This article describes how to resolve the issue of an inaccessible virtual machine.
-
Check that the bridge is configured and the network interface is connected with the bridge.
brctl showbridge name bridge id STP enabled interfaces virbr0 8000.000000000000 yes vmbr0 8000.003048f17bf8 no eth0 vnet0 vnet1 vnet2 vnet3 vnet4
- Check the firewall on the parent server and on the virtual machine.
- Check anti-spoofing. Anti-spoofing is provided by libvirt, and the anti-spoofing rules are not added in iptables.
Execute the command virsh dumpxml <virtual machine name> to see the description of the virtual machine and the its filters.
<interface type='network'>
<mac address='52:54:00:3e:df:04'/>
<source network='DefaultBridge'/>
<target dev='vnet0'/>
<filterref filter='vm-isptest'>
<parameter name='IP' value='172.31.224.12'/>
<parameter name='IPV6' value='2a01:230::bef6:85ff:fed7:4062'/>
</filterref>
In our example, the filter vm-IPmanager5 is set.
All rules are described in xml and are located in /etc/libvirt/nwfilter/. Filters use macros that are defined in the corresponding xml file for every virtual machine. The Xmls that describe the virtual machine are located in the directory /etc/libvirt/qemu/.
View the list of all files:
virsh nwfilter-list
View the filter:
virsh nwfilter-dumpxml <filter name>
You can disable the anti-spooging option in Management → Virtual machines → Edit.
Learn more in http://libvirt.org/firewall.html
- Check the network settings on the virtual machine. Connect via vnc to the virtual machine and check that the IP, mask, and gateway are correct.
- Every virtual machine has its mac-address. That's why virtual machines won't be accessible in data-centers where port security is used.