Virtual machine will only connect to the internet for 10 seconds...

Issues related to configuring your network
Post Reply
TomTom7
Posts: 2
Joined: 2019/08/19 12:29:13

Virtual machine will only connect to the internet for 10 seconds...

Post by TomTom7 » 2019/08/19 15:35:04

Using the Virtual Machine Manager, I created a virtual machine. When the wired connection comes on for the VM I can ping and get websites for about 10-30 seconds. If I turn this wired connection off and back on again, I get another 10 seconds of internet or so. I'll also randomly get about 10 seconds of internet if I leave it on.

While pinging to 4.2.2.2 with my VM and watching the tcpdump on both the virtual bridge (virbr0) and the ethernet card (enp0s7) on my physical machine, it goes to the 4.2.2.2 server and back to my ethernet card but doesn't make it to the virtual bridge. So I'm thinking it must be the firewall in the host computer. However, when I disable the firewall using "systemctl stop firewalld.service" there no internet on my VM whatsoever (not even for the 10 seconds after I turn the wired connection in the VM back on). It's like something on my physical computer is disabling my VM's connection, but then something else in the firewall overrides that temporarily.

I also tried disabling the NetworkManager service and enabling the older Network service on both the VM and host, but, like above, I go from a little bit of internet to none.


Physical/Host Computer

IP forwarding is enabled:

Code: Select all

# cat /etc/sysctl.conf

net.ipv4.ip_forward = 1
The ethernet connection (epn0s7) for the host machine works fine:

Code: Select all

# ifconfig

enp0s7: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.212  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::aaab:745d:e3bd:4a77  prefixlen 64  scopeid 0x20<link>
        ether 70:71:bc:f6:b5:26  txqueuelen 1000  (Ethernet)
        RX packets 5466  bytes 2148224 (2.0 MiB)
        RX errors 0  dropped 0  overruns 0  frame 5
        TX packets 5230  bytes 457100 (446.3 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 84  bytes 8148 (7.9 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 84  bytes 8148 (7.9 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:80:40:cb  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr1: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.100.1  netmask 255.255.255.0  broadcast 192.168.100.255
        ether 52:54:00:e5:1c:04  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Wired connection configuration:

Code: Select all

HWADDR=70:71:BC:F6:B5:26
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME="Wired connection 1"
UUID=05b47c33-3848-30c3-aae6-9ed92b024d57
ONBOOT=yes
AUTOCONNECT_PRIORITY=-999
Virtual bridge (virbr0) configuration:

Code: Select all

STP=yes
DELAY=2
BRIDGING_OPTS=priority=32768
TYPE=Bridge
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=none
IPADDR=192.168.122.1
PREFIX=24
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV4_DNS_PRIORITY=100
IPV6INIT=no
NAME=virbr0
UUID=80bd969b-d4f5-4312-8cc4-21c385f2887b
DEVICE=virbr0
ONBOOT=no
ZONE=

Bridge information:

Code: Select all

# brctl show

bridge name	bridge id		STP enabled	interfaces
virbr0		8000.5254008040cb	yes		virbr0-nic
							vnet0
virbr1		8000.525400e51c04	yes		virbr1-nic

MAC addresses for virbr0:

Code: Select all

# brctl showmacs virbr0

port no	mac addr		is local?	ageing timer
  1	52:54:00:80:40:cb	yes		   0.00
  1	52:54:00:80:40:cb	yes		   0.00
  2	fe:54:00:9d:ee:a7	yes		   0.00
  2	fe:54:00:9d:ee:a7	yes		   0.00
More bridge information for virbr0:

Code: Select all

# brctl showstp virbr0

virbr0
 bridge id		8000.5254008040cb
 designated root	8000.5254008040cb
 root port		   0			path cost		   0
 max age		  20.00			bridge max age		  20.00
 hello time		   2.00			bridge hello time	   2.00
 forward delay		   2.00			bridge forward delay	   2.00
 ageing time		 300.00
 hello timer		   1.12			tcn timer		   0.00
 topology change timer	   0.00			gc timer		 267.13
 flags			


virbr0-nic (1)
 port id		8001			state		       disabled
 designated root	8000.5254008040cb	path cost		 100
 designated bridge	8000.5254008040cb	message age timer	   0.00
 designated port	8001			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.00
 flags			

vnet0 (2)
 port id		8002			state		     forwarding
 designated root	8000.5254008040cb	path cost		 100
 designated bridge	8000.5254008040cb	message age timer	   0.00
 designated port	8002			forward delay timer	   0.00
 designated cost	   0			hold timer		   0.12
 flags	
List of networks with virtual shell (virbr0 is associatd with the default network):

