Bug 598380 - iptables: Unknown error 18446744073709551615 [NEEDINFO]
iptables: Unknown error 18446744073709551615
Status: CLOSED WONTFIX
Product: Red Hat Enterprise Linux 5
Classification: Red Hat
Component: iptables (Show other bugs)
5.5
x86_64 Linux
low Severity medium
: rc
: ---
Assigned To: Thomas Woerner
qe-baseos-daemons
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2010-06-01 05:15 EDT by anna.fischer
Modified: 2014-06-02 09:22 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-06-02 09:22:18 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---
twoerner: needinfo? (anna.fischer)
pm-rhel: needinfo? (anna.fischer)


Attachments (Terms of Use)

  None (edit)
Description anna.fischer 2010-06-01 05:15:45 EDT
Description of problem:
When I try to create a new virtual machine and it needs to have a network connection configured, then virt-manager fails to create the VM because the network connection does not seem to be up and running. When it tries to activate the default network, it shows an error saying:

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/host.py", line 262, in start_network
    net.start()
  File "/usr/share/virt-manager/virtManager/network.py", line 92, in start
    self.net.create()
  File "/usr/lib64/python2.4/site-packages/libvirt.py", line 612, in create
    if ret == -1: raise libvirtError ('virNetworkCreate() failed', net=self)
libvirtError: failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument

I have tried to create a bridge named virbr0 manually, but then it fails saying 'virbr0' is already present on the system. I don't know why exactly it fails to create the bridge in the first place. libvirtd is configured under /etc/init.d and starts on boot. I don't know however why the networking side does not work and why the bridge does not seem to be created.

Version-Release number of selected component (if applicable):
virt-manager 0.6.1

How reproducible:
This happens every time I try to create a VM with virt-manager. This is a fresh RHEL 5.5 installation, and it has never worked.

Steps to Reproduce:
1. try create VM with virt-manager
2. configure networking of VM as 'virtual networking' and attach to default network
3. try starting up default network
  
Actual results:

virt-manager shows error saying

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/host.py", line 262, in start_network
    net.start()
  File "/usr/share/virt-manager/virtManager/network.py", line 92, in start
    self.net.create()
  File "/usr/lib64/python2.4/site-packages/libvirt.py", line 612, in create
    if ret == -1: raise libvirtError ('virNetworkCreate() failed', net=self)
libvirtError: failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument


Expected results:

virt-manager should start up virtual networking and new VM.

Additional info:
Comment 1 Cole Robinson 2010-06-01 13:10:27 EDT
Can you reproduce the issue by running the following command as root:

virsh net-start default

Then provide the output of cat /var/log/messages | grep libvirt
Comment 2 Daniel Berrange 2010-06-02 06:27:14 EDT
> libvirtError: failed to add iptables rule to allow forwarding to 'virbr0':
Invalid argument

This error message usually means that the kernel has been unable to load the iptables modules for NAT. While I'd expect this if someone had done a custom kernel build & turned off lots of config options, this should never happen with a RHEL kernel.
Comment 3 anna.fischer 2010-06-02 09:07:34 EDT
(In reply to comment #2)
> > libvirtError: failed to add iptables rule to allow forwarding to 'virbr0':
> Invalid argument
> This error message usually means that the kernel has been unable to load the
> iptables modules for NAT. While I'd expect this if someone had done a custom
> kernel build & turned off lots of config options, this should never happen with
> a RHEL kernel.    

I have to check this on the system tomorrow to be 100% sure, but if I remember correctly then the iptables parts works (I also run firewalling every now and then, so I know iptables works on the kernel side), but the problem I thought was that it says 'invalid argument' because 'virbr0' does not exist on the system when it tries to insert the rules? There definitely is no 'virbr0' on my system created ever for some reason.

I do run a vanilla RHEL 5.5 kernel, I have not built a customized kernel for this system.
Comment 4 anna.fischer 2010-06-03 02:33:53 EDT
(In reply to comment #1)
> Can you reproduce the issue by running the following command as root:
> virsh net-start default
> Then provide the output of cat /var/log/messages | grep libvirt    

[root@dhcp-172-129 af]# virsh net-start default
error: Failed to start network default
error: failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument

[root@dhcp-172-129 af]# brctl show
bridge name     bridge id               STP enabled     interfaces
[root@dhcp-172-129 af]# iptables -L
Chain INPUT (policy ACCEPT)
target     prot opt source               destination

