systemd-networkd, bridge and containers: unable to ping host from guest

To: debian-user@lists.debian.org
Subject: systemd-networkd, bridge and containers: unable to ping host from guest
From: lanquil <lanquil@gmx.com>
Date: Thu, 11 Jul 2019 15:29:57 +0200
Message-id: <[🔎] 20190711132957.GA21313@beth>

Hello,

In my machine (4.19.0-5-amd64 #1 SMP Debian 4.19.37-5 (2019-06-19) x86_64 GNU/Linux) I've setup a bridge with systemd-networkd.

I've then setup a systemd-nspawn container and some virtual machines with qemu/virt-manager (Debian and Windows10 guest).

The problem I'm encountering is that in all guests (Debian and Windows, DHCP or static IP configurations) I'm never able to ping the host system. From the host I'm instead able to ping the guest.
In the guests everything else seems to work and I'm able to reach the internet as expected.

Can someone kindly give me some hint on how to solve this issue?

I really don't know if it's related to systemd-networkd, Debian, iptables...
I'm therefore posting here this question, but I'm open to suggestions for a more appropriate place to ask for assistance...

The configuration files are:

`/etc/systemd/network/br0.netdev`:
[NetDev]
Name=br0
Kind=bridge
MACAddress=08:60:6e:d6:4d:7b


`/etc/systemd/network/br0.network`:
[Match]
Name=en*

[Network]
Bridge=br0


`/etc/systemd/network/20-wired.network`:
[Match]
Name=br0

[Network]
DNS=172.17.0.10
DNS=172.17.0.20

[Address]
Address=172.17.1.48/16

[Route]
Gateway=172.17.0.1


`ip a` on the host:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether 08:60:6e:d6:4d:7b brd ff:ff:ff:ff:ff:ff
    inet6 fe80::a60:6eff:fed6:4d7b/64 scope link 
       valid_lft forever preferred_lft forever
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 08:60:6e:d6:4d:7b brd ff:ff:ff:ff:ff:ff
    inet 172.17.1.48/16 brd 172.17.255.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::a60:6eff:fed6:4d7b/64 scope link 
       valid_lft forever preferred_lft forever
6: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:9c:89:fa brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fe9c:89fa/64 scope link 
       valid_lft forever preferred_lft forever
7: vb-sidcontaine@if2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000
    link/ether da:a4:31:ec:1e:57 brd ff:ff:ff:ff:ff:ff link-netnsid 0
    inet6 fe80::d8a4:31ff:feec:1e57/64 scope link 
       valid_lft forever preferred_lft forever


`brctl show` on the host:
bridge name     bridge id               STP enabled     interfaces
br0             8000.08606ed64d7b       no              enp3s0
                                                        vb-sidcontaine
                                                        vnet0

with vb-sidcontainer = systemd-nspawn container
vnet0 = qemu VM

Peace,

-- 
                                        ~ Sandro ~

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Re: systemd-networkd, bridge and containers: unable to ping host from guest
  - From: john doe <johndoe65534@mail.com>
- Re: systemd-networkd, bridge and containers: unable to ping host from guest
  - From: Reco <recoverym4n@enotuniq.net>

Prev by Date: Re: "Invalid arch-independent ELF magic" in grub after SSD migration
Next by Date: Re: HTML mail
Previous by thread: Re: "Invalid arch-independent ELF magic" in grub after SSD migration
Next by thread: Re: systemd-networkd, bridge and containers: unable to ping host from guest
Index(es):
- Date
- Thread