I have a server running Debian 11. I installed Docker and have several containers running successfully. I also like the option of being able to spin up libvirt/qEMU VMs via Cockpit. (FWIW, I also have OpenVPN running on the host.)
I created a bridged interface with my NIC being a slave, and my VM is attached to the bridge. So my VM has a LAN IP address, which is pretty cool. The problem is that while both the host and the VM have internet access and can ping other hosts on the LAN, they cannot ping each other. This is a major problem for my VM because the host is running a Docker container running Pi-Hole. So... my VMs have no DNS resolution.
I've seen proposed solutions for other distros to allow communication between host and VMs, but they don't seem to work for Debian. Any idea what I have to tweak so they can talk to each other? I've seen something about hairpin mode for the bridge. Would that help? Do I need to mess with iptables???
How can I get my VMs and host machine to be able to talk to each other?
If you need more info, let me know. I'm happy to help you help me ;)
Would these links be of any help?
Here comes the glut of information.
Host machine /etc/network/interfaces:
iface enp0s31f6 inet manual
auto br0
iface br0 inet dhcp
hwaddress ether 1e:a9:0c:2b:af:1f
bridge_ports enp0s31f6
bridge_stp off
bridge_maxwait 0
bridge_fd 0
Host machine bridges:
root@debian-docker:~ # brctl show
bridge name bridge id STP enabled interfaces
br-2548e7b40528 8000.0242b56aa49f no vethfda324e
br-4ede077dc531 8000.0242046847bb no vethf0485de
br-5bdff21c2b32 8000.0242fc07aeaa no veth2ac2995
br-6f4149be1e74 8000.024281229383 no veth82e1cd3
veth99140c5
br0 8000.1ea90c2baf1f no enp0s31f6
docker0 8000.024216d8f677 no vethbe74753
Host machine networks:
root@debian-docker:~ # ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp0s31f6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
link/ether 18:60:24:4a:cf:12 brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 1e:a9:0c:2b:af:1f brd ff:ff:ff:ff:ff:ff
inet 192.168.11.130/24 brd 192.168.11.255 scope global dynamic br0
valid_lft 6361sec preferred_lft 6361sec
inet6 fe80::1ca9:cff:fe2b:af1f/64 scope link
valid_lft forever preferred_lft forever
4: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 500
link/none
inet 10.246.204.1/24 scope global tun0
valid_lft forever preferred_lft forever
inet6 fe80::36c7:6ae5:6f21:b894/64 scope link stable-privacy
valid_lft forever preferred_lft forever
5: docker0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:16:d8:f6:77 brd ff:ff:ff:ff:ff:ff
inet 172.17.0.1/16 brd 172.17.255.255 scope global docker0
valid_lft forever preferred_lft forever
inet6 fe80::42:16ff:fed8:f677/64 scope link
valid_lft forever preferred_lft forever
6: br-2548e7b40528: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:b5:6a:a4:9f brd ff:ff:ff:ff:ff:ff
inet 172.19.0.1/16 brd 172.19.255.255 scope global br-2548e7b40528
valid_lft forever preferred_lft forever
inet6 fe80::42:b5ff:fe6a:a49f/64 scope link
valid_lft forever preferred_lft forever
7: br-4ede077dc531: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:04:68:47:bb brd ff:ff:ff:ff:ff:ff
inet 172.21.0.1/16 brd 172.21.255.255 scope global br-4ede077dc531
valid_lft forever preferred_lft forever
inet6 fe80::42:4ff:fe68:47bb/64 scope link
valid_lft forever preferred_lft forever
8: br-5bdff21c2b32: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:fc:07:ae:aa brd ff:ff:ff:ff:ff:ff
inet 172.20.0.1/16 brd 172.20.255.255 scope global br-5bdff21c2b32
valid_lft forever preferred_lft forever
inet6 fe80::42:fcff:fe07:aeaa/64 scope link
valid_lft forever preferred_lft forever
9: br-6f4149be1e74: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default
link/ether 02:42:81:22:93:83 brd ff:ff:ff:ff:ff:ff
inet 172.18.0.1/16 brd 172.18.255.255 scope global br-6f4149be1e74
valid_lft forever preferred_lft forever
inet6 fe80::42:81ff:fe22:9383/64 scope link
valid_lft forever preferred_lft forever
