KVM on Rocky Linux 9

Hi,

I have installed Rocky linux 9.0 and have updated to the latest OS patches on a newly procured bare metal server. I have installed open-source Kernel-based VMs (KVMs) Type 1 hypervisor on it by following the below steps

1. dnf install qemu-kvm libvirt virt-manager virt-install
2. dnf install epel-release -y
3. dnf -y install bridge-utils virt-top libguestfs-tools bridge-utils virt-viewer
4. systemctl start libvirtd
5. systemctl enable libvirtd
6. systemctl status libvirtd
7. usermod -aG libvirt $USER
8. newgrp libvirt
9. brctl show
10. nmcli connection show 
11. BR_NAME="br0"
BR_INT="enp6s18"
SUBNET_IP="192.168.0.65/24"
GW="192.168.0.10"
DNS1="8.8.8.8"
DNS2="8.8.4.4"
12. sudo nmcli connection add type bridge autoconnect yes con-name ${BR_NAME} ifname ${BR_NAME}
13. sudo nmcli connection modify ${BR_NAME} ipv4.addresses ${SUBNET_IP} ipv4.method manual
14. sudo nmcli connection modify ${BR_NAME} ipv4.gateway ${GW}
15. sudo nmcli connection modify ${BR_NAME} ipv4.dns ${DNS1} +ipv4.dns
16. sudo nmcli connection delete ${BR_INT}
17. sudo nmcli connection add type bridge-slave autoconnect yes con-name ${BR_INT} ifname ${BR_INT} master ${BR_NAME}
18. sudo nmcli connection show 
19. nmcli connection up br0

I have created a KVM guest OS CentOS 7.9 using virt-install command line utility and configured static private ip along with GW and DNS Name servers IP address. I am unable to reach to the gateway IP 192.168.0.10 while SSH login to the newly created KVM Guest VM instance.

Am i missing anything from the above steps? Please guide.

Best Regards,

Kaushal

Was --network bridge=br0 passed with virt-install command line ?
Is the VM network using the bridge interface ?

The libvirt packages do provide config for one virtual network named “default”. The default is autostarted, so it is created when the libvirt services start (on boot). The default is a separate private subnet where the host has both DHCP and DNS servers for the guests (that have interface on the default) and also acts as router – gateway from default to other subnets.

The traffic between default and subnet outside is routed and therefore also filtered. Libvirt should add firewall rules for that.

The bridge created in OP is a switch that extends external (physical) subnet (192.168.0.0/24) to guests that have interface on the bridge. The host does not need an IP address on the bridge for the guests to have connection any more than unmanaged switches do. Obviously, if host should be on the same subnet, and/or if it has only that one interface ( enp6s18), then it should have IP on the bridge.

Ideally, neither host nor guests on the bridge do have static network config, but get one from DHCP server that is outside of the host.

The bridged traffic is not “forwarded” nor filtered.

@jlehtone Any documentation to refer to configure KVM on host OS and configure br0 interface on host server? Thanks in advance

Best Regards,

Kaushal

There are multiple methods for creating a bridge interface and you did already use one of them. See Chapter 6. Configuring a network bridge Red Hat Enterprise Linux 9 | Red Hat Customer Portal

I have not particularly “configured” libvirt/KVM; the defaults from packages are usually enough.
At most two things I’ve changed, via virt-manager (but one could use virsh too):

• Disable autostart of the default network
• Add storage (LVM and/or mpath volumes)

Creation of guests … usually with virt-manager

@jlehtone I am using the virt-install command to create KVM Guest VM on Rocky Linux release 9.2 (Blue Onyx)

#cat /etc/os-release
NAME="Rocky Linux"
VERSION="9.2 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.2"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.2 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.2"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.2"
#

