Red Hat Customer Portal

Select Your Language

Infrastructure and Management

Cloud Computing

Storage

Runtimes

Integration and Automation

  • Comments
    • Tags

    KVM HOST node net.ipv4.ip_forward=0 and bridge and GUEST node with net.ipv4.ip_forward=1 even sysctl setting to "No Forwarninig(0)"

    Posted on

    Dear Community,

    Recently I prepared a HOST on RHEL7.8 and 3 GUEST with also RHEL7.8.

    The network interconnection from HOST and GUEST is made using a bridge interface without usage of the native default virtb0 interface created during installation of HOST server.

    On the GUEST the network interfaces defined are using vnet

    [HOST]
$ sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 0

1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: ens3f0:  mtu 1500 qdisc mq master bond0 state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:22 brd ff:ff:ff:ff:ff:ff
3: ens3f1:  mtu 1500 qdisc mq master bond0 state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:22 brd ff:ff:ff:ff:ff:ff
4: ens3f2:  mtu 1500 qdisc mq master bond1 state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:24 brd ff:ff:ff:ff:ff:ff
5: ens3f3:  mtu 1500 qdisc mq master bond1 state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:24 brd ff:ff:ff:ff:ff:ff
6: ens3f4:  mtu 9000 qdisc mq master bond2 state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:26 brd ff:ff:ff:ff:ff:ff
7: ens3f5:  mtu 9000 qdisc mq master bond2 state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:26 brd ff:ff:ff:ff:ff:ff
8: enp1s0f4u4:  mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
    link/ether 2e:34:cc:78:08:aa brd ff:ff:ff:ff:ff:ff
9: bond0:  mtu 1500 qdisc noqueue master br0 state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:22 brd ff:ff:ff:ff:ff:ff
11: bond1:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:24 brd ff:ff:ff:ff:ff:ff
12: bond2:  mtu 9000 qdisc noqueue master br2 state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:26 brd ff:ff:ff:ff:ff:ff
20: virbr0:  mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:2f:f7:d2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
21: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:2f:f7:d2 brd ff:ff:ff:ff:ff:ff
30: br0:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:22 brd ff:ff:ff:ff:ff:ff
    inet  brd 172.16.150.255 scope global br0
       valid_lft forever preferred_lft forever
31: br2:  mtu 9000 qdisc noqueue state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:26 brd ff:ff:ff:ff:ff:ff
    inet  brd 192.168.26.63 scope global br2
       valid_lft forever preferred_lft forever
32: bond1.823@bond1:  mtu 1500 qdisc noqueue master br1823 state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:24 brd ff:ff:ff:ff:ff:ff
33: br1823:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:24 brd ff:ff:ff:ff:ff:ff
    inet  brd 192.168.23.255 scope global br1823
       valid_lft forever preferred_lft forever
34: bond1.824@bond1:  mtu 1500 qdisc noqueue master br1824 state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:24 brd ff:ff:ff:ff:ff:ff
35: br1824:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:24 brd ff:ff:ff:ff:ff:ff
36: bond1.827@bond1:  mtu 1500 qdisc noqueue master br1827 state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:24 brd ff:ff:ff:ff:ff:ff
37: br1827:  mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 16:1e:b1:80:00:24 brd ff:ff:ff:ff:ff:ff
    inet  brd 192.168.25.255 scope global br1827
       valid_lft forever preferred_lft forever
50: vnet6:  mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:51:17:b7 brd ff:ff:ff:ff:ff:ff
51: vnet7:  mtu 1500 qdisc pfifo_fast master br1823 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:a5:7c:54 brd ff:ff:ff:ff:ff:ff
52: vnet8:  mtu 1500 qdisc pfifo_fast master br1824 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:94:63:4b brd ff:ff:ff:ff:ff:ff
53: vnet3:  mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:f0:fa:d5 brd ff:ff:ff:ff:ff:ff
54: vnet4:  mtu 1500 qdisc pfifo_fast master br1823 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:82:ce:d6 brd ff:ff:ff:ff:ff:ff
55: vnet5:  mtu 1500 qdisc pfifo_fast master br1824 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:4f:c8:e9 brd ff:ff:ff:ff:ff:ff
56: vnet0:  mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:79:2b:da brd ff:ff:ff:ff:ff:ff
57: vnet1:  mtu 1500 qdisc pfifo_fast master br1823 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:81:c4:c2 brd ff:ff:ff:ff:ff:ff
58: vnet2:  mtu 1500 qdisc pfifo_fast master br1824 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:e9:23:cd brd ff:ff:ff:ff:ff:ff

    [GUEST]
net.ipv4.ip_forward = 1
$ grep  net.ipv4.ip_forward /etc/sysctl.conf
net.ipv4.ip_forward = 0

1: lo:  mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eth0:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 52:54:00:51:17:b7 brd ff:ff:ff:ff:ff:ff
3: eth1:  mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:a5:7c:54 brd ff:ff:ff:ff:ff:ff
    inet  brd 192.168.23.255 scope global eth1
       valid_lft forever preferred_lft forever
4: eth2:  mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether 52:54:00:94:63:4b brd ff:ff:ff:ff:ff:ff
5: virbr0:  mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:9e:19:ec brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
6: virbr0-nic:  mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:9e:19:ec brd ff:ff:ff:ff:ff:ff

    I have now two interface disabled manually. But they work ok.

    The virbr0 even not in the configuration appears on the GUEST.

    Based on all this information I would request the following help from community:

    1) Once using bridge to share network between HOST and GUEST, do I need to setup n the HOST IP_Forwarding as 1(enabled)?
    OBS: Even actually setup on HOST as ip_forward as 0 I do not see problems and documentation has no requirement for this as 1

    2) What or where is the GUEST setting up ip_forward as 1 since sysctl OS config is disabled?
    I am assuming this is caused by default virb0. How can I disable it on GUEST since I do not intend to use NAT as well I did not create any configuration for it in GUEST XML setup?

    Please send your comments on these doubts above.

    by

    points

    Responses

    Red Hat LinkedIn YouTube Facebook X, formerly Twitter

    Quick Links

    Help

    Site Info

    Related Sites

    © 2026 Red Hat