I have a host machine runing Debian stable and a KVM virtual machine running Windows on that host. I have a networking bridge setup for the VM but I'm unable to reach the VM (ping, connect,...) from either the host machine or other machines on the same network. The VM on the other hand can access machines on the netwrok as well as the internet, it's only the outside-to-VM direction that doesn't work.
/etc/network/interfaces
:
auto lo
iface lo inet loopback
iface enp5s0 inet manual
auto br0
iface br0 inet dhcp
bridge_ports enp5s0
bridge_stp on
bridge_maxwait 0
bridge_fd 0
ifconfig
:
br0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.24.10.10 netmask 255.255.0.0 broadcast 10.24.255.255
inet6 fe80::1276:44ff:fe93:e5d5 prefixlen 64 scopeid 0x20<link>
ether 10:76:44:93:e5:d5 txqueuelen 1000 (Ethernet)
RX packets 134578 bytes 6829887 (6.5 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1998 bytes 13852642 (13.2 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp5s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether 10:7b:44:93:e9:d5 txqueuelen 1000 (Ethernet)
RX packets 136408 bytes 9378239 (8.9 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 11162 bytes 14598770 (13.9 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
device memory 0xefc00000-efc1ffff
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 1 (Local Loopback)
RX packets 4 bytes 246 (246.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 4 bytes 246 (246.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::fc54:ff:fee0:fa4 prefixlen 64 scopeid 0x20<link>
ether fe:54:00:e0:0f:a4 txqueuelen 1000 (Ethernet)
RX packets 786 bytes 196127 (191.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 130674 bytes 8943783 (8.5 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
VM network config:
<interface type='bridge'>
<mac address='52:54:00:e0:0f:a4'/>
<source bridge='br0'/>
<model type='virtio'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
route
:
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 10.24.255.254 0.0.0.0 UG 0 0 0 br0
10.24.0.0 0.0.0.0 255.255.0.0 U 0 0 0 br0
sysctl -n net.ipv4.ip_forward
:
1
The br_netfilter
modules is not loaded.
Inside the VM, the virtio-net driver seems to be working correctly and the adapter does recive an IP from the DHCP. It can ping/connect to the host but the host can't ping the VM's IP nor establish a TCP connection to it.
Any idea what could be the problem?
Ok, so it turns out the host is actually configured correctly, it was the Windows firewall blocking connections despite the network being marked as private. (Jesus H. Christ, Windows, really?)