#cat /etc/redhat-release
Rocky Linux release 9.2 (Blue Onyx)
#

uname -r
5.14.0-284.18.1.el9_2.x86_64

KVM Guest VM instance creation using virt-install command

virt-install --name=testvm --file=/datadisk1/testvm.img --file-size=20 --nonsparse --vcpus=2 --ram=8192 --network=bridge:br0 --os-variant=rhel7.9 --graphics none --location=/var/lib/libvirt/isos/CentOS-7-x86_64-DVD-2009.iso --extra-args="console=ttyS0"

virt-install --version
4.1.0

# virsh start testvm
error: Failed to start domain 'testvm'
error: Network not found: no network with matching name 'default'
#

# systemctl status libvirtd
● libvirtd.service - Virtualization daemon
     Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; preset: disabled)
     Active: active (running) since Thu 2023-07-13 21:12:03 IST; 1s ago
TriggeredBy: ● libvirtd-ro.socket
             ● libvirtd.socket
             ○ libvirtd-tls.socket
             ○ libvirtd-tcp.socket
             ● libvirtd-admin.socket
       Docs: man:libvirtd(8)
             https://libvirt.org
   Main PID: 20764 (libvirtd)
      Tasks: 20 (limit: 32768)
     Memory: 25.3M
        CPU: 925ms
     CGroup: /system.slice/libvirtd.service
             └─20764 /usr/sbin/libvirtd --timeout 120

Jul 13 21:12:02 dac-inhousebaseserver4 systemd[1]: Starting Virtualization daemon...
Jul 13 21:12:03 dac-inhousebaseserver4 systemd[1]: Started Virtualization daemon.
#

I am unable to reach to the host gateway network IP :- 192.168.0.10 from testvm which has static private IP :- 192.168.0.113. The details of network configurations for testvm node are as below node.

cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
PROXY_METHOD=none
BROWSER_ONLY=no
BOOTPROTO=static
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6INIT=yes
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_FAILURE_FATAL=no
IPV6_ADDR_GEN_MODE=stable-privacy
NAME=eth0
UUID=e2e74b0b-5f8a-4eed-9a98-49f9e3e77623
DEVICE=eth0
ONBOOT=yes
IPADDR=192.168.0.113
PREFIX=24
GATEWAY=192.168.0.10
DNS1=8.8.8.8
DNS2=8.8.4.4

# pwd
/etc/libvirt
# ls -l
total 212
-rw-r--r--. 1 root root   450 Jan 16 16:27 libvirt-admin.conf
-rw-r--r--. 1 root root   547 Jan 16 16:27 libvirt.conf
-rw-r--r--. 1 root root 17826 Jun 23 19:50 libvirtd.conf
drwx------. 2 root root  4096 Jun 23 19:51 nwfilter
drwx------. 4 root root    87 Jul 13 00:06 qemu
-rw-r--r--. 1 root root 36830 Jun 23 19:50 qemu.conf
-rw-r--r--. 1 root root  2169 Jan 16 16:27 qemu-lockd.conf
drwx------. 2 root root     6 Jun 23 19:51 secrets
drwx------. 3 root root    79 Jun 23 19:51 storage
-rw-r--r--. 1 root root 12421 Jun 23 19:50 virtinterfaced.conf
-rw-r--r--. 1 root root  3058 Jan 16 16:27 virtlockd.conf
-rw-r--r--. 1 root root  3537 Jan 16 16:27 virtlogd.conf
-rw-r--r--. 1 root root 12411 Jun 23 19:50 virtnetworkd.conf
-rw-r--r--. 1 root root 12411 Jun 23 19:50 virtnodedevd.conf
-rw-r--r--. 1 root root 12416 Jun 23 19:50 virtnwfilterd.conf
-rw-r--r--. 1 root root 17840 Jun 23 19:50 virtproxyd.conf
-rw-r--r--. 1 root root 12396 Jun 23 19:50 virtqemud.conf
-rw-r--r--. 1 root root 12406 Jun 23 19:50 virtsecretd.conf
-rw-r--r--. 1 root root 12411 Jun 23 19:50 virtstoraged.conf
#

Host system Network Details
Subnet IP range -> 192.168.0.0/24
Netmask :-  255.255.255.0
Gateway IP :- 192.168.0.10 
DNS1=8.8.8.8
DNS2=8.8.4.4

