The host in question (kvm-2).
eno1 - 192.168.1.144
enp10s0f0 ---> bridge00 (OVS) 192.168.1.146
kvm-2 (host in question):
Cannot ping: 192.168.40.1 (router/gateway), 192.168.40.24 (laptop)
192.168.50.1, 192.168.50.0/24
Can ping both directions:
192.168.1.179 (laptop on ethernet)
192.168.1.143 (raspberry pi)
My laptop:
Wifi: 192.168.40.24 - cannot connect 192.168.1.144 or .146
Can connect all other hosts on 192.168.1.0/24
Can connect: 192.168.50.0/24 (all hosts)
Example host 192.168.50.25
Can connect: 192.168.40.1, 192.168.40.24
Can connection: 192.168.1.1, 192.168.1.143
Cannot connect 192.168.1.144, 192.168.1.146
ip a sh:
Code: Select all
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp8s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:1b:21:a9:69:20 brd ff:ff:ff:ff:ff:ff
3: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 40:2c:f4:e9:f4:14 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.144/24 brd 192.168.1.255 scope global dynamic eno1
valid_lft 86333sec preferred_lft 86333sec
inet6 fe80::dbe3:6e0:c7d:9274/64 scope link noprefixroute
valid_lft forever preferred_lft forever
4: enp8s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:1b:21:a9:69:21 brd ff:ff:ff:ff:ff:ff
5: enp10s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master ovs-system state UP group default qlen 1000
link/ether 00:1b:21:a9:69:24 brd ff:ff:ff:ff:ff:ff
inet6 fe80::21b:21ff:fea9:6924/64 scope link
valid_lft forever preferred_lft forever
6: enp10s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether 00:1b:21:a9:69:25 brd ff:ff:ff:ff:ff:ff
7: ovs-system: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether 12:75:a4:89:b1:9d brd ff:ff:ff:ff:ff:ff
9: bridge00: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 00:1b:21:a9:69:24 brd ff:ff:ff:ff:ff:ff
inet 192.168.1.146/24 brd 192.168.1.255 scope global dynamic bridge00
valid_lft 79896sec preferred_lft 79896sec
inet6 fe80::21b:21ff:fea9:6924/64 scope link
valid_lft forever preferred_lft forever
10: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:4b:f3:86 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
11: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
link/ether 52:54:00:4b:f3:86 brd ff:ff:ff:ff:ff:ff
12: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:d9:7e:9d brd ff:ff:ff:ff:ff:ff
inet 192.168.200.1/24 brd 192.168.200.255 scope global virbr1
valid_lft forever preferred_lft forever
13: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr1 state DOWN group default qlen 1000
link/ether 52:54:00:d9:7e:9d brd ff:ff:ff:ff:ff:ff
15: graylog-vm: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:e6:d7:88 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fee6:d788/64 scope link
valid_lft forever preferred_lft forever
16: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:3b:e4:43 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe3b:e443/64 scope link
valid_lft forever preferred_lft forever
17: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:cb:1d:41 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fecb:1d41/64 scope link
valid_lft forever preferred_lft forever
19: vnet3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:a9:74:7e brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fea9:747e/64 scope link
valid_lft forever preferred_lft forever
20: vnet4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:0c:61:b9 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe0c:61b9/64 scope link
valid_lft forever preferred_lft forever
22: vnet5: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:8d:d7:00 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe8d:d700/64 scope link
valid_lft forever preferred_lft forever
23: vnet6: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:a2:02:5d brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fea2:25d/64 scope link
valid_lft forever preferred_lft forever
24: vnet7: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:82:fc:6d brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe82:fc6d/64 scope link
valid_lft forever preferred_lft forever
25: katello-vm: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master ovs-system state UNKNOWN group default qlen 1000
