This article describes how to resolve the issue of an inaccessible virtual machine. 

  • Check that the bridge is configured and the network interface is connected with the bridge.

    brctl show

    bridge name	bridge id		STP enabled	interfaces
    virbr0		8000.000000000000	yes
    vmbr0		8000.003048f17bf8	no		eth0
    							vnet0
    							vnet1
    							vnet2
    							vnet3
    							vnet4
    CODE
  • Check the firewall on the parent server and on the virtual machine.
  • Check anti-spoofing. Anti-spoofing is provided by libvirt, and the anti-spoofing rules are not added in iptables.

Execute the command virsh dumpxml <virtual machine name> to see the description of the virtual machine and the its filters.

Output example

<interface type='network'>
      <mac address='52:54:00:3e:df:04'/>
      <source network='DefaultBridge'/>
      <target dev='vnet0'/>
      <filterref filter='vm-isptest'>
        <parameter name='IP' value='172.31.224.12'/>
        <parameter name='IPV6' value='2a01:230::bef6:85ff:fed7:4062'/>
      </filterref>
CODE

In our example, the filter vm-IPmanager5 is set. 

All rules are described in xml and are located in /etc/libvirt/nwfilter/. Filters use macros that are defined in the corresponding xml file for every virtual machine.  The Xmls that describe the virtual machine are located in the directory  /etc/libvirt/qemu/.

View the list of all files:

virsh nwfilter-list
CODE

View the filter:

virsh nwfilter-dumpxml <filter name>
CODE

You can disable the anti-spooging option in Management Virtual machines Edit

Learn more in http://libvirt.org/firewall.html

  • Check the network settings on the virtual machine. Connect via vnc to the virtual machine and check that the IP, mask, and gateway are correct.
  • Every virtual machine has its mac-address. That's why virtual machines won't be accessible in data-centers where port security is used.