# nmcli connection show
NAME       UUID                                  TYPE      DEVICE
Profile 1  a02b63e3-5c7b-4de9-92cd-f4ae1dfac897  ethernet  eno2
br0        3294e515-1349-47a3-952b-2f617dbc3bc0  bridge    br0
lo         e49e4387-bb0d-4bde-b714-4fb7b79030ab  loopback  lo
bridge     f22268bd-cdb7-4a63-aaaa-da088696cd68  ethernet  --
en02       fa63daf9-6133-466d-915d-4dbf351e5ac2  ethernet  --
eno3       4182c9ae-0c32-49c1-ad40-d70a15d52652  ethernet  --
eno4       ebed9562-4695-4b61-b1a1-0a94de7ecd6d  ethernet  --
#

# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
2: eno1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether f8:bc:12:50:5a:68 brd ff:ff:ff:ff:ff:ff
    altname enp1s0f0
3: eno2: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether f8:bc:12:50:5a:69 brd ff:ff:ff:ff:ff:ff
    altname enp1s0f1
    inet 192.168.0.68/24 brd 192.168.0.255 scope global noprefixroute eno2
       valid_lft forever preferred_lft forever
    inet6 fe80::1939:9e62:6d91:5f3e/64 scope link noprefixroute
       valid_lft forever preferred_lft forever
4: eno3: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether f8:bc:12:50:5a:6a brd ff:ff:ff:ff:ff:ff
    altname enp2s0f0
5: eno4: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
    link/ether f8:bc:12:50:5a:6b brd ff:ff:ff:ff:ff:ff
    altname enp2s0f1
6: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 00:00:00:00:00:00 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.68/24 brd 192.168.0.255 scope global noprefixroute br0
       valid_lft forever preferred_lft forever
#

Please let me know if you want me to share any configs related to libvirtd.service - Virtualization daemon or any other configuration file?

Please suggest further.

Best Regards,

Kaushal

Hello,

sysctl -A | grep net.ipv4.ip_forward

cat /etc/sysctl.d/95-IPv4-forwarding.conf
net.ipv4.ip_forward=1

Remove ip from eno2, allow to br0

On to VM:
arp -a

You see gateway MAC?

@Xino Thanks for the quick response. Please find the details which are as below

# sysctl -A | grep net.ipv4.ip_forward
net.ipv4.ip_forward = 1
net.ipv4.ip_forward_update_priority = 1
net.ipv4.ip_forward_use_pmtu = 0
#


# cat /etc/sysctl.d/95-IPv4-forwarding.conf
cat: /etc/sysctl.d/95-IPv4-forwarding.conf: No such file or directory
#

Remove ip from eno2, allow to br0

How do i remove IP 192.168.0.68 from ethernet interface eno2

On to VM:
arp -a

You see gateway MAC?

I am unable to login to

# virsh list --all
 Id   Name                 State
-------------------------------------
 -    testvm               shut off
#
# virsh console testvm
error: The domain is not running

# virsh start testvm
error: Failed to start domain 'testvm'
error: Network not found: no network with matching name 'default'

#

Please suggest further.

Best Regards,

Kaushal

If needed create: echo “net.ipv4.ip_forward=1” > /etc/sysctl.d/95-IPv4-forwarding.conf

<>How do i remove IP 192.168.0.68 from ethernet interface eno2
nmtui
or edit in to /etc/NetworkManager/system-connections
br0.nmconnection
[connection]
…
type=bridge
autoconnect=true
…
[ipv4]
address1=192.168.0.68/24,192.168.0.10
dns=xxx.xxx.xxx.xxx
method=manual

and eno2.nmconnection
remove ip

reboot

check again

Bridged traffic does not need forwarding, so not needed at all.

