[SOLVED] cannot ping from one vm to another vm

[frank.furter]

i have the following NAT setup on my host:

auto lo
iface lo inet loopback

iface eth0 inet manual

auto vmbr0
iface vmbr0 inet static
        address 192.168.240.14
        netmask 255.255.255.0
        gateway 192.168.240.253
        bridge_ports eth0
        bridge_stp off
        bridge_fd 0

auto vmbr1
iface vmbr1 inet static
        address  10.10.10.1
        netmask  255.255.255.0
        bridge_ports none
        bridge_stp off
        bridge_fd 0

        post-up echo 1 > /proc/sys/net/ipv4/ip_forward
        post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE
        post-down iptables -t nat -D POSTROUTING -s '10.10.10.0/24' -o vmbr0 -j MASQUERADE

on my host there are 2 guests with win 7.

network config of the guests:
ip:10.10.10.11
netmask:255.255.255.0
gateway:10.10.10.1
dns:8.8.8.8

second machine is the same with ip 10.10.10.12

on guest machine i can ping google.com so internet is working, but i cannot ping the other machine.

what is the problem here?

in GUI i have set up both win7 machines with the virtio network card and "vmbr1"

thanks in advance

please tell me if you need additional information

 

[wolfgang]

Hi,
you say in your config:
every traffic form 10.10.10.0/24 should go to vmbr0 and if you there you can't go back to your subnet and ping it.

 

[frank.furter]

Hi,
you say in your config:
every traffic form 10.10.10.0/24 should go to vmbr0 and if you there you can't go back to your subnet and ping it.

ok i see, what would be the right configuration ? is there an example for what i want ?
i just want that all clients in the 10.10.10.0/24 subnet have access to each other and have access to the internet

 

[frank.furter]

ok its working now, i changed my iptables rows to

post-up   iptables -t nat -A POSTROUTING -s '10.10.10.0/24' ! -d '10.10.10.0/24' -o vmbr0 -j MASQUERADE

post-down iptables -t nat -A POSTROUTING -s '10.10.10.0/24' ! -d '10.10.10.0/24' -o vmbr0 -j MASQUERADE