Hi, I´ve been seting up KVM systems on CentOS5 for a while and so far did not encounter serious problems. The usual setup consists of a public bridge and a private for every subsystem. For the public bridge I move the IP address from the NIC to the bridge and define eth0 to relate to the new bridge br0. I tell the system not to direct bridge traffic via iptables by adding

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

to the sysctrl.conf file. After restarting the network service this usually does the job. However, on my hosted server I run into a erroneous situation: When I start a guest VM and configure it to attach to the bridge br0, I can ping the host but I do not reach any IP outside the physical machine. The really bizzare thing is, that when I listen with tcpdump on eth0 in the virtual guest I see various ethernet broadcasts from "outside", e.g. ARP requests from the gateway and TCP SYN frames.

The areas I have tried to investigate so far include:

• switching off iptables (all chains on ACCEPT)
• switching off selinux
• telling iptables to forward bridge traffic by issuing iptables -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT (which is of course redundant to the sysctrl.conf change mentioned above, but clutching at straws...)
• setting ip_forward=1
• verifying that all MAC addresses have the two lower bits of the first byte unset
• changing MAC address of physical NIC from Micro-Star to Realtek, since br0 had a strange MAC with the local flag set
• setting all NICs (guest, host, bridge) to promiscuous mode
• toggeling STP of br0

Non of the above helped. The machine is a Micro-Star board with an i7. I do not want to flood this first posting with pages of config files, but if someone needs more details, I´d be happy to post them.

Does anyone have an idea in which direction to look further? Any hint is highly appreciated!

Greetings,

buv