437033 – No network in virtual machines

Bug 437033 - No network in virtual machines

Summary: No network in virtual machines

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libvirt
Sub Component:
Version:	8
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Daniel Veillard
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2008-03-11 19:30 UTC by Espen Stefansen
Modified:	2008-04-17 03:56 UTC (History)
CC List:	3 users (show)
Fixed In Version:	0.4.1-3.fc8
Clone Of:
Environment:
Last Closed:	2008-04-17 03:56:33 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
The 'iptables-save' output on the host (1.01 KB, text/plain) 2008-03-12 12:58 UTC, Avi Alkalay	no flags	Details
output of iptables-save (2.40 KB, text/plain) 2008-03-12 14:04 UTC, Espen Stefansen	no flags	Details
View All

Description Espen Stefansen 2008-03-11 19:30:31 UTC

Description of problem:
My virtual machines get an IP, but can't connect to the internet since the last 
updates to libvirtd. And during boot I get an error when starting libvirtd, or 
if I restart it later. It seems to be a problem with the firewall-rules.

Starting libvirtd-service: Shutting down network 'default'iptables: No chain/
target/match by that name
iptables: Bad rule (does a matching rule exist in that chain?)
iptables: Bad rule (does a matching rule exist in that chain?)
iptables: Bad rule (does a matching rule exist in that chain?)
iptables: No chain/target/match by that name
iptables: No chain/target/match by that name
iptables: Bad rule (does a matching rule exist in that chain?)
iptables: Bad rule (does a matching rule exist in that chain?)
iptables: Bad rule (does a matching rule exist in that chain?)
iptables: Bad rule (does a matching rule exist in that chain?)
Failed to bring down bridge 'virbr0' : No such device
Failed to delete bridge 'virbr0' : No such device or address

And when I start a virtual machine, I get this error:
Error starting domain: virDomainCreate() failed internal error Failed to add 
tap interface 'vnet%d' to bridge 'virbr0' : No such device


Version-Release number of selected component (if applicable):
libvirt-0.4.1-1.fc8

How reproducible:
Every time

Steps to Reproduce:
1.
2.
3.
  
Actual results:
No internet connection

Expected results:
Could connect to internet

Additional info:

Comment 1 Avi Alkalay 2008-03-12 12:57:10 UTC

I am having similar problem.

I am using libvirt-0.4.0-4.fc8 and my guest machines are getting an IP address.
When I try to use the net on the guest, it can resolve names but a netstat on
the guest shows a SYN_SENT status on the Internet hosts I try to connect.

This means the guest is sending net packets but host is not
maskerading/forwarding them.

The guest IP address is 192.168.122.48.

The host IPTables look like this (I will attach an iptables-save output too):

# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination
ACCEPT     udp  --  anywhere             anywhere            udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere            udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere            tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination
ACCEPT     all  --  anywhere             192.168.122.0/24    state
RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere
ACCEPT     all  --  anywhere             anywhere
REJECT     all  --  anywhere             anywhere            reject-with
icmp-port-unreachable
REJECT     all  --  anywhere             anywhere            reject-with
icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination


For me this is clearly a net filtering issue on the libvirt's automatic IPTABLES
configuration on the host, but my skills won't let me fix it.

Comment 2 Avi Alkalay 2008-03-12 12:58:26 UTC

Created attachment 297755 [details]
The 'iptables-save' output on the host

Comment 3 Avi Alkalay 2008-03-12 13:32:56 UTC

Now network works.

I had to shutdown virtual machines and issue a 'service libvirtd restart', and
restart the guest, of course.

For me this is still a bug because it is not working out of the box.

Comment 4 Espen Stefansen 2008-03-12 14:04:14 UTC

Created attachment 297769 [details]
output of iptables-save

When I run iptables-save, it looks like all references to virbr0 have been
removed when I upgraded libvirt.

Comment 5 Bob T. 2008-03-29 21:25:48 UTC

I can confirm this problem.  No amount of restarting/rebooting seems to help.
I've spent the day upgrading/downgrading various packages. It seems
libvirt--0.4.1-2 is the culprit.  I suggest upgrading severity to medium; this
is a show-stopper if the virtual machine needs to access the internet.

Comment 6 Daniel Berrangé 2008-04-04 16:07:34 UTC

The fix is built into libvirt-0.4.1-3.fc8

Comment 7 Fedora Update System 2008-04-04 16:08:04 UTC

libvirt-0.4.1-3.fc8 has been submitted as an update for Fedora 8

Comment 8 Bob T. 2008-04-08 11:58:01 UTC

 > libvirt-0.4.1-3.fc8 has been submitted as an update for Fedora 8

Hasn't yet made it to testing, much less updates-released.

Comment 9 Fedora Update System 2008-04-09 05:14:15 UTC

libvirt-0.4.1-3.fc8 has been pushed to the Fedora 8 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update libvirt'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F8/FEDORA-2008-2915

Comment 10 Fedora Update System 2008-04-17 03:56:30 UTC

libvirt-0.4.1-3.fc8 has been pushed to the Fedora 8 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.