Can not reach opennebula vm from outside

DNS issue resolved. I wrongly entered DNS context comma separated. Can I use firewall other than iptables in kvm hypervisor host ?

Hello,

As I understand opennebula uses iptables rules to route vm traffic so I can not use firewalld or ufw in kvm hypervisor node. Is this true? I solved issue with disabling firewalld in ubuntu kvm node hypervisor. Now I can ssh virtual machines but I could not resolve DNS from vm. Are there any recommendation for this.

Regards

Hello,

We installed opennebula frontend and kvm node in ubuntu 18.04. I created 8021q network for kvm hyperviser . VM take ip but does not reach outside of network. I suspect that is a routing issue in hypervisor besause there is no route fro one-11 virtual interface . My kvm hypervisor network ip addr output is like below.

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: enp3s0f0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether b4:99:ba:b5:e0:f6 brd ff:ff:ff:ff:ff:ff
3: enp3s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether b4:99:ba:b5:e0:f8 brd ff:ff:ff:ff:ff:ff
inet6 fe80::b699:baff:feb5:e0f8/64 scope link
valid_lft forever preferred_lft forever
4: enp4s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether b4:99:ba:b5:e0:fa brd ff:ff:ff:ff:ff:ff
inet 10.11.3.155/16 brd 10.11.255.255 scope global enp4s0f0
valid_lft forever preferred_lft forever
inet6 fe80::b699:baff:feb5:e0fa/64 scope link
valid_lft forever preferred_lft forever
5: enp4s0f1: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
link/ether b4:99:ba:b5:e0:fc brd ff:ff:ff:ff:ff:ff
6: br11: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether b4:99:ba:b5:e0:f8 brd ff:ff:ff:ff:ff:ff
inet 10.11.3.164/16 brd 10.11.255.255 scope global dynamic br11
valid_lft 604745sec preferred_lft 604745sec
inet6 fe80::b699:baff:feb5:e0f8/64 scope link
valid_lft forever preferred_lft forever
7: enp3s0f1.11@enp3s0f1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master br11 state UP group default qlen 1000
link/ether b4:99:ba:b5:e0:f8 brd ff:ff:ff:ff:ff:ff

ip route

default via 10.11.0.1 dev enp4s0f0 proto static
default via 10.11.0.1 dev br11 proto dhcp src 10.11.3.164 metric 400
10.11.0.0/16 dev enp4s0f0 proto kernel scope link src 10.11.3.155
10.11.0.0/16 dev br11 proto kernel scope link src 10.11.3.164
10.11.0.1 dev br11 proto dhcp scope link src 10.11.3.164 metric 400

Any help appreciated.

Best Regards.