You are not logged in.
Hello,
I am running a qemu arch virtual machine in arch system with libvirt. I am using it for various test and learning purposes. I have installed the image via vagrant but I am not using vagrant for start, stop etc. actions since it is dead slow. Previously installing firewalld I was able to ping/access the guest machine via my terminal. After firewalld installation and following configuration I can not ping/access the guest virtual machine. eth0 is the real interface of the host (physical) machine, virbr1 is the special network created by vagrant on libvirt. I can login the the guest virtual machine via virt-manager and ping my host machine and network.
3: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 98:ee:cb:be:eb:8a brd ff:ff:ff:ff:ff:ff
altname enp0s20f0u3u3
inet 192.168.1.10/24 brd 192.168.1.255 scope global eth1
valid_lft forever preferred_lft forever
4: virbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54:00:37:b8:b4 brd ff:ff:ff:ff:ff:ff
inet 192.168.121.1/24 brd 192.168.121.255 scope global virbr1
valid_lft forever preferred_lft foreverRoute settings on the host machine are as follows
default via 192.168.1.1 dev eth1 proto static
192.168.1.0/24 dev eth0 proto kernel scope link src 192.168.1.10
192.168.121.0/24 dev virbr1 proto kernel scope link src 192.168.121.1I have added eth0 to public zone, which is the default zone, in firewalld. Public zone settings as follows.
sudo firewall-cmd --zone=public --list-all
public (active)
target: default
icmp-block-inversion: no
interfaces: eth1
sources:
services: dhcpv6-client
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:I have added the interface virtbr1 to libvirt zone which is created by libvirt package during installation.
sudo firewall-cmd --zone=libvirt --list-all
libvirt (active)
target: ACCEPT
icmp-block-inversion: no
interfaces: virbr1
sources:
services: dhcp dhcpv6 dns libvirt ssh tftp
ports:
protocols: icmp ipv6-icmp
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:
rule priority="32767" rejectI am also using home zone with following settings
sudo firewall-cmd --zone=home --list-all
home (active)
target: default
icmp-block-inversion: no
interfaces:
sources: 192.168.1.0/24
services: dhcpv6-client samba-client ssh
ports:
protocols:
forward: yes
masquerade: no
forward-ports:
source-ports:
icmp-blocks:
rich rules:In summary:
Currently I can not ping or access the guest machine, but guest machine can ping/access the network. What will be proper configuration for this?
Offline
Did you manage to solve your issue by any chance? I have a very similar problem: https://listman.redhat.com/archives/lib … 14021.html
Offline
Hello,
Currently I am far away from my machine and can not access it, but as far as I can remember, I had to define policy to route traffic between zones for incoming and outgoing traffic. You can find sample polices at /usr/lib/firewalld/policies which are created by libvirt.
I hope it helps.
Offline