centos server with virtual machines parent cant connect out but vms work fine

I have a server centos 6.2, it has several vm's using https://virt-manager.org/ the vms work great, no problems.

The problem I have is the parent server cant connect out using any protocol. DNS works fine, the vms use the bridged connection fine, but I cant connect out from the parent.

I have tried: - disabled ip tables - various protocols (http, https, firefox, curl, ssh)

The error when I try to connect out is "Network is Unreachable"

This machine was setup years ago by someone else, so it is hard to know what they have done here.

Here is a summary of my ifconfig

em1 - says it is connected, lots of packets in and out, it is setup to bridge to virbr0.

virbr0 - says it has an ip and lots of packets in and out.

All the vm's use virbr0

Just realized, I can also connect to the vm via http from the parent.

What can I check/try?

[![ip addr and ip route][1]][1]

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN 
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: em1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master virbr0 state UP qlen 1000
    link/ether 84:2b:2b:58:4c:ad brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.38/24 brd 192.168.1.255 scope global em1
       valid_lft forever preferred_lft forever
    inet6 fe80::862b:2bff:fe58:4cad/64 scope link 
       valid_lft forever preferred_lft forever
3: em2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master virbr0 state UP qlen 1000
    link/ether 84:2b:2b:58:4c:ae brd ff:ff:ff:ff:ff:ff
    inet6 fe80::862b:2bff:fe58:4cae/64 scope link 
       valid_lft forever preferred_lft forever
4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP 
    link/ether 84:2b:2b:58:4c:ad brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.38/24 brd 192.168.1.255 scope global virbr0
       valid_lft forever preferred_lft forever
    inet6 fe80::862b:2bff:fe58:4cad/64 scope link 
       valid_lft forever preferred_lft forever
5: vif1.0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master virbr0 state UP qlen 32
    link/ether fe:ff:ff:ff:ff:ff brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fcff:ffff:feff:ffff/64 scope link 
       valid_lft forever preferred_lft forever

and ip route:

default via 192.168.1.1 dev em1 proto static

169.254.0.0/16 dev virbr0  scope link  metric 1004 
192.168.1.0/24 dev virbr0  proto kernel  scope link  src 192.168.1.38 
192.168.1.0/24 dev em1  proto kernel  scope link  src 192.168.1.38  metric 1 

Added

brctl show
bridge name bridge id       STP enabled interfaces
virbr0      8000.842b2b584cad   no      em1
                            em2
                            vif1.0

Could you post the output of "brctl show" as well?

There are two possible setups:

  1. There is an "internal" ip range on virbr0 used by your virtual machines, and your host OS performs NAT
  2. All machines are in the same 192.168.1.24 ip range

I guess 2) is most likely, in which case, as pbacterio mentioned, you have a routing conflict by configuring the same ip address (192.168.1.38) on two interfaces, so removing the ip from em1 should do the trick.

ip a del 192.168.1.38/24 dev em1

If this works, you should edit /etc/sysconfig/network-scripts/ifcfg-em1 so that it says something like the following:

DEVICE=em1
BOOTPROTO=none
ONBOOT=yes
HWADDR=84:2b:2b:58:4c:ad
BRIDGE=virbr0
NM-CONTROLLED=no

This way, the change persists after a reboot.


Remove ip address from em1 device and ensure your default route go throw virbr0.