link/ether fe:54:00:2a:c0:b2 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fe2a:c0b2/64 scope link
valid_lft forever preferred_lft forever
Code: Select all
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
0.0.0.0 192.168.1.1 0.0.0.0 UG 107 0 0 eno1
169.254.0.0 0.0.0.0 255.255.0.0 U 1009 0 0 bridge00
192.168.1.0 0.0.0.0 255.255.255.0 U 0 0 0 bridge00
192.168.1.0 0.0.0.0 255.255.255.0 U 107 0 0 eno1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0
192.168.200.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr1
Code: Select all
TYPE="Ethernet"
PROXY_METHOD="none"
BROWSER_ONLY="no"
BOOTPROTO="dhcp"
DEFROUTE="yes"
IPV4_FAILURE_FATAL="no"
IPV6INIT="yes"
IPV6_AUTOCONF="yes"
IPV6_DEFROUTE="yes"
IPV6_FAILURE_FATAL="no"
IPV6_ADDR_GEN_MODE="stable-privacy"
NAME="eno1"
UUID="61f5f092-7dac-4c0f-84f9-4b14d74acda3"
DEVICE="eno1"
ONBOOT="yes"
Code: Select all
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=enp10s0f0
UUID=97284645-e66b-4c4e-bbce-d408b5ff1850
DEVICE=enp10s0f0
ONBOOT=yes
Code: Select all
33b59614-9304-4457-9270-3ea10b3e897e
Bridge "bridge00"
Port "bridge00"
Interface "bridge00"
type: internal
Port "vnet3"
tag: 70
Interface "vnet3"
Port "vnet4"
tag: 50
Interface "vnet4"
Port "vnet5"
Interface "vnet5"
Port "enp10s0f0"
Interface "enp10s0f0"
Port "vnet8"
tag: 50
Interface "vnet8"
error: "could not open network device vnet8 (No such device)"
Port "vnet6"
tag: 50
Interface "vnet6"
Port "vnet1"
tag: 50
Interface "vnet1"
Port "vnet0"
tag: 50
Interface "vnet0"
Port graylog-vm
tag: 50
Interface graylog-vm
Port katello-vm
tag: 50
Interface katello-vm
Port "vnet7"
tag: 50
Interface "vnet7"
ovs_version: "2.5.4"
Code: Select all
firewall {
all-ping enable
broadcast-ping disable
group {
network-group PROTECT_NEWORKS {
description ""
network 192.168.1.0/24
network 192.168.2.0/24
network 192.168.40.0/24
network 192.168.50.0/24
network 192.168.70.0/24
}
}
ipv6-receive-redirects disable
ipv6-src-route disable
ip-src-route disable
log-martians enable
name BLOCK_IN {
default-action accept
description ""
rule 1 {
action accept
description "Accepted Established/Related"
log disable
protocol all
state {
established enable
invalid disable
new disable
related enable
}
}
rule 2 {
action drop
description "drop PROTECTED_NETWORKS"
destination {
group {
network-group PROTECT_NEWORKS
}
}
log disable
protocol all
}
}
name BLOCK_LOCAL {
default-action drop
description ""
rule 1 {
action accept
description "Accept DNS"
destination {
port 53
}
log disable
protocol udp
}
rule 2 {
action accept
description "Accept DHCP"
destination {
port 67
}
log disable
protocol udp
}
}
name WAN_IN {
default-action drop
description "WAN to internal"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 30 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
name WAN_LOCAL {
default-action drop
description "WAN to router"
rule 10 {
action accept
description "Allow established/related"
state {
established enable
related enable
}
}
rule 20 {
action drop
description "Drop invalid state"
state {
invalid enable
}
}
}
receive-redirects disable
send-redirects enable
source-validation disable
syn-cookies enable
}
interfaces {
ethernet eth0 {
address 192.168.1.1/24
description "Local 2"
duplex auto
speed auto
vif 40 {
address 192.168.40.1/24
description "VLAN40 - WiFi"
}
vif 50 {
address 192.168.50.1/24
description "VLAN50 - Lab Servers"
}
vif 60 {
address 192.168.60.1/24
description "VLAN60 - Exposed Servers"
firewall {
in {
name BLOCK_IN
}
local {
name BLOCK_LOCAL
}
}
}
vif 70 {
address 192.168.70.1/24
description "VLAN70 - LXD Containers"
}
vif 99 {
address 192.168.99.1/24
description "VLAN99 - Management"
}
}
ethernet eth1 {
address dhcp
description Internet
duplex auto
firewall {
in {
name WAN_IN
}
local {
name WAN_LOCAL
}
}
speed auto
}
ethernet eth2 {
description Local
duplex auto
speed auto
}
ethernet eth3 {
description Local
duplex auto
speed auto
}
ethernet eth4 {
description Local
duplex auto
speed auto
}
loopback lo {
}
switch switch0 {
address 192.168.2.1/24
description Local
mtu 1500
switch-port {
interface eth2 {
}
interface eth3 {
}
interface eth4 {
}
vlan-aware disable
}
}
}
port-forward {