Code: Select all

# virsh net-list

Name                 State      Autostart     Persistent
----------------------------------------------------------
 default              active     yes           yes
 outsider             active     yes           yes

dmesg has some interesting messages like:

Code: Select all

[  523.517552] tun: Universal TUN/TAP device driver, 1.6
[  523.517557] tun: (C) 1999-2004 Max Krasnyansky <maxk@qualcomm.com>
[  523.521060] virbr1: port 1(virbr1-nic) entered blocking state
[  523.521064] virbr1: port 1(virbr1-nic) entered disabled state
[  523.521118] device virbr1-nic entered promiscuous mode
[  523.735787] virbr1: port 1(virbr1-nic) entered blocking state
[  523.735793] virbr1: port 1(virbr1-nic) entered listening state
[  523.735842] IPv6: ADDRCONF(NETDEV_UP): virbr1: link is not ready
[  523.853801] virbr1: port 1(virbr1-nic) entered disabled state
[  523.868913] virbr0: port 1(virbr0-nic) entered blocking state
[  523.868919] virbr0: port 1(virbr0-nic) entered disabled state
[  523.868964] device virbr0-nic entered promiscuous mode
[  523.965444] FINAL_REJECT: IN=virbr1 OUT= MAC= SRC=192.168.100.1 DST=224.0.0.251 LEN=227 TOS=0x00 PREC=0x00 TTL=255 ID=2713 DF PROTO=UDP SPT=5353 DPT=5353 LEN=207 
[  524.005920] FINAL_REJECT: IN=virbr1 OUT= MAC= SRC=192.168.100.1 DST=224.0.0.251 LEN=140 TOS=0x00 PREC=0x00 TTL=255 ID=2722 DF PROTO=UDP SPT=5353 DPT=5353 LEN=120 
[  524.104607] virbr0: port 1(virbr0-nic) entered blocking state
[  524.104613] virbr0: port 1(virbr0-nic) entered listening state
[  524.104662] IPv6: ADDRCONF(NETDEV_UP): virbr0: link is not ready
[  524.208585] virbr0: port 1(virbr0-nic) entered disabled state
[  524.215317] FINAL_REJECT: IN=virbr1 OUT= MAC= SRC=192.168.100.1 DST=224.0.0.251 LEN=227 TOS=0x00 PREC=0x00 TTL=255 ID=2842 DF PROTO=UDP SPT=5353 DPT=5353 LEN=207 
[  524.332619] FINAL_REJECT: IN=virbr0 OUT= MAC= SRC=192.168.122.1 DST=224.0.0.251 LEN=227 TOS=0x00 PREC=0x00 TTL=255 ID=36638 DF PROTO=UDP SPT=5353 DPT=5353 LEN=207 
[  524.372974] FINAL_REJECT: IN=virbr0 OUT= MAC= SRC=192.168.122.1 DST=224.0.0.251 LEN=140 TOS=0x00 PREC=0x00 TTL=255 ID=36646 DF PROTO=UDP SPT=5353 DPT=5353 LEN=120 
[  524.465874] FINAL_REJECT: IN=virbr1 OUT= MAC= SRC=192.168.100.1 DST=224.0.0.251 LEN=227 TOS=0x00 PREC=0x00 TTL=255 ID=3022 DF PROTO=UDP SPT=5353 DPT=5353 LEN=207 
[  524.583752] FINAL_REJECT: IN=virbr0 OUT= MAC= SRC=192.168.122.1 DST=224.0.0.251 LEN=227 TOS=0x00 PREC=0x00 TTL=255 ID=36709 DF PROTO=UDP SPT=5353 DPT=5353 LEN=207 
[  524.644295] FINAL_REJECT: IN=enp0s7 OUT= MAC= SRC=192.168.1.212 DST=224.0.0.251 LEN=343 TOS=0x00 PREC=0x00 TTL=255 ID=46916 DF PROTO=UDP SPT=5353 DPT=5353 LEN=323 
Bridge tables:

Code: Select all

 # ebtables -L

Bridge table: filter

Bridge chain: INPUT, entries: 1, policy: ACCEPT
-j INPUT_direct
Bridge chain: FORWARD, entries: 1, policy: ACCEPT
-j FORWARD_direct
Bridge chain: OUTPUT, entries: 1, policy: ACCEPT
-j OUTPUT_direct

Bridge chain: INPUT_direct, entries: 0, policy: RETURN
Bridge chain: OUTPUT_direct, entries: 0, policy: RETURN
Bridge chain: FORWARD_direct, entries: 0, policy: RETURN

IP tables (I've tried putting the virtual devices in public and trusted zones):

Code: Select all

# iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
INPUT_direct  all  --  anywhere             anywhere            
INPUT_ZONES_SOURCE  all  --  anywhere             anywhere            
INPUT_ZONES  all  --  anywhere             anywhere            
LOG        all  --  anywhere             anywhere             ctstate INVALID LOG level warning prefix "STATE_INVALID_DROP: "
DROP       all  --  anywhere             anywhere             ctstate INVALID
LOG        all  --  anywhere             anywhere             LOG level warning prefix "FINAL_REJECT: "
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             192.168.122.0/24     ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.122.0/24     anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             192.168.100.0/24     ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.100.0/24     anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     all  --  anywhere             anywhere            
FORWARD_direct  all  --  anywhere             anywhere            
FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere            
FORWARD_IN_ZONES  all  --  anywhere             anywhere            
FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere            
FORWARD_OUT_ZONES  all  --  anywhere             anywhere            
LOG        all  --  anywhere             anywhere             ctstate INVALID LOG level warning prefix "STATE_INVALID_DROP: "
DROP       all  --  anywhere             anywhere             ctstate INVALID
LOG        all  --  anywhere             anywhere             LOG level warning prefix "FINAL_REJECT: "
REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc
OUTPUT_direct  all  --  anywhere             anywhere            

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination         
FWDI_public  all  --  anywhere             anywhere            [goto] 
FWDI_trusted  all  --  anywhere             anywhere            
FWDI_public  all  --  anywhere             anywhere            [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination         
FWDO_public  all  --  anywhere             anywhere            [goto] 
FWDO_trusted  all  --  anywhere             anywhere            
FWDO_public  all  --  anywhere             anywhere            [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_direct (1 references)
target     prot opt source               destination         

Chain FWDI_public (2 references)
target     prot opt source               destination         
FWDI_public_log  all  --  anywhere             anywhere            
FWDI_public_deny  all  --  anywhere             anywhere            
FWDI_public_allow  all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            

Chain FWDI_public_allow (1 references)
target     prot opt source               destination         

Chain FWDI_public_deny (1 references)
target     prot opt source               destination         

Chain FWDI_public_log (1 references)
target     prot opt source               destination         

Chain FWDI_trusted (1 references)
target     prot opt source               destination         
FWDI_trusted_log  all  --  anywhere             anywhere            
FWDI_trusted_deny  all  --  anywhere             anywhere            
FWDI_trusted_allow  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain FWDI_trusted_allow (1 references)
target     prot opt source               destination         

Chain FWDI_trusted_deny (1 references)
target     prot opt source               destination         

Chain FWDI_trusted_log (1 references)
target     prot opt source               destination         

Chain FWDO_public (2 references)
target     prot opt source               destination         
FWDO_public_log  all  --  anywhere             anywhere            
FWDO_public_deny  all  --  anywhere             anywhere            
FWDO_public_allow  all  --  anywhere             anywhere            

Chain FWDO_public_allow (1 references)
target     prot opt source               destination         

Chain FWDO_public_deny (1 references)
target     prot opt source               destination         

Chain FWDO_public_log (1 references)
target     prot opt source               destination         

