PDA

View Full Version : no internet access with guest vm



seta28
19th October 2012, 11:48 AM
hi,

I have a Fedora Guest vm in dhcp via bridged mode on a Windows Host also in dhcp.

We have a proxy.

My host receive address and can surf on Google with proxy configured.

But I can't join google with my guest vm.

There 2 ways to configure proxy on Fedora

- proxy settings from system

- proxy settings from internet browser (Firefox)

Each proxy settings mode does'nt work ( automatic, manual, no proxy...) on guest vm and Firewall is disabled.

I can ping Ip address but not the FQDN..

Proxy settings aren't work on Fedora?

Thanks,

seta

devyreham
19th October 2012, 01:22 PM
hi what is your primary DNS server in the network settings?
it should be shown in the connection information

seta28
19th October 2012, 01:25 PM
hi
it's the same that my host computer with domain My_domain and search My_domain with the nameservers.

flyingfsck
19th October 2012, 01:53 PM
Howdy,

What kind of proxy is it?

In my experience, it is best to tunnel through the corporate junk proxies to a server of your own.

jpollard
19th October 2012, 01:59 PM
What version of Fedora are you using?

There have been a number of problems with VMs in Fedora when used with NetworkManager (I gave up on it since F15/16). I went with using the old tried and true networks, and turned on forwarding in the kernel.

No problems since.

seta28
19th October 2012, 03:25 PM
I used Fedora 14, I can't manage the new proxy and I don't know what kind is it.
You propose to deactivate NetworkManager?

How use other thing to do working dhcp?

Thanks,

jpollard
19th October 2012, 06:55 PM
On F14, chkconfig NetworkManager off, chkconfig network on,

Make sure the network startup scripts have "NM_CONTROLLED=no", and "ONBOOT=yes".

Set the forwarding flag "net.ipv4.ip_forward = 1" in /etc/sysctl.conf for the next reboot. You can manually set it with "echo 1 >/proc/sys/net/ipv4/ip_forward" for testing (or just to avoid rebooting).

What I found (at least in F15/16) was that NetworkManager seems to turn off forwarding... even if it is turned on in the sysctl.conf file.

I don't remember having that problem in F14, though updates after I went to F16 may have propagated the problem from F16 to F14 in the last days of support.

seta28
22nd October 2012, 08:51 AM
Hi,
Thanks for your reply.
It's an knowing issue on Fedora? I don't understand why enable ip_forwarding?
I have only one guest and nothing else then no routage.

I tried your solution but it isn't working...
I have disable NetworkManager and enable network but I have this message:

Determining IP information for eth0...dhclient(1587) is already running - exiting.

thanks,

jpollard
22nd October 2012, 03:37 PM
The guest is using a different network than the host, so the host has to forward the guests traffic to reach the internet.

eth0 is already configured with an active dhclient server managing it. You might try a "/sbin/ifdown eth0" and /sbin/ifup eth0" to restart it.

Check network tables with "netstat -rn". This should show something like:


Kernel IP routing table
Destination Gateway Genmask Flags MSS Window irtt Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 0 0 0 p6p1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 p5p1
169.254.0.0 0.0.0.0 255.255.0.0 U 0 0 0 p6p1
192.168.0.0 0.0.0.0 255.255.255.0 U 0 0 0 p5p1
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 p6p1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0


My guests are using 192.168.122.0 for their network, I also have two wired networks (192.168.0.0 for internal physical hosts, and
192.168.1.0 configured via DHCP for internet access).

The default route (0.0.0.0) should have your internet router designated as its gateway.

My network startup scripts have p6p1 (new naming construct) designated for dhcp, with DEFROUTE, PEERDNS, and PEERROUTES set to "yes".

The virbr0 is configured by the qemu/xen VM manager software.
The VMs need to be using their default router (actually, very likely the only route) which is the host.

Setting ip_forward makes the host kernel act as a router for the 192.168.xxx networks, which by default are NOT routable.

I will admit to not being an expert at this, but the only thing left is whether there is a firewall rule to reject forwarding a specific network. My firewall rules have a "-A FORWARD -i p5p1 -j ACCEPT" rule which should allow all forwarded connections to go to my internet router... which is supposed to allow packets from the internet to be forwarded. The full set of my forward list is:


-A FORWARD -m state --state ESTABLISHED,RELATED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i eth+ -j ACCEPT
-A FORWARD -i p5p1 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited


Note, the eth+ rule should be superfluous as that came before the new naming sequences (currently left in case I fall back to an earlier kernel). These are the last in my set of rules, and were configured using the system-config-firewall.

After all that, it should be working as long as the kernel forwarding is set to 1.