Join Log in
Score:0
Jags avatar Ubuntu

QEMU with KVM: Can not ping or SSH between host and guest machines

kp flag
Jags

Edit: Since macvtap is not working for communication between host and guest, I tried to used a bridge, but then there's no internet on the host and ping or ssh still doesn't work.

This is how I've created a bridge:

nmcli connection add type bridge ifname br0

Output:
Connection 'bridge-br0' (bf1406b0-4ea8-4338-9edc-0f58fd019bec) successfully added.


nmcli con add type ethernet con-name br-slave-1 ifname enp0s25 master br0

nmcli con add type ethernet con-name br-slave-1 ifname enp0s25 master br0

nmcli con modify bridge-br0 bridge.stp no

nmcli connection add type ethernet ifname  bridge-br0  ipv4.method auto

Output:
Connection 'ethernet-bridge-br0' (6c2c5495-6e43-4cd5-a574-014042987781) successfully added.


After reboot:

nmcli con show

NAME                       UUID                                  TYPE      DEVICE  
bridge-br0                 bf1406b0-4ea8-4338-9edc-0f58fd019bec  bridge    br0     
br-slave-1                 a998c09f-5f46-4586-b654-cdfa6a21dca5  ethernet  enp0s25 
ethernet-bridge-br0        6c2c5495-6e43-4cd5-a574-014042987781  ethernet  --      
Wired connection 1         8559f62b-0cb9-3935-ba65-b6d57c0043c8  ethernet  --

Now if I disconnect br-slave-1:

nmcli con down br-slave-1

I get the internet back on the host but then there's no internet on guest and ping still wouldn't work:

So is there a way to use ssh between host and guest while using qemu with kvm, using nmcli or NetworkManager GUI? Many thanks.

Note: As I need to use few different wireless networks on and off, I like to stay away from netplan or network interfaces, hence I'm trying to setup bridge either using nmcli or NetworkManager GUI.

Original post:

I'm trying to SSH into a guest from the host. Both host and guest machines are Ubuntu MATE 21.04.

Internet works just fine both from host and guest machines.

IP addresses:

(1) Router: Asus RT AC68U > 192.168.1.1
(2) Host: Ubuntu MATE 21.04 > 192.168.1.106
(3) Guest: Ubuntu MATE 21.04 > 192.168.1.139

Firewall have been disabled/stopped on all three:

(1) Router: Asus RT AC68U > SPI Firewall > Disabled
(2) Host: Ubuntu MATE 21.04 > sudo systemctl stop nftables
(3) Guest: Ubuntu MATE 21.04 > sudo systemctl stop nftables

When I try to ssh-copy-id, I get this error: No route to host

ssh-copy-id [email protected]
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed

/usr/bin/ssh-copy-id: ERROR: ssh: connect to host 192.168.1.139 port 22: No route to host

So I tried to ping (does not work either way; "host to guest" or "guest to host"):

ping 192.168.1.139

PING 192.168.1.139 (192.168.1.139) 56(84) bytes of data.
From 192.168.1.106 icmp_seq=1 Destination Host Unreachable
From 192.168.1.106 icmp_seq=2 Destination Host Unreachable

However ping does work from either "host to router" or "guest to router":

ping from host to router:

ping 192.168.1.1

PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.400 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.339 ms

ping from guest to router:

ping 192.168.1.1

PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.651 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.625 ms

Host and guest machines are connected through a network bridge br0, which I've created using Netwrok Manager GUI. Bridge br0 have two "bridged connections", br0 slave 1 and br0 slave 2.

Enable STP (spanning Tree Protocol is "unchecked". Though it did not make any difference even I "checked" it.

