No internet access behind NAT on VM [QEMU] [KVM]

hkk · 2018-10-28 12:25:52

I have got a problem with my VMs. If i try to use a NAT connection I cannot get an address from the DHCP and there is no any internet access (and only the APIPA address on my Windows machine). What is frustrating because I have never had a problem with that kind of network.
If I try to manualy set the IP address I can only get access to a private, local network (host <> guest). I cannot just use a bridge connection, because I have to have a shared folder between my OSes.

My config files are here: https://imgur.com/a/zbo6pZL
And here:

ifconfig -a

enp6s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 10.0.1.15  netmask 255.255.0.0  broadcast 10.0.255.255
        inet6 fe80::1c2e:d533:ba61:cc04  prefixlen 64  scopeid 0x20<link>
        ether 70:85:c2:0d:80:87  txqueuelen 1000  (Ethernet)
        RX packets 355800  bytes 434771162 (414.6 MiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 137291  bytes 30797232 (29.3 MiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0
        device interrupt 19  

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 377  bytes 42450 (41.4 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 377  bytes 42450 (41.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        inet 10.10.0.1  netmask 255.255.0.0  broadcast 10.10.255.255
        ether 52:54:00:92:e0:98  txqueuelen 1000  (Ethernet)
        RX packets 723  bytes 88389 (86.3 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 117  bytes 12758 (12.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0-nic: flags=4098<BROADCAST,MULTICAST>  mtu 1500
        ether 52:54:00:92:e0:98  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virsh -c qemu:///system net-dumpxml default

<network>
  <name>default</name>
  <uuid>010d682a-1686-4276-9a91-4653198a0029</uuid>
  <forward mode='nat'>
    <nat>
      <port start='1024' end='65535'/>
    </nat>
  </forward>
  <bridge name='virbr0' stp='on' delay='0'/>
  <mac address='52:54:00:92:e0:98'/>
  <ip address='10.10.0.1' netmask='255.255.0.0'>
    <dhcp>
      <range start='10.10.0.10' end='10.10.0.254'/>
    </dhcp>
  </ip>
</network>

iptables -L

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:domain
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:domain
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootps
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:bootps

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  anywhere             10.10.0.0/16         ctstate RELATED,ESTABLISHED
ACCEPT     all  --  10.10.0.0/16         anywhere            
ACCEPT     all  --  anywhere             anywhere            
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable
ACCEPT     all  --  anywhere             10.10.0.0/16        

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  anywhere             anywhere             udp dpt:bootpc

iptables -t nat -L

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
RETURN     all  --  10.10.0.0/16         base-address.mcast.net/24 
RETURN     all  --  10.10.0.0/16         255.255.255.255     
MASQUERADE  tcp  --  10.10.0.0/16        !10.10.0.0/16         masq ports: 1024-65535
MASQUERADE  udp  --  10.10.0.0/16        !10.10.0.0/16         masq ports: 1024-65535
MASQUERADE  all  --  10.10.0.0/16        !10.10.0.0/16

Lone_Wolf · 2018-10-28 14:23:32

For clarity : the host is running archlinux and those config files are from your host ?

Does the problem only occur with windows guests or also with linux guests ?
Does starting the vm directly from cli work better ?

hkk · 2018-10-28 17:38:35

Yes, Arch is my host system and these configs are from it.
And the problem isn't only on Windows. Every single VM can't get a proper address from the DHCP and has no internet access. Linux too (I've tested Debian, Fedora and Arch).
And the CLI is doing here no difference.

Last edited by hkk (2018-10-28 17:45:28)

plutosrings · 2018-12-26 23:55:14

Have you checked this thread out:
https://www.reddit.com/r/archlinux/comm … t_working/

Problem is related to the default backend for firewalld being nftables now whereas libvirt still expects this to be iptables,

Change the value in /etc/firewalld/firewalld.conf to:

FirewallBackend=iptables

Restart firewalld & libvirtd

Fixes this for me, be sure you have dnsmasq installed as well... Some claim you need ebtables, but my VMs work without this as of right now.

Arch Linux

#1 2018-10-28 12:25:52

No internet access behind NAT on VM [QEMU] [KVM]

#2 2018-10-28 14:23:32

Re: No internet access behind NAT on VM [QEMU] [KVM]

#3 2018-10-28 17:38:35

Re: No internet access behind NAT on VM [QEMU] [KVM]

#4 2018-12-26 23:55:14

Re: No internet access behind NAT on VM [QEMU] [KVM]

Board footer