11: vethbe74753@if10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master docker0 state UP group default
link/ether 5e:ee:7d:db:94:f5 brd ff:ff:ff:ff:ff:ff link-netnsid 0
inet6 fe80::5cee:7dff:fedb:94f5/64 scope link
valid_lft forever preferred_lft forever
13: vethfda324e@if12: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-2548e7b40528 state UP group default
link/ether ae:f1:47:82:9a:32 brd ff:ff:ff:ff:ff:ff link-netnsid 1
inet6 fe80::acf1:47ff:fe82:9a32/64 scope link
valid_lft forever preferred_lft forever
15: veth99140c5@if14: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-6f4149be1e74 state UP group default
link/ether d6:63:86:67:6c:62 brd ff:ff:ff:ff:ff:ff link-netnsid 2
inet6 fe80::d463:86ff:fe67:6c62/64 scope link
valid_lft forever preferred_lft forever
17: veth2ac2995@if16: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-5bdff21c2b32 state UP group default
link/ether 56:91:2d:80:dd:9f brd ff:ff:ff:ff:ff:ff link-netnsid 3
inet6 fe80::5491:2dff:fe80:dd9f/64 scope link
valid_lft forever preferred_lft forever
19: vethf0485de@if18: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-4ede077dc531 state UP group default
link/ether de:7c:6b:2a:03:96 brd ff:ff:ff:ff:ff:ff link-netnsid 5
inet6 fe80::dc7c:6bff:fe2a:396/64 scope link
valid_lft forever preferred_lft forever
21: veth82e1cd3@if20: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br-6f4149be1e74 state UP group default
link/ether 32:57:71:7e:a8:02 brd ff:ff:ff:ff:ff:ff link-netnsid 4
inet6 fe80::3057:71ff:fe7e:a802/64 scope link
valid_lft forever preferred_lft forever
22: macvtap0@br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 500
link/ether 52:54:00:fc:6a:58 brd ff:ff:ff:ff:ff:ff
inet6 fe80::5054:ff:fefc:6a58/64 scope link
valid_lft forever preferred_lft forever
Host pinging VM:
root@debian-docker:~ # ping 192.168.11.76
PING 192.168.11.76 (192.168.11.76) 56(84) bytes of data.
From 192.168.11.130 icmp_seq=1 Destination Host Unreachable
From 192.168.11.130 icmp_seq=2 Destination Host Unreachable
From 192.168.11.130 icmp_seq=3 Destination Host Unreachable
^C
--- 192.168.11.76 ping statistics ---
5 packets transmitted, 0 received, +3 errors, 100% packet loss, time 4083ms
pipe 4
Host pinging internet:
root@debian-docker:~ # ping 4.2.2.4
PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data.
64 bytes from 4.2.2.4: icmp_seq=1 ttl=55 time=20.0 ms
64 bytes from 4.2.2.4: icmp_seq=2 ttl=55 time=17.3 ms
64 bytes from 4.2.2.4: icmp_seq=3 ttl=55 time=16.3 ms
64 bytes from 4.2.2.4: icmp_seq=4 ttl=55 time=16.5 ms
^C
--- 4.2.2.4 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3002ms
rtt min/avg/max/mdev = 16.344/17.511/19.966/1.462 ms
root@debian-docker:~ #
Cockpit VM networks:
root@debian-vm:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 52:54:00:fc:6a:58 brd ff:ff:ff:ff:ff:ff
inet 192.168.11.76/24 brd 192.168.11.255 scope global dynamic enp1s0
valid_lft 6432sec preferred_lft 6432sec
inet6 fe80::5054:ff:fefc:6a58/64 scope link
valid_lft forever preferred_lft forever
VM pinging host machine:
root@debian-vm:~# ping 192.168.11.130
PING 192.168.11.130 (192.168.11.130) 56(84) bytes of data.
From 192.168.11.76 icmp_seq=1 Destination Host Unreachable
From 192.168.11.76 icmp_seq=2 Destination Host Unreachable
From 192.168.11.76 icmp_seq=3 Destination Host Unreachable
From 192.168.11.76 icmp_seq=4 Destination Host Unreachable
^C
--- 192.168.11.130 ping statistics ---
5 packets transmitted, 0 received, +4 errors, 100% packet loss, time 4041ms
pipe 3
VM pinging internet:
root@debian-vm:~# ping 4.2.2.4
PING 4.2.2.4 (4.2.2.4) 56(84) bytes of data.
64 bytes from 4.2.2.4: icmp_seq=1 ttl=55 time=19.2 ms
64 bytes from 4.2.2.4: icmp_seq=2 ttl=55 time=25.8 ms
64 bytes from 4.2.2.4: icmp_seq=3 ttl=55 time=17.6 ms
64 bytes from 4.2.2.4: icmp_seq=4 ttl=55 time=16.5 ms
^C
--- 4.2.2.4 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 16.468/19.784/25.829/3.623 ms
root@debian-vm:~#