Additional details which I think would be helpful:

sudo nano /etc/libvirt/qemu/networks/host-bridge.xml

<network>
  <name>host-bridge</name>
  <uuid>0ae7be62-9f9e-4346-9309-88985dd0f5ad</uuid>
  <forward mode='bridge'/>
  <bridge name='br0'/>
</network>


virsh net-list --all

 Name          State    Autostart   Persistent
---------------------------------------------
 host-bridge   active   yes         yes

Results of ip a and ip r on the host machine:

ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether e0:69:95:4d:7c:9c brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.106/24 brd 192.168.1.255 scope global dynamic noprefixroute enp0s25
       valid_lft 599784sec preferred_lft 599784sec
    inet 192.168.1.104/24 brd 192.168.1.255 scope global secondary noprefixroute enp0s25
       valid_lft forever preferred_lft forever
3: wlxd0374547816a: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether d0:37:45:47:81:6a brd ff:ff:ff:ff:ff:ff
4: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 96:d5:ab:3c:a7:e8 brd ff:ff:ff:ff:ff:ff
7: macvtap2@enp0s25: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 500
    link/ether 52:54:00:1f:6a:cd brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.140/24 brd 192.168.1.255 scope global noprefixroute macvtap2
       valid_lft forever preferred_lft forever

ip r       

default via 192.168.1.1 dev enp0s25 proto dhcp src 192.168.1.104 metric 202 
default via 192.168.1.1 dev macvtap2 proto dhcp src 192.168.1.140 metric 207 
169.254.0.0/16 dev macvtap2 scope link metric 1000 
192.168.1.0/24 dev enp0s25 proto dhcp scope link src 192.168.1.104 metric 202 
192.168.1.0/24 dev macvtap2 proto dhcp scope link src 192.168.1.140 metric 207

Results of ip a and ip r on the guest machine:

ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp2s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:1f:6a:cd brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.139/24 brd 192.168.1.255 scope global dynamic noprefixroute enp2s0
       valid_lft 603989sec preferred_lft 603989sec
    inet6 fe80::d316:3db7:9af5:8d0c/64 scope link noprefixroute 
       valid_lft forever preferred_lft forever

ip r

default via 192.168.1.1 dev enp2s0 proto dhcp metric 100 
169.254.0.0/16 dev enp2s0 scope link metric 1000 
192.168.1.0/24 dev enp2s0 proto kernel scope link src 192.168.1.139 metric 100

NIC details (from Virtual machine manager) of the guest machine:

Virtual Network Interface:

Network source: Macvtap device
Device name: enp0s25
Device model: virtio

XML:
<interface type="direct">
  <mac address="52:54:00:1f:6a:cd"/>
  <source dev="enp0s25" mode="bridge"/>
  <target dev="macvtap2"/>
  <model type="virtio"/>
  <alias name="net0"/>
  <address type="pci" domain="0x0000" bus="0x02" slot="0x00" function="0x0"/>
</interface>

OS: Ubuntu MATE 21.04

qemu: 1:5.2+dfsg-9ubuntu3

bridge-utils: 1.6-5ubuntu1

virt-manager: 1:3.2.0-3

libvirt-daemon: 7.0.0-2ubuntu2

Thanks alot in advance.

Edit-1:

