics and all are statically assigned. brDMZ is the bridge i'm interested in, its assigned 192.168.4.4 and i can ping that from another (physical) host. i've tried rolling back to 4.4.0-98 with no luck. any suggestions!? here's some output:



uname -a

Linux vmhost-01 4.4.0-101-generic #124-Ubuntu SMP Fri Nov 10 18:29:59 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux



brctl show

bridge name     bridge id               STP enabled     interfaces

brCSS           8000.001e0b480aba       yes             eth0

brDMZ           8000.d485644f4aee       yes             eth3

docker0         8000.0242823a37ed       no

virbr0          8000.525400cf415c       yes             virbr0-nic



sudo ifconfig brDMZ

brDMZ     Link encap:Ethernet  HWaddr d4:85:64:4f:4a:ee

          inet addr:192.168.4.4  Bcast:192.168.4.255  Mask:255.255.255.0

          inet6 addr: fe80::d685:64ff:fe4f:4aee/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:168 errors:0 dropped:0 overruns:0 frame:0

          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:9004 (9.0 KB)  TX bytes:648 (648.0 B)



brctl showstp brDMZ

brDMZ

 bridge id              8000.d485644f4aee

 designated root        8000.d485644f4aee

 root port                 0                    path cost                  0

 max age                  20.00                 bridge max age            20.00

 hello time                2.00                 bridge hello time          2.00

 forward delay             2.00                 bridge forward delay       2.00

 ageing time             300.00

 hello timer               0.52                 tcn timer                  0.00

 topology change timer     0.00                 gc timer                 171.35

 flags





eth3 (1)

 port id                8001                    state                forwarding

 designated root        8000.d485644f4aee       path cost                  4

 designated bridge      8000.d485644f4aee       message age timer          0.00

 designated port        8001                    forward delay timer        0.00

 designated cost           0                    hold timer                 0.00

 flags



brctl showmacs brDMZ

port no mac addr                is local?       ageing timer

  1     00:06:5b:f6:8b:dc       no               179.48

  1     00:0c:29:04:87:83       no               157.46

  1     00:0c:29:f1:90:8e       no                52.99

  1     00:14:5e:77:f7:d7       no                59.09

  1     d4:85:64:4f:4a:ee       yes                0.00

  1     d4:85:64:4f:4a:ee       yes                0.00



sudo ebtables -t filter -L

Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT





networking virtualization kvm







share|improve this question






















  • update: i created an ubuntu 16.04 host on the same bridge, with same results. however, if i run tcpdump IN the vm, it sees ARP requests coming from machine out on the network trying to ping it!?
    – david
    Nov 27 '17 at 17:23














0












0








0







i've got a windows 2008 server vm running on kvm, it had an rtl nic. i did a patch install on the vm, did a 'dist-upgrade' on the host, and now the bridges do not appear to be forwarding packets! the host has several nics and all are statically assigned. brDMZ is the bridge i'm interested in, its assigned 192.168.4.4 and i can ping that from another (physical) host. i've tried rolling back to 4.4.0-98 with no luck. any suggestions!? here's some output:



uname -a

Linux vmhost-01 4.4.0-101-generic #124-Ubuntu SMP Fri Nov 10 18:29:59 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux



brctl show

bridge name     bridge id               STP enabled     interfaces

brCSS           8000.001e0b480aba       yes             eth0

brDMZ           8000.d485644f4aee       yes             eth3

docker0         8000.0242823a37ed       no

virbr0          8000.525400cf415c       yes             virbr0-nic



sudo ifconfig brDMZ

brDMZ     Link encap:Ethernet  HWaddr d4:85:64:4f:4a:ee

          inet addr:192.168.4.4  Bcast:192.168.4.255  Mask:255.255.255.0

          inet6 addr: fe80::d685:64ff:fe4f:4aee/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:168 errors:0 dropped:0 overruns:0 frame:0

