Bug 437033

Summary: No network in virtual machines
Product: [Fedora] Fedora Reporter: Espen Stefansen <libbe>
Component: libvirtAssignee: Daniel Veillard <veillard>
Status: CLOSED CURRENTRELEASE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: 8CC: avibrazil, berrange, rdtennent
Target Milestone: ---   
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: 0.4.1-3.fc8 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-04-17 03:56:33 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
The 'iptables-save' output on the host
none
output of iptables-save none

Description Espen Stefansen 2008-03-11 19:30:31 UTC 
Description of problem:
My virtual machines get an IP, but can't connect to the internet since the last 
updates to libvirtd. And during boot I get an error when starting libvirtd, or 
if I restart it later. It seems to be a problem with the firewall-rules.

Starting libvirtd-service: Shutting down network 'default'iptables: No chain/
target/match by that name
iptables: Bad rule (does a matching rule exist in that chain?)
iptables: Bad rule (does a matching rule exist in that chain?)
iptables: Bad rule (does a matching rule exist in that chain?)
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: Bad rule (does a matching rule exist in that chain?)
iptables: Bad rule (does a matching rule exist in that chain?)
iptables: Bad rule (does a matching rule exist in that chain?)
iptables: Bad rule (does a matching rule exist in that chain?)
Failed to bring down bridge 'virbr0' : No such device
Failed to delete bridge 'virbr0' : No such device or address

And when I start a virtual machine, I get this error:
Error starting domain: virDomainCreate() failed internal error Failed to add 
tap interface 'vnet%d' to bridge 'virbr0' : No such device


Version-Release number of selected component (if applicable):
libvirt-0.4.1-1.fc8

How reproducible:
Every time

Steps to Reproduce:
1.
2.
3.
  
Actual results:
No internet connection

Expected results:
Could connect to internet

Additional info:
Comment 1 Avi Alkalay 2008-03-12 12:57:10 UTC 
I am having similar problem.

I am using libvirt-0.4.0-4.fc8 and my guest machines are getting an IP address.
When I try to use the net on the guest, it can resolve names but a netstat on
the guest shows a SYN_SENT status on the Internet hosts I try to connect.

This means the guest is sending net packets but host is not
maskerading/forwarding them.

The guest IP address is 192.168.122.48.

The host IPTables look like this (I will attach an iptables-save output too):

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24    state
RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere            reject-with
icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with
icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


For me this is clearly a net filtering issue on the libvirt's automatic IPTABLES
configuration on the host, but my skills won't let me fix it.
Comment 2 Avi Alkalay 2008-03-12 12:58:26 UTC 
Created attachment 297755 [details]
The 'iptables-save' output on the host
Comment 3 Avi Alkalay 2008-03-12 13:32:56 UTC 
Now network works.

I had to shutdown virtual machines and issue a 'service libvirtd restart', and
restart the guest, of course.

For me this is still a bug because it is not working out of the box.
Comment 4 Espen Stefansen 2008-03-12 14:04:14 UTC 
Created attachment 297769 [details]
output of iptables-save

When I run iptables-save, it looks like all references to virbr0 have been
removed when I upgraded libvirt.
Comment 5 Bob T. 2008-03-29 21:25:48 UTC 
I can confirm this problem.  No amount of restarting/rebooting seems to help.
I've spent the day upgrading/downgrading various packages. It seems
libvirt--0.4.1-2 is the culprit.  I suggest upgrading severity to medium; this
is a show-stopper if the virtual machine needs to access the internet.
Comment 6 Daniel Berrangé 2008-04-04 16:07:34 UTC 
The fix is built into libvirt-0.4.1-3.fc8
Comment 7 Fedora Update System 2008-04-04 16:08:04 UTC 
libvirt-0.4.1-3.fc8 has been submitted as an update for Fedora 8
Comment 8 Bob T. 2008-04-08 11:58:01 UTC 
 > libvirt-0.4.1-3.fc8 has been submitted as an update for Fedora 8

Hasn't yet made it to testing, much less updates-released.
Comment 9 Fedora Update System 2008-04-09 05:14:15 UTC 
libvirt-0.4.1-3.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update libvirt'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-2915
Comment 10 Fedora Update System 2008-04-17 03:56:30 UTC 
libvirt-0.4.1-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.