Applicable to:
- SolusVM
Question
Sometimes it is required to troubleshoot some networking issues in KVM like IP addresses from IP block not getting pinged while being added via SolusVM. How to troubleshoot such cases?
Answer
- Try tracerouting the IP address of the gateway via https://ping.eu/traceroute/ for example.
- Try adding gateway as an alias to the bridge interface:
# ifconfig br0:0 203.0.113.1 netmask 255.255.255.128 up
- Try adding any other IP from the subnet in a similar manner as in step 2.
- Check "iptables -L" and "arp -n" output for Potential issues.
- In case a Policy for the chain is set as Drop the traffic cannot be forwarded outside the Node. Example:
# iptables -L
...
Chain FORWARD (policy DROP)
target prot opt source destination
SOLUSVM_TRAFFIC_IN all -- anywhere anywhere
SOLUSVM_TRAFFIC_OUT all -- anywhere anywhere - Change the Policy to the Accept:
# iptables --policy FORWARD ACCEPT
- In case a Policy for the chain is set as Drop the traffic cannot be forwarded outside the Node. Example:
- If the bottom host node is VMWare (run lscpu on the slave server), check the settings of the KVM server from the VMWare and verify that the networking mode is correct.
- Try to enable bridged mode and Promiscuous Mode as a part of the troubleshooting steps
https://www.vmware.com/support/ws55/doc/ws_net_configurations_bridged.html
https://www.vmware.com/support/ws55/doc/ws_net_configurations_changing.html
https://isc.sans.edu/forums/diary/Running+Snort+on+VMWare+ESXi/15899/
https://kb.vmware.com/s/article/1004099
Also, you can clarify the proper settings for networking on nested virtualization guests with VMWare Support.
Comments
Please sign in to leave a comment.