          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:9004 (9.0 KB)  TX bytes:648 (648.0 B)



brctl showstp brDMZ

brDMZ

 bridge id              8000.d485644f4aee

 designated root        8000.d485644f4aee

 root port                 0                    path cost                  0

 max age                  20.00                 bridge max age            20.00

 hello time                2.00                 bridge hello time          2.00

 forward delay             2.00                 bridge forward delay       2.00

 ageing time             300.00

 hello timer               0.52                 tcn timer                  0.00

 topology change timer     0.00                 gc timer                 171.35

 flags





eth3 (1)

 port id                8001                    state                forwarding

 designated root        8000.d485644f4aee       path cost                  4

 designated bridge      8000.d485644f4aee       message age timer          0.00

 designated port        8001                    forward delay timer        0.00

 designated cost           0                    hold timer                 0.00

 flags



brctl showmacs brDMZ

port no mac addr                is local?       ageing timer

  1     00:06:5b:f6:8b:dc       no               179.48

  1     00:0c:29:04:87:83       no               157.46

  1     00:0c:29:f1:90:8e       no                52.99

  1     00:14:5e:77:f7:d7       no                59.09

  1     d4:85:64:4f:4a:ee       yes                0.00

  1     d4:85:64:4f:4a:ee       yes                0.00



sudo ebtables -t filter -L

Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT





networking virtualization kvm







share|improve this question













i've got a windows 2008 server vm running on kvm, it had an rtl nic. i did a patch install on the vm, did a 'dist-upgrade' on the host, and now the bridges do not appear to be forwarding packets! the host has several nics and all are statically assigned. brDMZ is the bridge i'm interested in, its assigned 192.168.4.4 and i can ping that from another (physical) host. i've tried rolling back to 4.4.0-98 with no luck. any suggestions!? here's some output:



uname -a

Linux vmhost-01 4.4.0-101-generic #124-Ubuntu SMP Fri Nov 10 18:29:59 UTC 2017 x86_64 x86_64 x86_64 GNU/Linux



brctl show

bridge name     bridge id               STP enabled     interfaces

brCSS           8000.001e0b480aba       yes             eth0

brDMZ           8000.d485644f4aee       yes             eth3

docker0         8000.0242823a37ed       no

virbr0          8000.525400cf415c       yes             virbr0-nic



sudo ifconfig brDMZ

brDMZ     Link encap:Ethernet  HWaddr d4:85:64:4f:4a:ee

          inet addr:192.168.4.4  Bcast:192.168.4.255  Mask:255.255.255.0

          inet6 addr: fe80::d685:64ff:fe4f:4aee/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:168 errors:0 dropped:0 overruns:0 frame:0

          TX packets:8 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000

          RX bytes:9004 (9.0 KB)  TX bytes:648 (648.0 B)



brctl showstp brDMZ

brDMZ

 bridge id              8000.d485644f4aee

 designated root        8000.d485644f4aee

 root port                 0                    path cost                  0

 max age                  20.00                 bridge max age            20.00

 hello time                2.00                 bridge hello time          2.00

 forward delay             2.00                 bridge forward delay       2.00

 ageing time             300.00

 hello timer               0.52                 tcn timer                  0.00

 topology change timer     0.00                 gc timer                 171.35

 flags





eth3 (1)

 port id                8001                    state                forwarding

 designated root        8000.d485644f4aee       path cost                  4

 designated bridge      8000.d485644f4aee       message age timer          0.00

 designated port        8001                    forward delay timer        0.00

 designated cost           0                    hold timer                 0.00

 flags



brctl showmacs brDMZ

port no mac addr                is local?       ageing timer

  1     00:06:5b:f6:8b:dc       no               179.48

  1     00:0c:29:04:87:83       no               157.46

  1     00:0c:29:f1:90:8e       no                52.99

  1     00:14:5e:77:f7:d7       no                59.09

  1     d4:85:64:4f:4a:ee       yes                0.00

  1     d4:85:64:4f:4a:ee       yes                0.00



sudo ebtables -t filter -L

Bridge table: filter

Bridge chain: INPUT, entries: 0, policy: ACCEPT

Bridge chain: FORWARD, entries: 0, policy: ACCEPT

Bridge chain: OUTPUT, entries: 0, policy: ACCEPT





networking virtualization kvm




networking virtualization kvm






share|improve this question













share|improve this question











share|improve this question




share|improve this question










asked Nov 27 '17 at 14:54









david

212




212












  • update: i created an ubuntu 16.04 host on the same bridge, with same results. however, if i run tcpdump IN the vm, it sees ARP requests coming from machine out on the network trying to ping it!?
    – david
    Nov 27 '17 at 17:23


















