Hide Forgot
16:32:42) laine: Oh, wait - ip_forward is 0. (16:32:59) laine: How did that happen? libvirtd sets it to 1 every time it's run. (16:33:26) laine: Try doing "sysctl -w net.ipv4.ip_forward=1", then retry the ping. (16:33:54) laine: Then set it on permanently in /etc/sysctl.conf (16:34:13) mcepl: yes (16:34:17) mcepl: works perfect! (16:34:18) mcepl: thanks (16:34:32) mcepl: OK, I will make a comment to the bug (16:34:37) laine: sure. It bothers me that something is turning it back off.
This discussion has taken place before: https://bugzilla.redhat.com/show_bug.cgi?id=612867 Basically, whenever libvirtd starts a network, it sets ip_forward to 1 in the kernel. Unlike with iptables rules, this setting is *not* reloaded if libvirtd is restarted. Other programs/services (e.g. NetworkManager) may call "sysctl -p" at some later time, potentially overwriting libvirtd's ip_forward=1 with ip_forward=0. See https://bugzilla.redhat.com/612867#c6 for a couple of suggestions that were rejected in discussion (in favor of inaction). I've just added a page to the upstream libvirt Troubleshooting wiki that details this problem: http://wiki.libvirt.org/page/Guest_can_reach_host%2C_but_can%27t_reach_outside_network
libvirt could write something to /run/sysctl.d for the device with ip_forward=1. This *should* handle all sysctl reloads until the next reboot.
This appears to be a non-issue in RHEL7. Default sysctl settings have been moved to /usr/lib/sysctl.d, they do not contain an "ip_forward = 0" setting, and anyway even if such a setting is added there, it isn't honored when "sysctl -p" is run. Additionally, restarting NetworkManager also doesn't set ip_forward back to 0. If someone were to manually add ip_forward=0 to /etc/sysctl.conf (which is deprecated, as far as I understand), running "sysctl -p" or restarting NetworkManager would set it back to 0. However, that would require the user making that modification, since /etc/sysctl.conf is now delivered as an empty file (except for some comments).