brctl show br0

bridge name bridge id       STP enabled interfaces
br0     8000.96d5ab3ca7e8   no
1012
1 + 9
ssh
kvm
user535733 avatar
cn flag
user535733
Seems identical to https://superuser.com/questions/349253/guest-and-host-cannot-see-each-other-using-linux-kvm-and-macvtap.
0
Reply
Doug Smythies avatar
gn flag
Doug Smythies
what do you get for `brctl show br0`. `enp0s25` does seem to be associated with `br0`, and I would have expected br0 to have the ip address, not enp0s25. Your Macvtap device seems independent, delete it.
0
Reply
Jags avatar
kp flag
Jags
@doug-smythies just added the info. Also, is deleting `Macvtap` a must... 'coz I'm not sure but is it possible it may be needed for another virtual machine? Thanks.
0
Reply
Jags avatar
kp flag
Jags
@user535733 I'm going through the thread you've linked but it's 10-year old long thread, and so far, at a quick glance, I haven't been work out a solution that applies in my case. Thanks.
0
Reply
Doug Smythies avatar
gn flag
Doug Smythies
All I can say is that I don't use Macvtap and I run lots of virtual machines at the same time. I would have expected your `enp0s25` interface to be connected to `br0' but it isn't.
0
Reply
user535733 avatar
cn flag
user535733
From the superuser thread: "*macvtap does not work for host to guest network communications*" That's the problem you have. All those answers are workarounds to that limitation of macvlan/macvtap. If you want to connect host and guest, one simple and easy-to-maintain solution is to take the up-front time to set up *real* bridging.
0
Reply
Jags avatar
kp flag
Jags
@user535733 when I originally setup qemu/kvm, bridge networking was not working, hence I used `macvtap`. I think I have bridge configured properly but no matter what priority I changed, `NetworkManager` reconnects between `Wired connection 1` and `enp0s25`. Even when I tried this from terminal `nmcli connection up <br0 UUID>` and `nmcli connection up <bridge-slave-enp0s25 UUID`, it reconnects to `Wired connection 1` or `enp0s25`.
0
Reply
Jags avatar
kp flag
Jags
@user535733 accepted answer on the thread you've linked, have no details at all. There was link to another page that have detailed solution, but it's not working, and that's also mentioned by other on that thread. Link to that article: `https://wiki.libvirt.org/page/Guest_can_reach_outside_network%2C_but_can%27t_reach_host_%28macvtap%29` Thanks again.
0
Reply
Doug Smythies avatar
gn flag
Doug Smythies
show us your netplan interface file. Mine is called `/etc/netplan/01-netcfg.yaml`. Note: I do not use `NetworkManager`, so maybe things are different for it.
0
Reply
Score:0
Doug Smythies avatar Ubuntu
gn flag
Doug Smythies

I would have expected your VM's to use your bridge, br0 for the communication method desired. I am running 3 VM's and get:

doug@s19:~$ brctl show br0
bridge name     bridge id               STP enabled     interfaces
br0             8000.3c7c3f0d9983       no              enp3s0
                                                        vnet0
                                                        vnet1
                                                        vnet2

And on the host:

doug@s19:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
    link/ether 3c:7c:3f:0d:99:83 brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 3c:7c:3f:0d:99:83 brd ff:ff:ff:ff:ff:ff
    inet 192.168.111.136/24 brd 192.168.111.255 scope global dynamic br0
       valid_lft 45219sec preferred_lft 45219sec
4: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:22:2f:dc brd ff:ff:ff:ff:ff:ff
5: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:60:ea:3e brd ff:ff:ff:ff:ff:ff
6: vnet2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel master br0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:60:ea:5e brd ff:ff:ff:ff:ff:ff

with my netplan network file, /etc/netplan/01-netcfg.yaml:

# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    enp3s0:
      dhcp4: no
  bridges:
    br0:
      interfaces: [ enp3s0 ]
      dhcp4: yes

And the related section of one of the VM's .xml definition file:

<interface type='bridge'>
  <mac address='52:54:00:22:2f:dc'/>
  <source bridge='br0'/>
  <model type='virtio'/>
  <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</interface>
0 + 4
Jags avatar
kp flag
Jags
I do not use, and trying to stay away from using `netplan` and/or `network interfaces`. I'm trying to create and use bridge using either `nmcli` or `NetworkManager GUI`. I've gone through 15-20 guides/threads. After spending 4+ hours, once I was able to connect GUEST machine to `br0` but then lost internet on the HOST, and `ping` from guest to host or vice-versa still did not work :(
0
Reply
Jags avatar
kp flag
Jags
I have posted my bridge configuration already with the question: `nano /etc/libvirt/qemu/networks/host-bridge.xml` Thank you.
0
Reply
Doug Smythies avatar
gn flag
Doug Smythies
your `host-bridge.xml` is the same as mine. Network manager just becomes the renderer for netplan, doesn't it?
0
Reply
Jags avatar
kp flag
Jags
yes, I guess. My wired internet sometimes goes down for hours to whole day, so I need NetworkManager to frequently change between wireless networks (3 phone hotspots)... or I would go for `netplan` or `network interfaces`.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.