auto-firewall enable
hairpin-nat enable
lan-interface eth0
rule 1 {
description pivpn
forward-to {
address 192.168.1.150
port 1194
}
original-port 1194
protocol udp
}
wan-interface eth1
}
service {
dhcp-relay {
interface eth0.60
interface eth0
interface eth0.50
interface eth0.40
server 192.168.1.143
}
dhcp-server {
disabled false
hostfile-update enable
shared-network-name LAN1 {
authoritative disable
subnet 192.168.1.0/24 {
bootfile-name pxelinux.0
bootfile-server 192.168.50.54
default-router 192.168.1.1
dns-server 192.168.1.1
domain-name piggah.lan
lease 86400
start 192.168.1.21 {
stop 192.168.1.240
}
static-mapping kvm-1 {
ip-address 192.168.1.147
mac-address 68:1c:a2:12:da:28
}
static-mapping kvm-2 {
ip-address 192.168.1.144
mac-address 40:2c:f4:e9:f4:14
}
static-mapping librenms {
ip-address 192.168.1.196
mac-address 52:54:00:8d:d7:00
}
static-mapping pi-rex {
ip-address 192.168.1.143
mac-address b8:27:eb:2c:24:ae
}
static-mapping pi-tron {
ip-address 192.168.1.150
mac-address b8:27:eb:35:58:dd
}
static-mapping piceratops {
ip-address 192.168.1.171
mac-address b8:27:eb:84:3a:2d
}
static-mapping piggahNAS {
ip-address 192.168.1.145
mac-address 24:5e:be:1d:99:bf
}
static-mapping plex-vm {
ip-address 192.168.1.140
mac-address 52:54:00:53:6f:78
}
subnet-parameters "filename "/pxe-boot/pxelinux.0";"
}
}
shared-network-name LAN2 {
authoritative disable
subnet 192.168.2.0/24 {
default-router 192.168.2.1
dns-server 192.168.2.1
domain-name piggah.lan
lease 86400
start 192.168.2.21 {
stop 192.168.2.240
}
}
}
shared-network-name VLAN40 {
authoritative disable
subnet 192.168.40.0/24 {
default-router 192.168.40.1
dns-server 192.168.40.1
domain-name piggah.lan
lease 86400
start 192.168.40.21 {
stop 192.168.40.240
}
static-mapping MacBookNF {
ip-address 192.168.40.24
mac-address 8c:85:90:66:1f:ef
}
}
}
shared-network-name VLAN50 {
authoritative disable
subnet 192.168.50.0/24 {
bootfile-name pxelinux.0
bootfile-server 192.168.50.54
default-router 192.168.50.1
dns-server 192.168.50.1
domain-name piggah.lan
lease 14400
start 192.168.50.21 {
stop 192.168.50.240
}
static-mapping freeipa {
ip-address 192.168.50.87
mac-address 52:54:00:3b:e4:43
}
static-mapping graylog {
ip-address 192.168.50.25
mac-address 52:54:00:e6:d7:88
}
static-mapping ipa {
ip-address 192.168.50.67
mac-address 52:54:00:cb:9d:8e
}
static-mapping katello {
ip-address 192.168.50.54
mac-address 52:54:00:2a:c0:b2
}
static-mapping rancher01 {
ip-address 192.168.50.97
mac-address 52:54:00:d6:d6:b7
}
}
}
shared-network-name VLAN60 {
authoritative disable
subnet 192.168.60.0/24 {
default-router 192.168.60.1
dns-server 192.168.60.1
domain-name piggah.pub
lease 86400
start 192.168.60.21 {
stop 192.168.60.240
}
}
}
shared-network-name VLAN70 {
authoritative disable
subnet 192.168.70.0/24 {
default-router 192.168.70.1
dns-server 192.168.70.1
domain-name piggah.dev
lease 26400
start 192.168.70.21 {
stop 192.168.70.240
}
}
}
shared-network-name VLAN99 {
authoritative disable
subnet 192.168.99.0/24 {
default-router 192.168.99.1
dns-server 192.168.99.1
domain-name piggah.mng
lease 86400
start 192.168.99.21 {
stop 192.168.99.240
}
}
}
static-arp disable
use-dnsmasq disable
}
dns {
forwarding {
cache-size 1000
listen-on eth0
listen-on switch0
listen-on eth0.60
listen-on eth0.50
listen-on eth0.40
listen-on eth0.70
listen-on eth0.99
}
}
gui {
http-port 80
https-port 443
older-ciphers enable
}
nat {
rule 5010 {
outbound-interface eth1
type masquerade
}
}
snmp {
community Qz2a7yG39 {
authorization ro
}
}
ssh {
port 22
protocol-version v2
}
unms {
disable
}
}
system {
host-name ubnt
login {
user nick {
authentication {
encrypted-password ****************
plaintext-password ****************
}
full-name "nick ferguson"
level admin
}
}
name-server 192.168.1.143
ntp {
server 0.ubnt.pool.ntp.org {
}
server 1.ubnt.pool.ntp.org {
}
server 2.ubnt.pool.ntp.org {
}
server 3.ubnt.pool.ntp.org {
}
}
offload {
hwnat enable
ipsec enable
}
static-host-mapping {
}
syslog {
global {
facility all {
level notice
}
facility protocols {
level debug
}
}
host 192.168.50.25:7514 {
facility all {
level info
}
}
}
time-zone UTC
traffic-analysis {
dpi enable
export enable
}
}