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
[root@dhcp-172-129 af]# cat /var/log/messages | grep libvirt
Jun  1 10:03:57 dhcp-172-129 libvirtd: 10:03:57.129: error : internal error '/sbin/iptables --table filter --insert FORWARD --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump ACCEPT' exited with non-zero status 1 and signal 0: iptables: Unknown error 18446744073709551615
Jun  1 10:03:57 dhcp-172-129 libvirtd: 10:03:57.129: error : failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument
Jun  1 10:13:31 dhcp-172-129 libvirtd: 10:13:31.652: error : Domain not found: no domain with matching name 'd'
Jun  1 10:13:32 dhcp-172-129 libvirtd: 10:13:32.432: error : Domain not found: no domain with matching name 'd'
Jun  1 10:13:41 dhcp-172-129 libvirtd: 10:13:41.088: error : invalid storage volume pointer in no storage vol with matching path
Jun  1 10:13:41 dhcp-172-129 libvirtd: 10:13:41.090: error : invalid storage volume pointer in no storage vol with matching path
Jun  1 10:13:41 dhcp-172-129 libvirtd: 10:13:41.091: error : invalid storage pool pointer in no storage vol with matching name
Jun  1 18:06:16 dhcp-172-129 libvirtd: 18:06:16.587: warning : Shutting down on signal 15
Jun  3 07:30:42 dhcp-172-129 libvirtd: 07:30:42.172: error : internal error '/sbin/iptables --table filter --insert FORWARD --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump ACCEPT' exited with non-zero status 1 and signal 0: iptables: Unknown error 18446744073709551615
Jun  3 07:30:42 dhcp-172-129 libvirtd: 07:30:42.172: error : failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument
Jun  3 07:30:49 dhcp-172-129 libvirtd: 07:30:49.047: error : internal error '/sbin/iptables --table filter --insert FORWARD --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump ACCEPT' exited with non-zero status 1 and signal 0: iptables: Unknown error 18446744073709551615
Jun  3 07:30:49 dhcp-172-129 libvirtd: 07:30:49.047: error : failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument
[root@dhcp-172-129 af]#
Comment 5 Cole Robinson 2010-06-03 09:46:46 EDT
Does running that iptables command by hand as root also error with 'iptables: Unknown error 18446744073709551615'?

/sbin/iptables --table filter --insert FORWARD --destination
192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state
ESTABLISHED,RELATED --jump ACCEPT
Comment 6 anna.fischer 2010-06-03 09:53:42 EDT
(In reply to comment #5)
> Does running that iptables command by hand as root also error with 'iptables:
> Unknown error 18446744073709551615'?
> /sbin/iptables --table filter --insert FORWARD --destination
> 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state
> ESTABLISHED,RELATED --jump ACCEPT    

Yes.

[root@dhcp-172-129 vnet2]# /sbin/iptables --table filter --insert FORWARD --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
iptables: Unknown error 18446744073709551615
[root@dhcp-172-129 vnet2]#
Comment 7 Cole Robinson 2010-06-03 10:10:48 EDT
Thanks, reassigning to iptables.
Comment 8 John Priddy 2010-11-21 19:33:53 EST
(In reply to comment #6)
> (In reply to comment #5)
> > Does running that iptables command by hand as root also error with 'iptables:
> > Unknown error 18446744073709551615'?
> > /sbin/iptables --table filter --insert FORWARD --destination
> > 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state
> > ESTABLISHED,RELATED --jump ACCEPT    
> 
> Yes.
> 
> [root@dhcp-172-129 vnet2]# /sbin/iptables --table filter --insert FORWARD
> --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state
> --state ESTABLISHED,RELATED --jump ACCEPT
> iptables: Unknown error 18446744073709551615
> [root@dhcp-172-129 vnet2]#

do you have dnsmasq set to run on boot?  if so disable it (chkconfig dnsmasq off) and let libvirt call it instead.
Comment 9 John Priddy 2010-11-21 19:35:45 EST
also, forgot to mention -- to get it working sans reboot try killing dnsmasq then restart libvirt or rerun the net-start command.
Comment 10 Thomas Woerner 2010-11-22 05:57:03 EST
Is there a related error message in /var/log/messages or dmesg output?
Comment 11 RHEL Product and Program Management 2014-03-07 08:54:18 EST
This bug/component is not included in scope for RHEL-5.11.0 which is the last RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX (at the end of RHEL5.11 development phase (Apr 22, 2014)). Please contact your account manager or support representative in case you need to escalate this bug.
Comment 12 RHEL Product and Program Management 2014-06-02 09:22:18 EDT
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).

Note You need to log in before you can comment on or make changes to this bug.