We see four physical interfaces eno[1234] of which eno2 seems to have link. However,

That incantation is about unknown enp6s18. If there is a connection to delete, then it is "Profile 1" and the enp2 should be the slave, as in man nmcli-examples:

nmcli con add type bridge con-name br0 ifname br0 bridge.stp no ip4 192.168.0.65/24 gw4 192.168.0.10 ipv4.dns 8.8.8.8
nmcli con add type ethernet con-name br-slave-eno2 ifname eno2 master br0

I agree
But if the information is submitted correctly, then the person is trying to set up a virtual machine on the computer he is working on.
For both the host and the virtual machine to have connectivity, the communication interface of the host should not have an ip address but it should be active.
The IP address must be on the bridge interface.
As the physical network interface, it must be a slave to the bridge.
So that when the virtual machine initiates the network interface assigned to it, which also appears as a slave to the bridge, only then will the virtual machine have network connectivity.
Respectively, there will be access to it through a network, and not only and only from the local host.
Test and see if I’m right or wrong!

It seems to me you skipped step with creating libvirt network…

virsh net-list --all
virsh net-define your_network.xml
virsh net-edit <your_network>

In /etc/libvirt/qemu you can find definitions of your networks and virtual machines. Inspect these files.

And enjoy reading:

There is no good reason to create one, when one wants to bridge the guests and the host has only one (usable) physical interface (that both the host and the bridging will use).

Regardless of the networking setup, libvirt needs to be aware of it.
And, yes, there is good reason.

man virt-install | grep -A 20 "NETWORKING"

“Use a virtual network if the host has dynamic networking (e.g. NetworkManager)…”

Oh my, all my hosts do use NetworkManager and none of them has libvirtd’s virtual networks. (I don’t use virt-install either.)

I am following libvirt: Virtual Networking. On the host network I do not have anything.

On the KVM Host machine running Rocky Linux release 9.2 (Blue Onyx)

# virsh net-list --all
 Name   State   Autostart   Persistent
----------------------------------------

#

# pwd
/etc/libvirt/qemu
# ls -l
total 16
drwx------. 2 root root    6 Jun 23 19:51 autostart
-rw-------. 1 root root 6693 Jun  1 03:19 mulesoftapigateway.xml
drwx------. 3 root root   23 Jul 13 00:05 networks
-rw-------. 1 root root 6657 Jul 13 23:25 testvm.xml
#

cat testvm.xml
<!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
  virsh edit testvm
or other application using the libvirt API.
-->

