I’ve opened a separate thread as per recommendation. I believe that there must be some discrepancy between how internal networks work in different virtualizer. That makes debugging more difficult to pin point.
This function shouldn’t been seen as a “task”. I just think it would be nice to have and document for KVM folks.
The steps I applied to debug is to run tcpdump on eth2. logs show that packets from the non-connecting ws 2 do have an ip of 10.152.152.12. That means that the ws does have an ip assigned so no problem there. Reasons for why no packets are making it past that point are, I speculate, because no rules are applied to traffic coming from it. iptables on gw can deal with eth1 traffic but it doesn’t know anything about an eth2 or how to treat it. This causes it to do the failsafe of default block all traffic coming from eth2.
Again more speculation but I think if the iptables script on gw is modified to automatically apply eth1 rules to any (eth1+n) interface that should do it.
If you have any different ideas on what I should do next, I’m all ears.