  • update: i created an ubuntu 16.04 host on the same bridge, with same results. however, if i run tcpdump IN the vm, it sees ARP requests coming from machine out on the network trying to ping it!?
    – david
    Nov 27 '17 at 17:23
















update: i created an ubuntu 16.04 host on the same bridge, with same results. however, if i run tcpdump IN the vm, it sees ARP requests coming from machine out on the network trying to ping it!?
– david
Nov 27 '17 at 17:23




update: i created an ubuntu 16.04 host on the same bridge, with same results. however, if i run tcpdump IN the vm, it sees ARP requests coming from machine out on the network trying to ping it!?
– david
Nov 27 '17 at 17:23










1 Answer
1






active

oldest

votes


















2














running the tcpdump (in multiple places) gave me the clue to the fix on this. i noticed that arp traffic was showing up in the dumps on the vm and on the host, but outgoing and incoming traffic would only show up at the host, not at the vm. ufw was running but nothing was set (far as i could tell, dont really know anything about it), BUT i noticed that iptables -L showed the FORWARD chain had a policy of DENY! i compared that with another ubuntu installation i had and it had a default policy of ACCEPT, so - sure enough - change the policy to be ACCEPT and all was well!



i have a feeling that installing docker.io made some iptables changes, but i wont know for sure, just glad to have this issue behind me!



hope it helps someone else






share|improve this answer





















  • I would like to add, the command to set policy is sudo iptables -P FORWARD ACCEPT for the above scenario
    – jamesy829
    Jan 15 at 4:13











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "89"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f980752%2fubuntu-16-04-kvm-bridges-not-working%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























1 Answer
1






active

oldest

votes








1 Answer
1






active

oldest

votes









active

oldest

votes






active

oldest

votes









2














running the tcpdump (in multiple places) gave me the clue to the fix on this. i noticed that arp traffic was showing up in the dumps on the vm and on the host, but outgoing and incoming traffic would only show up at the host, not at the vm. ufw was running but nothing was set (far as i could tell, dont really know anything about it), BUT i noticed that iptables -L showed the FORWARD chain had a policy of DENY! i compared that with another ubuntu installation i had and it had a default policy of ACCEPT, so - sure enough - change the policy to be ACCEPT and all was well!



i have a feeling that installing docker.io made some iptables changes, but i wont know for sure, just glad to have this issue behind me!



hope it helps someone else






share|improve this answer





















  • I would like to add, the command to set policy is sudo iptables -P FORWARD ACCEPT for the above scenario
    – jamesy829
    Jan 15 at 4:13
















2














running the tcpdump (in multiple places) gave me the clue to the fix on this. i noticed that arp traffic was showing up in the dumps on the vm and on the host, but outgoing and incoming traffic would only show up at the host, not at the vm. ufw was running but nothing was set (far as i could tell, dont really know anything about it), BUT i noticed that iptables -L showed the FORWARD chain had a policy of DENY! i compared that with another ubuntu installation i had and it had a default policy of ACCEPT, so - sure enough - change the policy to be ACCEPT and all was well!



i have a feeling that installing docker.io made some iptables changes, but i wont know for sure, just glad to have this issue behind me!



hope it helps someone else






share|improve this answer





















  • I would like to add, the command to set policy is sudo iptables -P FORWARD ACCEPT for the above scenario
    – jamesy829
    Jan 15 at 4:13














