Re: dhcp bridge for virtual machines using KVM

On Tue, 22 Sep 2020 at 17:58, Fabien Roucaute <fabien.roucaute@free.fr> wrote:

Le 22/09/2020 à 18:50, James Allsopp a écrit :
>
> I've tried that but I get the same result.
> Thanks
> James
>

You need to answer to the mailing-list email address, not mine.
If it still doesn't work, we need more information, like the result of
the following commands (you should modify the public IP that appears in
if it's the case)
'ip a'
'iptables-save'
'brctl show'

Here's ip a

ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN group default qlen 1000
link/ether 00:1d:7d:0d:2a:9f brd ff:ff:ff:ff:ff:ff
3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 00:1d:7d:0d:2a:9d brd ff:ff:ff:ff:ff:ff
4: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether b4:ee:b4:84:37:2a brd ff:ff:ff:ff:ff:ff
inet 192.168.1.174/24 brd 192.168.1.255 scope global dynamic noprefixroute wlan0
valid_lft 27656sec preferred_lft 27656sec
inet6 fde6:4511:f54::a55/128 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fde6:4511:f54:0:f195:8361:215d:5f17/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::4bf0:ca57:25f0:ed7f/64 scope link noprefixroute
valid_lft forever preferred_lft forever
5: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 00:1d:7d:0d:2a:9d brd ff:ff:ff:ff:ff:ff
inet 192.168.1.206/24 brd 192.168.1.255 scope global dynamic br0
valid_lft 27655sec preferred_lft 27655sec
inet6 fde6:4511:f54:0:21d:7dff:fe0d:2a9d/64 scope global dynamic mngtmpaddr
valid_lft forever preferred_lft forever
inet6 fe80::21d:7dff:fe0d:2a9d/64 scope link
valid_lft forever preferred_lft forever
6: docker0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default
link/ether 02:42:12:5f:1a:5e brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
8: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
link/ether fe:54:00:8a:6e:57 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe8a:6e57/64 scope link
valid_lft forever preferred_lft forever

Here's iptables -L

iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy DROP)
target prot opt source destination
DOCKER-USER all -- anywhere anywhere
DOCKER-ISOLATION-STAGE-1 all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
DOCKER all -- anywhere anywhere
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain DOCKER (1 references)
target prot opt source destination

Chain DOCKER-ISOLATION-STAGE-1 (1 references)
target prot opt source destination
DOCKER-ISOLATION-STAGE-2 all -- anywhere anywhere
RETURN all -- anywhere anywhere

Chain DOCKER-ISOLATION-STAGE-2 (1 references)
target prot opt source destination
DROP all -- anywhere anywhere
RETURN all -- anywhere anywhere

Chain DOCKER-USER (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

and brctl show

bridge name bridge id STP enabled interfaces
br0 8000.001d7d0d2a9d no eth1
vnet0
docker0 8000.0242125f1a5e no

Thanks!

James