Chain FWDO_trusted (1 references)
target     prot opt source               destination         
FWDO_trusted_log  all  --  anywhere             anywhere            
FWDO_trusted_deny  all  --  anywhere             anywhere            
FWDO_trusted_allow  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain FWDO_trusted_allow (1 references)
target     prot opt source               destination         

Chain FWDO_trusted_deny (1 references)
target     prot opt source               destination         

Chain FWDO_trusted_log (1 references)
target     prot opt source               destination         

Chain INPUT_ZONES (1 references)
target     prot opt source               destination         
IN_public  all  --  anywhere             anywhere            [goto] 
IN_trusted  all  --  anywhere             anywhere            
IN_public  all  --  anywhere             anywhere            [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain INPUT_direct (1 references)
target     prot opt source               destination         

Chain IN_public (2 references)
target     prot opt source               destination         
IN_public_log  all  --  anywhere             anywhere            
IN_public_deny  all  --  anywhere             anywhere            
IN_public_allow  all  --  anywhere             anywhere            
ACCEPT     icmp --  anywhere             anywhere            

Chain IN_public_allow (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain ctstate NEW

Chain IN_public_deny (1 references)
target     prot opt source               destination         

Chain IN_public_log (1 references)
target     prot opt source               destination         

Chain IN_trusted (1 references)
target     prot opt source               destination         
IN_trusted_log  all  --  anywhere             anywhere            
IN_trusted_deny  all  --  anywhere             anywhere            
IN_trusted_allow  all  --  anywhere             anywhere            
ACCEPT     all  --  anywhere             anywhere            

Chain IN_trusted_allow (1 references)
target     prot opt source               destination         
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:https ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc ctstate NEW
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps ctstate NEW
ACCEPT     icmp --  anywhere             anywhere             ctstate NEW

Chain IN_trusted_deny (1 references)
target     prot opt source               destination         

Chain IN_trusted_log (1 references)
target     prot opt source               destination         

Chain OUTPUT_direct (1 references)
target     prot opt source               destination   


Virtual Machine

Code: Select all

# ifconfig

eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.45  netmask 255.255.255.0  broadcast 192.168.122.255
        inet6 fe80::d696:f1fa:496:35a  prefixlen 64  scopeid 0x20<link>
        ether 52:54:00:9d:ee:a7  txqueuelen 1000  (Ethernet)
        RX packets 230  bytes 16628 (16.2 KiB)
        RX errors 0  dropped 36  overruns 0  frame 0
        TX packets 391  bytes 36373 (35.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 182  bytes 14968 (14.6 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 182  bytes 14968 (14.6 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:b6:18:da  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
Configuration file for eth0:

Code: Select all

TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=dhcp
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=47f56cd7-62d6-47c0-b87a-54a7e87d3893
DEVICE=eth0
ONBOOT=yes
IPV6_PRIVACY=no
DNS1=8.8.8.8
DNS2=4.2.2.2

A few other notes:

Tried my virtual machine in both static and automatic (DHCP) IP mode. Same results. I've also tried 8.8.8.8, 4.2.2.2, entering the virtual router's IP address (192.168.122.1), and leaving it blank for my DNS servers.

I'm on an older computer, so to get my ethernet card to work I had to install the kmod-forcedeth-0.64-3.el7_5.elrepo.x86_64.rpm package.

When I enable or disable the firewall, it seems to enable and disable both the ip tables and the eb tables. Other than standing for ethernet bridge tables, I'm not too familiar with eb tables.

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: Virtual machine will only connect to the internet for 10 seconds...

Post by TrevorH » 2019/08/19 16:37:56

You've got another virbr0 inside your guest and it's set up to use the same 192.168.122.1 ip address as the virbr0 bridge on your host. That's not right. I don't even think you need a virbr0 on the guest but I suspect you did some sort of install with a GUI and it's pulled in and instlled gnome-boxes which in turn pulls in all of libvirt and sets the machine up to run VMs. Probably not what you want in a VM anyway.

Your symptoms sound like a duplicate ip address on your network - the one used on your guest that is.
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

TomTom7
Posts: 2
Joined: 2019/08/19 12:29:13

Re: Virtual machine will only connect to the internet for 10 seconds...

Post by TomTom7 » 2019/08/20 00:05:42

That was it. Thank you! :D

Post Reply