centos server with virtual machines parent cant connect out but vms work fine

I have a server centos 6.2, it has several vm's using https://virt-manager.org/ the vms work great, no problems.

The problem I have is the parent server cant connect out using any protocol. DNS works fine, the vms use the bridged connection fine, but I cant connect out from the parent.

I have tried: - disabled ip tables - various protocols (http, https, firefox, curl, ssh)

The error when I try to connect out is "Network is Unreachable"

This machine was setup years ago by someone else, so it is hard to know what they have done here.

Here is a summary of my ifconfig

em1 - says it is connected, lots of packets in and out, it is setup to bridge to virbr0.

virbr0 - says it has an ip and lots of packets in and out.

All the vm's use virbr0

Just realized, I can also connect to the vm via http from the parent.

What can I check/try?

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master virbr0 state UP qlen 1000
    link/ether 84:2b:2b:58:4c:ad brd ff:ff:ff:ff:ff:ff
    inet brd scope global em1
       valid_lft forever preferred_lft forever
    inet6 fe80::862b:2bff:fe58:4cad/64 scope link 
       valid_lft forever preferred_lft forever
3: em2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master virbr0 state UP qlen 1000
    link/ether 84:2b:2b:58:4c:ae brd ff:ff:ff:ff:ff:ff
    inet6 fe80::862b:2bff:fe58:4cae/64 scope link 
       valid_lft forever preferred_lft forever
4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 84:2b:2b:58:4c:ad brd ff:ff:ff:ff:ff:ff
    inet brd scope global virbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::862b:2bff:fe58:4cad/64 scope link 
       valid_lft forever preferred_lft forever
5: vif1.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master virbr0 state UP qlen 32
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fcff:ffff:feff:ffff/64 scope link 
       valid_lft forever preferred_lft forever

and ip route:

default via dev em1 proto static dev virbr0  scope link  metric 1004 dev virbr0  proto kernel  scope link  src dev em1  proto kernel  scope link  src  metric 1 


brctl show
bridge name bridge id       STP enabled interfaces
virbr0      8000.842b2b584cad   no      em1

Could you post the output of "brctl show" as well?

There are two possible setups:

  1. There is an "internal" ip range on virbr0 used by your virtual machines, and your host OS performs NAT
  2. All machines are in the same ip range

I guess 2) is most likely, in which case, as pbacterio mentioned, you have a routing conflict by configuring the same ip address ( on two interfaces, so removing the ip from em1 should do the trick.

ip a del dev em1

If this works, you should edit /etc/sysconfig/network-scripts/ifcfg-em1 so that it says something like the following:


This way, the change persists after a reboot.

Remove ip address from em1 device and ensure your default route go throw virbr0.