Open alexxspb opened 12 months ago
Can you check your iptables (iptablas-save
) on the OpenNebula host?
sudo iptables-save
# Generated by iptables-save v1.8.7 on Mon Oct 9 11:08:29 2023
*mangle
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
# Completed on Mon Oct 9 11:08:29 2023
# Generated by iptables-save v1.8.7 on Mon Oct 9 11:08:29 2023
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:DOCKER - [0:0]
:DOCKER-ISOLATION-STAGE-1 - [0:0]
:DOCKER-ISOLATION-STAGE-2 - [0:0]
:DOCKER-USER - [0:0]
:one-0-0-i - [0:0]
:one-0-0-o - [0:0]
:one-1-0-i - [0:0]
:one-1-0-o - [0:0]
:opennebula - [0:0]
-A FORWARD -j DOCKER-USER
-A FORWARD -j DOCKER-ISOLATION-STAGE-1
-A FORWARD -o docker0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -o docker0 -j DOCKER
-A FORWARD -i docker0 ! -o docker0 -j ACCEPT
-A FORWARD -i docker0 -o docker0 -j ACCEPT
-A FORWARD -m physdev --physdev-is-bridged -j opennebula
-A DOCKER-ISOLATION-STAGE-1 -i docker0 ! -o docker0 -j DOCKER-ISOLATION-STAGE-2
-A DOCKER-ISOLATION-STAGE-1 -j RETURN
-A DOCKER-ISOLATION-STAGE-2 -o docker0 -j DROP
-A DOCKER-ISOLATION-STAGE-2 -j RETURN
-A DOCKER-USER -j RETURN
-A one-0-0-i -m state --state RELATED,ESTABLISHED -j RETURN
-A one-0-0-i -j RETURN
-A one-0-0-i -j DROP
-A one-0-0-o -m state --state RELATED,ESTABLISHED -j RETURN
-A one-0-0-o -j RETURN
-A one-0-0-o -j DROP
-A one-1-0-i -m state --state RELATED,ESTABLISHED -j RETURN
-A one-1-0-i -j RETURN
-A one-1-0-i -j DROP
-A one-1-0-o -m state --state RELATED,ESTABLISHED -j RETURN
-A one-1-0-o -j RETURN
-A one-1-0-o -j DROP
-A opennebula -m physdev --physdev-in one-1-0 --physdev-is-bridged -j one-1-0-o
-A opennebula -m physdev --physdev-out one-1-0 --physdev-is-bridged -j one-1-0-i
-A opennebula -m physdev --physdev-in one-0-0 --physdev-is-bridged -j one-0-0-o
-A opennebula -m physdev --physdev-out one-0-0 --physdev-is-bridged -j one-0-0-i
-A opennebula -j ACCEPT
COMMIT
# Completed on Mon Oct 9 11:08:29 2023
# Generated by iptables-save v1.8.7 on Mon Oct 9 11:08:29 2023
*nat
:PREROUTING ACCEPT [0:0]
:INPUT ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:POSTROUTING ACCEPT [0:0]
:DOCKER - [0:0]
-A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
-A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
-A POSTROUTING -s 172.17.0.0/16 ! -o docker0 -j MASQUERADE
-A POSTROUTING -s 172.16.100.0/24 ! -d 172.16.100.0/24 -j MASQUERADE
-A DOCKER -i docker0 -j RETURN
COMMIT
# Completed on Mon Oct 9 11:08:29 2023
Hmm, it all looks good. Except for the wlp45s0
I have a very similar setup which works just fine.
Strange DNS works from the VM but the other traffic is blocked.
Yeap, it's very strange for us, we thought that it would work out of the box at new hardware (Chatreey it12 mini-pc, i9 12900h, 2 LAN 2.5G, Wifi 6) and fresh OS installation (Ubuntu Server 22.04.1, Ubuntu Desktop 22.04.3), though we had the same problem on 2 our old PCs (i5 3570, GA-Z68AP-D3 with 1 LAN + wifi) in different places (and another routers).
Hello! We spent many days to resolve only one problem - no access to Internet from VMs on minione latest / ubuntu 22.04.3 It produces on various machines with 1 or 2 LAN + wifi interfaces.
Our network settings: Host
VM