<domain type='kvm'>
  <name>testvm</name>
  <uuid>43a4141d-39c1-476f-9f22-ed9bc5ef0e7b</uuid>
  <metadata>
    <libosinfo:libosinfo xmlns:libosinfo="http://libosinfo.org/xmlns/libvirt/domain/1.0">
      <libosinfo:os id="http://redhat.com/rhel/7.9"/>
    </libosinfo:libosinfo>
  </metadata>
  <memory unit='KiB'>8388608</memory>
  <currentMemory unit='KiB'>8388608</currentMemory>
  <vcpu placement='static'>2</vcpu>
  <os>
    <type arch='x86_64' machine='pc-q35-rhel9.2.0'>hvm</type>
    <boot dev='hd'/>
  </os>
  <features>
    <acpi/>
    <apic/>
  </features>
  <cpu mode='host-passthrough' check='none' migratable='on'/>
  <clock offset='utc'>
    <timer name='rtc' tickpolicy='catchup'/>
    <timer name='pit' tickpolicy='delay'/>
    <timer name='hpet' present='no'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>destroy</on_crash>
  <pm>
    <suspend-to-mem enabled='no'/>
    <suspend-to-disk enabled='no'/>
  </pm>
  <devices>
    <emulator>/usr/libexec/qemu-kvm</emulator>
    <disk type='file' device='disk'>
      <driver name='qemu' type='qcow2'/>
      <source file='/datadisk1/testvm.img'/>
      <target dev='vda' bus='virtio'/>
      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
    </disk>
    <disk type='file' device='cdrom'>
      <driver name='qemu' type='raw'/>
      <target dev='sda' bus='sata'/>
      <readonly/>
      <address type='drive' controller='0' bus='0' target='0' unit='0'/>
    </disk>
    <controller type='usb' index='0' model='qemu-xhci' ports='15'>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
    </controller>
    <controller type='pci' index='0' model='pcie-root'/>
    <controller type='pci' index='1' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='1' port='0x8'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0' multifunction='on'/>
    </controller>
    <controller type='pci' index='2' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='2' port='0x9'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
    </controller>
    <controller type='pci' index='3' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='3' port='0xa'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x2'/>
    </controller>
    <controller type='pci' index='4' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='4' port='0xb'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x3'/>
    </controller>
    <controller type='pci' index='5' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='5' port='0xc'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x4'/>
    </controller>
    <controller type='pci' index='6' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='6' port='0xd'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x5'/>
    </controller>
    <controller type='pci' index='7' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='7' port='0xe'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x6'/>
    </controller>
    <controller type='pci' index='8' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='8' port='0xf'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x7'/>
    </controller>
    <controller type='pci' index='9' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='9' port='0x10'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
    </controller>
    <controller type='pci' index='10' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='10' port='0x11'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
    </controller>
    <controller type='pci' index='11' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='11' port='0x12'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
    </controller>
    <controller type='pci' index='12' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='12' port='0x13'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
    </controller>
    <controller type='pci' index='13' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='13' port='0x14'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
    </controller>
    <controller type='pci' index='14' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='14' port='0x15'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x5'/>
    </controller>
    <controller type='sata' index='0'>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
    </controller>
    <controller type='virtio-serial' index='0'>
      <address type='pci' domain='0x0000' bus='0x03' slot='0x00' function='0x0'/>
    </controller>
    <interface type='bridge'>
      <mac address='52:54:00:a3:7e:58'/>
      <source bridge='br0'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
    </interface>
    <serial type='pty'>
      <target type='isa-serial' port='0'>
        <model name='isa-serial'/>
      </target>
    </serial>
    <console type='pty'>
      <target type='serial' port='0'/>
    </console>
    <channel type='unix'>
      <target type='virtio' name='org.qemu.guest_agent.0'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
    <input type='mouse' bus='ps2'/>
    <input type='keyboard' bus='ps2'/>
    <audio id='1' type='none'/>
    <memballoon model='virtio'>
      <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
    </memballoon>
    <rng model='virtio'>
      <backend model='random'>/dev/urandom</backend>
      <address type='pci' domain='0x0000' bus='0x06' slot='0x00' function='0x0'/>
    </rng>
  </devices>
</domain>

I am not sure how do i proceed to enable the KVM guest VM to ping 192.168.0.10 which is the gateway IP where the host and the testvm instance is on the same network. I am little confused.

KVM Host IP :- 192.168.0.68 (Baremetal server)
KVM VM IP :- 192.168.0.113
Gateway IP :- 192.168.0.10

Please guide. Thanks in advance.

Best Regards,

Kaushal

Hi,

Checking in again if someone can pitch in for my earlier post to this forum. Thanks in advance.

Best Regards,

Kaushal

Hi Kaushal,
Below page help me out on ssh from the workstation in same segment as host to the VM in host (then from the VM, the GW and internet pages can be ping). Esp. the section Forwarding Incoming Connections

I didn’t create the bridge per your step 7 and afterward. Just use all the default settings after those in steps as yours 1-6. After hard work, I suspect those steps are much useful for older version as the setting of the default “virbr0” seems much “smarter” and do all those work now.

In that page there are more sophisticated ways but it looks a bit too difficult for me
Hope this is relevant to your problem.

That seems fine. When the VM starts, it connects to the bridge br0.
That is equivalent of plugging a cable from machine to port of a network switch.

A real physical cable from outside is plugged into port eno2 of the host.
That port must become “another port of the switch br0”. One creates a connection with something like:

nmcli con add type ethernet con-name br-slave-eno2 ifname eno2 master br0

and remove all the other connections that would use the eno2. The connection br-slave-eno2 (and device eno2) should not have any IP address; if host has address, then it is on the br0.

This was posted 5 days ago:

Documentation links provided!

What has been done so far?
What works and what doesn’t?
Is routing, forwarding checked?
Is the firewall stopped?