Systemd and Centos – Tim's LTS

Centos systemd-networkd … The tale of the missing packets.

The symptoms are strange to say the least. It appears that the traffic leaving the virtual interface are correctly being processed by the POSTROUTING chains and yet even with replies from the outside world the traffic does not return to the virtual interface. Almost as if it were being dropped on the external interface. Checking the usual ip_forward file will show that it is indeed forwarding and the fact that the traffic leaves the virtual interface and goes out to the world shows that works. Each interface also has its own forwarding file called .. ‘forwarding’ and they reside in the /proc/sys/net/ipv4/conf directory separated by their own directories per interface.

Enter systemd-networkd. The apparent issue is that systemd-networkd sets the forwarding for the specific interfaces it controls to 0 by default and fights to keep it that way. That’s the simple version. Change it to a 1 and a few minutes later your back to 0. Constant appearances of ‘systemd-networkd: eno1: link configured’ in the logs following a sysctl -w net.ipv4.ip_forward=0 and then sysctl -w net.ipv4.ip_forward=1 give the problem away.

Libvirtd will by default set any interface created from the virbr0-nic, virbr0 to vnet0 etc. to forwarding=1 but systemd-networkd will keep resetting this for interfaces it ‘manages’. This stuffs up the ability of the lan / wan interface to forward traffic BACK to the virtual interfaces. The solution is actually rather simple… Locate /etc/systemd/network/YOUR_INTERFACE and then find the [Network] section.

There you need to change the forwarding policy for the interface with the line :

IPForward=ipv4

and perhaps

IPForward=ipv6

Don’t disable or remove systemd-networkd else you will need to get the rescue console fired up … note to self 🙂

I think Hetzner has started to push this in the Centos 7.7 install image because he-8 says
[root@isdhe-8 ~]# systemctl status systemd-networkdUnit systemd-networkd.service could not be found.

Which implies it’s not installed and hence no issues. This is Centos 7.7 but an upgrade.

A new 7.7 container image shows ..

[root@systemd systemd]# ls -l

total 32

-rw-r–r– 1 root root 720 Sep 13 18:19 bootchart.conf

-rw-r–r– 1 root root 615 Sep 13 18:19 coredump.conf

-rw-r–r– 1 root root 983 Sep 13 18:19 journald.conf

-rw-r–r– 1 root root 957 Sep 13 18:19 logind.conf

drwxr-xr-x 9 root root 4096 Oct 1 07:15 system

-rw-r–r– 1 root root 1552 Sep 13 18:19 system.conf

drwxr-xr-x 2 root root 4096 Sep 13 18:19 user

-rw-r–r– 1 root root 1127 Sep 13 18:19 user.conf

And the lack of network directory seems to imply no systemd-networkd

[root@systemd ~]# systemctl status systemd-networkd

Unit systemd-networkd.service could not be found.

The above confirms.

So let’s install it 🙂

Running transaction

Installing : systemd-networkd-219-67.el7_7.1.x86_64 1/1

Verifying : systemd-networkd-219-67.el7_7.1.x86_64 1/1

Installed:

systemd-networkd.x86_64 0:219-67.el7_7.1

Complete!

The article for the tests: https://renediepstraten.nl/?p=56

More info .. https://wiki.archlinux.org/index.php/Systemd-networkd#[Network]

After following the article it seems I have give control of the network to systemd-networkd

[root@systemd ~]# networkctl status eth0

● 14: eth0

Link File: n/a

Network File: /etc/systemd/network/10-main.network

Type: ether

State: routable (configured)

HW Address: 00:16:3e:af:0a:96 (Xensource, Inc.)

MTU: 1500

Address: 10.95.6.114

fe80::216:3eff:feaf:a96

Gateway: 10.95.6.1

10.95.6.1

DNS: 10.95.6.1

[root@systemd ~]# more /etc/systemd/network/10-main.network

[Match]

Name=eth0

[Network]

DHCP=yes

And …

[root@systemd ~]# cat /proc/sys/net/ipv4/conf/eth0/forwarding

[root@systemd ~]# cat /proc/sys/net/ipv4/ip_forward

So NO forwarding on the eth0 interface despite the global policy

Patched the network file 10-main.network