Description of problem: I am trying to configured a NetworkManager bridge such that VM guests will appear as peers of the VM host on my network. The NetworkManager configuration is correct. All machines can ping each other but ssh and nslookups do not work. I can set the net.bridge.bridge-nf parameters as specified in /usr/lib/sysctl.d/00-system.conf using "sysctl --system" to resolve the problem, but the solution does not persist across a boot. The problem appears to be specific to NetworkManager.service as it did not occur when I was using network.service as carried over from before the fedup to Fedora 20. I have seen sugestions that this is a timing problem between when bridges are created and when the kernel parameters as set. Could you help us with a work-around while you work on the underlying cause? Version-Release number of selected component (if applicable): Installed Packages systemd.x86_64 208-16.fc20 @local-updates
I forgot to mention that even on a machine without a bridge, ie. a new build with only em1 configured the problem exists.
Immediatelly after booting: [dean@host ~]$ sudo sysctl --all | grep net.bridge net.bridge.bridge-nf-call-arptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-filter-pppoe-tagged = 0 net.bridge.bridge-nf-filter-vlan-tagged = 0 net.bridge.bridge-nf-pass-vlan-input-dev = 0 [dean@host ~]$ sudo sysctl --system * Applying /usr/lib/sysctl.d/00-system.conf ... net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-call-arptables = 0 * Applying /usr/lib/sysctl.d/50-default.conf ... kernel.sysrq = 16 kernel.core_uses_pid = 1 net.ipv4.conf.default.rp_filter = 1 net.ipv4.conf.default.accept_source_route = 0 fs.protected_hardlinks = 1 fs.protected_symlinks = 1 * Applying /etc/sysctl.d/99-sysctl.conf ... * Applying /usr/lib/sysctl.d/libvirtd.conf ... fs.aio-max-nr = 1048576 * Applying /etc/sysctl.conf ... [dean@host ~]$ sudo sysctl --all | grep net.bridge net.bridge.bridge-nf-call-arptables = 0 net.bridge.bridge-nf-call-ip6tables = 0 net.bridge.bridge-nf-call-iptables = 0 net.bridge.bridge-nf-filter-pppoe-tagged = 0 net.bridge.bridge-nf-filter-vlan-tagged = 0 net.bridge.bridge-nf-pass-vlan-input-dev = 0 [dean@host ~]$
As a quick and dirty solution, you might want to add a snippet with [Service] ExecStartPost=/usr/lib/systemd/systemd-sysctl --prefix=net.bridge to NetworkManager.service.
Alternatively, you might add 'bridge' to /etc/modules-load.d/bridge.conf, to make sure the module is loaded early at boot. Yes, this is mostly likely a timing issue.
(In reply to Zbigniew Jędrzejewski-Szmek from comment #3) > As a quick and dirty solution, you might want to add a snippet with > > [Service] > ExecStartPost=/usr/lib/systemd/systemd-sysctl --prefix=net.bridge > > to NetworkManager.service. [dean@host ~]$ cat /etc/systemd/system/NetworkManager.service [Unit] Description=Network Manager Wants=network.target Before=network.target network.service [Service] Type=dbus BusName=org.freedesktop.NetworkManager ExecStart=/usr/sbin/NetworkManager --no-daemon ExecStartPost=/usr/lib/systemd/systemd-sysctl --prefix=net.bridge # NM doesn't want systemd to kill its children for it KillMode=process [Install] WantedBy=multi-user.target Alias=dbus-org.freedesktop.NetworkManager.service Also=NetworkManager-dispatcher.service [dean@host ~]$ sudo restorecon -v /etc/systemd/system/NetworkManager.service restorecon reset /etc/systemd/system/NetworkManager.service context unconfined_u:object_r:systemd_unit_file_t:s0->unconfined_u:object_r:NetworkManager_unit_file_t:s0 [dean@host ~]$ sudo systemctl stop NetworkManager.service [dean@host ~]$ sudo systemctl disable NetworkManager.service rm '/etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service' rm '/etc/systemd/system/dbus-org.freedesktop.NetworkManager.service' rm '/etc/systemd/system/multi-user.target.wants/NetworkManager.service' [dean@host ~]$ sudo systemctl enable NetworkManager.service ln -s '/etc/systemd/system/NetworkManager.service' '/etc/systemd/system/dbus-org.freedesktop.NetworkManager.service' ln -s '/etc/systemd/system/NetworkManager.service' '/etc/systemd/system/multi-user.target.wants/NetworkManager.service' ln -s '/usr/lib/systemd/system/NetworkManager-dispatcher.service' '/etc/systemd/system/dbus-org.freedesktop.nm-dispatcher.service' [dean@host ~]$ sudo systemctl start NetworkManager.service [dean@host ~]$ sudo sysctl --all | grep net.bridge net.bridge.bridge-nf-call-arptables = 1 net.bridge.bridge-nf-call-ip6tables = 1 net.bridge.bridge-nf-call-iptables = 1 net.bridge.bridge-nf-filter-pppoe-tagged = 0 net.bridge.bridge-nf-filter-vlan-tagged = 0 net.bridge.bridge-nf-pass-vlan-input-dev = 0 [dean@host ~]$
(In reply to Zbigniew Jędrzejewski-Szmek from comment #4) > Alternatively, you might add 'bridge' to /etc/modules-load.d/bridge.conf, to > make sure the module is loaded early at boot. > > Yes, this is mostly likely a timing issue. [dean@host ~]$ sudo ls -l /etc/modules-load.d total 0 [dean@host ~]$
Googling "/etc/modules-load.d/bridge.conf" found #1022977. The work-around found in comment #2 works. So thank you for giving me enough information to find a work-around. It also says this problem has been known for more than a few years. Do you have any idea when it might get resolved?
(In reply to Dean Hunter from comment #7) > It also says this problem has been known for more than a few years. Do you > have any idea when it might get resolved? No idea. It seems that special support for the bridge sysctl settings might have to be added in systemd, like there is support for network interface settings. *** This bug has been marked as a duplicate of bug 1022977 ***