Description of problem: When I try to create a new virtual machine and it needs to have a network connection configured, then virt-manager fails to create the VM because the network connection does not seem to be up and running. When it tries to activate the default network, it shows an error saying: Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/host.py", line 262, in start_network net.start() File "/usr/share/virt-manager/virtManager/network.py", line 92, in start self.net.create() File "/usr/lib64/python2.4/site-packages/libvirt.py", line 612, in create if ret == -1: raise libvirtError ('virNetworkCreate() failed', net=self) libvirtError: failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument I have tried to create a bridge named virbr0 manually, but then it fails saying 'virbr0' is already present on the system. I don't know why exactly it fails to create the bridge in the first place. libvirtd is configured under /etc/init.d and starts on boot. I don't know however why the networking side does not work and why the bridge does not seem to be created. Version-Release number of selected component (if applicable): virt-manager 0.6.1 How reproducible: This happens every time I try to create a VM with virt-manager. This is a fresh RHEL 5.5 installation, and it has never worked. Steps to Reproduce: 1. try create VM with virt-manager 2. configure networking of VM as 'virtual networking' and attach to default network 3. try starting up default network Actual results: virt-manager shows error saying Traceback (most recent call last): File "/usr/share/virt-manager/virtManager/host.py", line 262, in start_network net.start() File "/usr/share/virt-manager/virtManager/network.py", line 92, in start self.net.create() File "/usr/lib64/python2.4/site-packages/libvirt.py", line 612, in create if ret == -1: raise libvirtError ('virNetworkCreate() failed', net=self) libvirtError: failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument Expected results: virt-manager should start up virtual networking and new VM. Additional info:
Can you reproduce the issue by running the following command as root: virsh net-start default Then provide the output of cat /var/log/messages | grep libvirt
> libvirtError: failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument This error message usually means that the kernel has been unable to load the iptables modules for NAT. While I'd expect this if someone had done a custom kernel build & turned off lots of config options, this should never happen with a RHEL kernel.
(In reply to comment #2) > > libvirtError: failed to add iptables rule to allow forwarding to 'virbr0': > Invalid argument > This error message usually means that the kernel has been unable to load the > iptables modules for NAT. While I'd expect this if someone had done a custom > kernel build & turned off lots of config options, this should never happen with > a RHEL kernel. I have to check this on the system tomorrow to be 100% sure, but if I remember correctly then the iptables parts works (I also run firewalling every now and then, so I know iptables works on the kernel side), but the problem I thought was that it says 'invalid argument' because 'virbr0' does not exist on the system when it tries to insert the rules? There definitely is no 'virbr0' on my system created ever for some reason. I do run a vanilla RHEL 5.5 kernel, I have not built a customized kernel for this system.
(In reply to comment #1) > Can you reproduce the issue by running the following command as root: > virsh net-start default > Then provide the output of cat /var/log/messages | grep libvirt [root@dhcp-172-129 af]# virsh net-start default error: Failed to start network default error: failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument [root@dhcp-172-129 af]# brctl show bridge name bridge id STP enabled interfaces [root@dhcp-172-129 af]# iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination Chain FORWARD (policy ACCEPT) target prot opt source destination Chain OUTPUT (policy ACCEPT) target prot opt source destination [root@dhcp-172-129 af]# cat /var/log/messages | grep libvirt Jun 1 10:03:57 dhcp-172-129 libvirtd: 10:03:57.129: error : internal error '/sbin/iptables --table filter --insert FORWARD --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump ACCEPT' exited with non-zero status 1 and signal 0: iptables: Unknown error 18446744073709551615 Jun 1 10:03:57 dhcp-172-129 libvirtd: 10:03:57.129: error : failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument Jun 1 10:13:31 dhcp-172-129 libvirtd: 10:13:31.652: error : Domain not found: no domain with matching name 'd' Jun 1 10:13:32 dhcp-172-129 libvirtd: 10:13:32.432: error : Domain not found: no domain with matching name 'd' Jun 1 10:13:41 dhcp-172-129 libvirtd: 10:13:41.088: error : invalid storage volume pointer in no storage vol with matching path Jun 1 10:13:41 dhcp-172-129 libvirtd: 10:13:41.090: error : invalid storage volume pointer in no storage vol with matching path Jun 1 10:13:41 dhcp-172-129 libvirtd: 10:13:41.091: error : invalid storage pool pointer in no storage vol with matching name Jun 1 18:06:16 dhcp-172-129 libvirtd: 18:06:16.587: warning : Shutting down on signal 15 Jun 3 07:30:42 dhcp-172-129 libvirtd: 07:30:42.172: error : internal error '/sbin/iptables --table filter --insert FORWARD --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump ACCEPT' exited with non-zero status 1 and signal 0: iptables: Unknown error 18446744073709551615 Jun 3 07:30:42 dhcp-172-129 libvirtd: 07:30:42.172: error : failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument Jun 3 07:30:49 dhcp-172-129 libvirtd: 07:30:49.047: error : internal error '/sbin/iptables --table filter --insert FORWARD --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump ACCEPT' exited with non-zero status 1 and signal 0: iptables: Unknown error 18446744073709551615 Jun 3 07:30:49 dhcp-172-129 libvirtd: 07:30:49.047: error : failed to add iptables rule to allow forwarding to 'virbr0': Invalid argument [root@dhcp-172-129 af]#
Does running that iptables command by hand as root also error with 'iptables: Unknown error 18446744073709551615'? /sbin/iptables --table filter --insert FORWARD --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump ACCEPT
(In reply to comment #5) > Does running that iptables command by hand as root also error with 'iptables: > Unknown error 18446744073709551615'? > /sbin/iptables --table filter --insert FORWARD --destination > 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state > ESTABLISHED,RELATED --jump ACCEPT Yes. [root@dhcp-172-129 vnet2]# /sbin/iptables --table filter --insert FORWARD --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state ESTABLISHED,RELATED --jump ACCEPT iptables: Unknown error 18446744073709551615 [root@dhcp-172-129 vnet2]#
Thanks, reassigning to iptables.
(In reply to comment #6) > (In reply to comment #5) > > Does running that iptables command by hand as root also error with 'iptables: > > Unknown error 18446744073709551615'? > > /sbin/iptables --table filter --insert FORWARD --destination > > 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state --state > > ESTABLISHED,RELATED --jump ACCEPT > > Yes. > > [root@dhcp-172-129 vnet2]# /sbin/iptables --table filter --insert FORWARD > --destination 192.168.122.0/255.255.255.0 --out-interface virbr0 --match state > --state ESTABLISHED,RELATED --jump ACCEPT > iptables: Unknown error 18446744073709551615 > [root@dhcp-172-129 vnet2]# do you have dnsmasq set to run on boot? if so disable it (chkconfig dnsmasq off) and let libvirt call it instead.
also, forgot to mention -- to get it working sans reboot try killing dnsmasq then restart libvirt or rerun the net-start command.
Is there a related error message in /var/log/messages or dmesg output?
This bug/component is not included in scope for RHEL-5.11.0 which is the last RHEL5 minor release. This Bugzilla will soon be CLOSED as WONTFIX (at the end of RHEL5.11 development phase (Apr 22, 2014)). Please contact your account manager or support representative in case you need to escalate this bug.
Thank you for submitting this request for inclusion in Red Hat Enterprise Linux 5. We've carefully evaluated the request, but are unable to include it in RHEL5 stream. If the issue is critical for your business, please provide additional business justification through the appropriate support channels (https://access.redhat.com/site/support).
The needinfo request[s] on this closed bug have been removed as they have been unresolved for 1000 days