2












2








2






running the tcpdump (in multiple places) gave me the clue to the fix on this. i noticed that arp traffic was showing up in the dumps on the vm and on the host, but outgoing and incoming traffic would only show up at the host, not at the vm. ufw was running but nothing was set (far as i could tell, dont really know anything about it), BUT i noticed that iptables -L showed the FORWARD chain had a policy of DENY! i compared that with another ubuntu installation i had and it had a default policy of ACCEPT, so - sure enough - change the policy to be ACCEPT and all was well!



i have a feeling that installing docker.io made some iptables changes, but i wont know for sure, just glad to have this issue behind me!



hope it helps someone else






share|improve this answer












running the tcpdump (in multiple places) gave me the clue to the fix on this. i noticed that arp traffic was showing up in the dumps on the vm and on the host, but outgoing and incoming traffic would only show up at the host, not at the vm. ufw was running but nothing was set (far as i could tell, dont really know anything about it), BUT i noticed that iptables -L showed the FORWARD chain had a policy of DENY! i compared that with another ubuntu installation i had and it had a default policy of ACCEPT, so - sure enough - change the policy to be ACCEPT and all was well!



i have a feeling that installing docker.io made some iptables changes, but i wont know for sure, just glad to have this issue behind me!



hope it helps someone else







share|improve this answer












share|improve this answer



share|improve this answer










answered Nov 29 '17 at 2:53









david

212




212












  • I would like to add, the command to set policy is sudo iptables -P FORWARD ACCEPT for the above scenario
    – jamesy829
    Jan 15 at 4:13


















  • I would like to add, the command to set policy is sudo iptables -P FORWARD ACCEPT for the above scenario
    – jamesy829
    Jan 15 at 4:13
















I would like to add, the command to set policy is sudo iptables -P FORWARD ACCEPT for the above scenario
– jamesy829
Jan 15 at 4:13




I would like to add, the command to set policy is sudo iptables -P FORWARD ACCEPT for the above scenario
– jamesy829
Jan 15 at 4:13


















draft saved

draft discarded




















































Thanks for contributing an answer to Ask Ubuntu!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.





Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


Please pay close attention to the following guidance:


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2faskubuntu.com%2fquestions%2f980752%2fubuntu-16-04-kvm-bridges-not-working%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







-

Popular posts from this blog

How to send String Array data to Server using php in android

Image
0 I have a String array which contains value string array = {6,37,38,837,7,...} and I have also used some string values. I want to send that all string values and string array to my database which is located at server side. When I am click on submit button the data will stored in table. On the PHP side I want to read this array as it is,other thing i will do at background means PHP side. See my below code then you will get it what I am says. Here is my code: public class Hotels extends Activity { // Declare Variables JSONArray jsonarray = null; private static final String TAG_ID = "id"; public static final String TAG_NAME = "name"; public static final String TAG_LOCATION = "location"; public static final String TAG_DESC = "description"; String f_date, l_date;...
Read more

Title Spacing in Bjornstrup Chapter, Removing Chapter Number From Contents

Image
up vote 5 down vote favorite 2 I would like to make it so that the vertical space below the title of each chapter is the same when using the Bjornstrup package (i.e. so that the descenders do not affect the spacing - as shown by the red arrow in the picture below). I think I'm fairly happy with the spacing around "A chapter", so I'd really like titles without descenders (e.g. "Contents") to have the same vertical spacing as "A chapter" below the title. I would also like to remove the large "0" in the contents title. Any help appreciated, as always. documentclass[11pt,a4paper]{book} % Packages[![enter image description here][1]][1] usepackage[left=3.5cm, right=3.5cm, top=4.3cm, bottom=4.25cm]{geometry} usepackage[utf8]{inputenc} usepackage{libertine} usepackage[libertine]{newtx...
Read more

Is anime1.com a legal site for watching anime?

Image
up vote 4 down vote favorite 1 Other anime streaming sites are blocking my IP because I'm Iranian while anime1.com isn't. I wanted to know if it's legal to watch/stream anime from this site. Thanks. anime-production share | improve this question edited Nov 27 at 22:38 W. Are 1,599 2 23 asked Nov 27 at 20:36 mhnajafi 23 3 add a comment ...
Read more