Re: IP Masquerade failing
On 10/31/24 07:17, Timothy M Butterworth wrote:
3: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
state DOWN
mode DEFAULT group default qlen 1000
link/ether 52:54:00:78:fb:ce brd ff:ff:ff:ff:ff:ff
4: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN
mode DEFAULT group default qlen 1000
link/ether 00:00:00:00:11:f1 brd ff:ff:ff:ff:ff:ff
Note "<NO-CARRIER," for eth0 and the bridge!
cat /proc/sys/net/ipv4/ip_forward
1
Why do you need to do it manually?
I would think that the front-end that you use would do that.
sudo firewall-cmd --zone=drop --query-masquerade
yes
ip addr
4: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN
group default qlen 1000
link/ether 00:00:00:00:11:f1 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.1/24 scope global eth0
valid_lft forever preferred_lft forever
[snip]
> ping -4I eth0 www.google.com
> PING www.google.com (64.233.180.105) from 192.168.1.1 eth0: 56(84) >
> > bytes of
> data.
> --- www.google.com ping statistics ---
> 16 packets transmitted, 0 received, 100% packet loss, time 15349ms
> pipe 4
>
As you can see here pinging google from eth0 fails. If masquerading was
working then ping would be successful.
Is your interface properly connected/configured?
You are using a virtual bridge, which might implies that the
masquerading by Libvirt
I am able to ping www.google.com from my virtual machine which is also
setup with ip masquerading.
How so?
Are you doing double masquerading?
Can ip masquerading work on two different interfaces at the same time?
Yes.
HTH.
--
John Doe
Reply to: