O problema acabou sendo o firewall do convidado bloqueando a porta do aplicativo, e não o kvm ou o bridge
Host e guest são ambos do CentOS 6. Guest tem um painel de administração escutando na porta 15672 que não consigo acessar de fora.
Do convidado, curl localhost:15672 e curl vm1:15672 me fornecem o conteúdo esperado do painel.
Eu posso pingar
# ping vm1
PING vm1 (10.2.8.72) 56(84) bytes of data.
64 bytes from 10.2.8.72: icmp_seq=1 ttl=64 time=0.087 ms
Mas não acesse o painel.
# curl vm1:15672
curl: (7) couldn't connect to host
Eu estava seguindo as instruções dadas nesta página e quando cheguei a brctl show , minha saída foi um pouco diferente do que o que foi mostrado, mas não tenho certeza se é relevante.
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.842b2b78ff80 no em1
vnet0
virbr0 8000.5254000ea9ec yes virbr0-nic
E aqui está o xmldump do virsh
<domain type='kvm' id='1'>
<name>vm-queue</name>
<uuid>f3d4a6e7-c4b7-97ea-7970-e7dbe0f6964c</uuid>
<memory unit='KiB'>2097152</memory>
<currentMemory unit='KiB'>2097152</currentMemory>
<vcpu placement='static'>2</vcpu>
<os>
<type arch='x86_64' machine='rhel6.6.0'>hvm</type>
<boot dev='hd'/>
</os>
<features>
<acpi/>
<apic/>
<pae/>
</features>
<clock offset='utc'/>
<on_poweroff>destroy</on_poweroff>
<on_reboot>restart</on_reboot>
<on_crash>restart</on_crash>
<devices>
<emulator>/usr/libexec/qemu-kvm</emulator>
<disk type='file' device='disk'>
<driver name='qemu' type='raw' cache='none'/>
<source file='/var/kvm/images/vm-queue.img'/>
<target dev='vda' bus='virtio'/>
<alias name='virtio-disk0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x05' function='0x0'/>
</disk>
<disk type='block' device='cdrom'>
<driver name='qemu' type='raw'/>
<target dev='hdc' bus='ide'/>
<readonly/>
<alias name='ide0-1-0'/>
<address type='drive' controller='0' bus='1' target='0' unit='0'/>
</disk>
<controller type='usb' index='0' model='ich9-ehci1'>
<alias name='usb0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x7'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci1'>
<alias name='usb0'/>
<master startport='0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x0' multifunction='on'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci2'>
<alias name='usb0'/>
<master startport='2'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x1'/>
</controller>
<controller type='usb' index='0' model='ich9-uhci3'>
<alias name='usb0'/>
<master startport='4'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x04' function='0x2'/>
</controller>
<controller type='ide' index='0'>
<alias name='ide0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
</controller>
<interface type='bridge'>
<mac address='52:54:00:6d:25:24'/>
<source bridge='br0'/>
<target dev='vnet0'/>
<model type='virtio'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
</interface>
<serial type='pty'>
<source path='/dev/pts/1'/>
<target port='0'/>
<alias name='serial0'/>
</serial>
<console type='pty' tty='/dev/pts/1'>
<source path='/dev/pts/1'/>
<target type='serial' port='0'/>
<alias name='serial0'/>
</console>
<input type='tablet' bus='usb'>
<alias name='input0'/>
</input>
<memballoon model='virtio'>
<alias name='balloon0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x06' function='0x0'/>
</memballoon>
</devices>
<seclabel type='dynamic' model='selinux' relabel='yes'>
<label>system_u:system_r:svirt_t:s0:c47,c569</label>
<imagelabel>system_u:object_r:svirt_image_t:s0:c47,c569</imagelabel>
</seclabel>
</domain>
Tenho certeza de que todos vocês precisam de mais informações do que isso, mas não entendo bem esse problema, suponho.
O que estou perdendo?