Arch Linux

not_woowoo

Member

Registered: 2024-01-14

Posts: 3

[SOLVED] No Network Connectivity in Virt Manager with KVM/QEMU

Hello everyone!

I recently installed arch, and I've been trying to set up a QEMU/KVM Windows VM. For the last few days I've been running into networking problems. Within the VM, an ethernet network adapter is detected and being used by Windows, but there is no internet access.

As per suggested on the wiki, I've installed dnsmasq, and iptables-nft. I've also seen it suggested to use iptables instead of iptables-nft, but this did not work for me.

I'm using the default NAT network setup with a virtio device model, and I've successfully installed the virtio network drivers in the VM. However, as previously mentioned, even though Windows detects and uses the network adapter, it cannot access the internet.

I'm not very well-versed in Linux networking concepts, but I think it's worth mentioning that I previously had ufw installed. I tried allowing everything and also tried removing ufw. Also, I tried installing firewalld in its place (I think firewalld was suggested somewhere for my issue). Currently, I have no extra firewall software installed, but could it be possible that a past ufw or firewalld configuration has broken something?

From the output of "ip addr", it seems that the virtual network switch is up and running:

4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 52:54:00:e5:8e:f2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
8: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:60:2b:e8 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fe60:2be8/64 scope link proto kernel_ll
       valid_lft forever preferred_lft forever

Additionally, the libvirtd logs (sudo systemctl status libvirtd) do not indicate any problems (other than the presence of dmidecode, which seems to be an optional dependency unrelated to networking):

● libvirtd.service - libvirt legacy monolithic daemon
     Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; disabled; preset: disabled)
     Active: active (running) since Sun 2024-01-14 18:08:39 CST; 10min ago
TriggeredBy: ● libvirtd.socket
             ● libvirtd-admin.socket
             ● libvirtd-ro.socket
       Docs: man:libvirtd(8)
             https://libvirt.org/
   Main PID: 5292 (libvirtd)
      Tasks: 24 (limit: 32768)
     Memory: 38.4M (peak: 43.0M)
        CPU: 1.045s
     CGroup: /system.slice/libvirtd.service
             ├─1252 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
             ├─1253 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
             └─5292 /usr/bin/libvirtd --timeout 120

Jan 14 18:08:39 lucasbox dnsmasq[1252]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 names
Jan 14 18:08:39 lucasbox dnsmasq-dhcp[1252]: read /var/lib/libvirt/dnsmasq/default.hostsfile
Jan 14 18:08:39 lucasbox libvirtd[5292]: libvirt version: 9.10.0
Jan 14 18:08:39 lucasbox libvirtd[5292]: hostname: lucasbox
Jan 14 18:08:39 lucasbox libvirtd[5292]: Cannot find 'dmidecode' in path: No such file or directory
Jan 14 18:08:39 lucasbox libvirtd[5292]: Cannot find 'dmidecode' in path: No such file or directory
Jan 14 18:08:59 lucasbox dnsmasq-dhcp[1252]: DHCPDISCOVER(virbr0) 192.168.122.145 52:54:00:60:2b:e8
Jan 14 18:08:59 lucasbox dnsmasq-dhcp[1252]: DHCPOFFER(virbr0) 192.168.122.145 52:54:00:60:2b:e8
Jan 14 18:08:59 lucasbox dnsmasq-dhcp[1252]: DHCPREQUEST(virbr0) 192.168.122.145 52:54:00:60:2b:e8
Jan 14 18:08:59 lucasbox dnsmasq-dhcp[1252]: DHCPACK(virbr0) 192.168.122.145 52:54:00:60:2b:e8 DESKTOP-AC59B2A

I had also previously tried a similar setup with QEMU by itself (without libvirt):

#!/bin/sh

VIRTPATH=/home/lucas/virt

WINIMG="${VIRTPATH}/Win10_22H2_English_x64v1.iso"
VIRTIMG="${VIRTPATH}/virtio-win-0.1.240.iso"
DISKIMG="${VIRTPATH}/win10-prod.img"

args=(

    qemu-system-x86_64

    # -enable-kvm
    -accel kvm

    # -cdrom ${VIRTIMG}
    -drive file=${WINIMG},index=2,media=cdrom
    -drive file=${VIRTIMG},index=3,media=cdrom
    -drive file=${DISKIMG},format=raw,if=virtio,cache=none
    -boot order=d

    -m 8G

    # Flags after host are for windows performance
    -cpu host,hv_relaxed,hv_spinlocks=0x1fff,hv_vapic,hv_time

    # -smp cores=2

    -vga none
    -device VGA,edid=on,xres=2560,yres=1440

    # -device virtio-net,netdev=vmnic  -netdev user,id=vmnic
    -net nic,model=virtio
    -net user
    #-net user

    -display gtk

    -usb
    -device usb-tablet

    -rtc base=localtime,clock=host
)

${args[@]}

This configuration seems to have exactly the same problem (FYI: I tried raw QEMU before and after installing libvirt, but I can't imagine that the presence of libvirt would change anything here). I'm not too familiar with QEMU flags, so it's quite likely the case that something is wrong with my setup (although, that wouldn't explain the problem with the separate virt manager setup).

I can provide more information if needed

Last edited by not_woowoo (2024-01-15 03:18:34)

not_woowoo

Member

Registered: 2024-01-14

Posts: 3

Re: [SOLVED] No Network Connectivity in Virt Manager with KVM/QEMU

I gave up on using NAT, and I just set up a tap device and made virt manager use that

Important note for others trying to do this: have the VM instance use the bridge directly rather than set up a new network device in virt manager!

denyska

Member

From: Ukraine

Registered: 2024-06-07

Posts: 5

Website

Re: [SOLVED] No Network Connectivity in Virt Manager with KVM/QEMU

Hello, thanks for your information. I faced the same problem as you. Please write in more detail how you solved this problem, thank you.

cryptearth

Member

Registered: 2024-02-03

Posts: 1,483

Re: [SOLVED] No Network Connectivity in Virt Manager with KVM/QEMU

The issue is within windows having issue with the virtualized NIC - nothing with qemu or using NAT vs bridge.
Funny enough: The NIC works fine in WinPE but not in the installed system.
To fix it: Open device manager - right click on the nic - select "uninstall device" - mark the top most entry and select "scan for hardware". The NIC will be re-discovered and re-installed and then will work.
Another option is to remove the default e1000 nic and add a virtio one with installing the virtio drivers from fedora.

adonesp

Member

Registered: 2016-03-02

Posts: 4

Re: [SOLVED] No Network Connectivity in Virt Manager with KVM/QEMU

You need to set firewall_backend=iptables in /etc/libvirt/network.conf

resu_xunilhcrA

Member

Registered: 2024-05-08

Posts: 6

Re: [SOLVED] No Network Connectivity in Virt Manager with KVM/QEMU

You need to set firewall_backend=iptables in /etc/libvirt/network.conf

Many thanks ! works like a charm

danleyb2

Member

From: Nairobi

Registered: 2023-05-05

Posts: 1

Website

Re: [SOLVED] No Network Connectivity in Virt Manager with KVM/QEMU

You need to set firewall_backend=iptables in /etc/libvirt/network.conf

worked for me

verso

Member

Registered: 2024-09-10

Posts: 1

Re: [SOLVED] No Network Connectivity in Virt Manager with KVM/QEMU

You need to set firewall_backend=iptables in /etc/libvirt/network.conf

You are my hero! Worked

Menkent

Member

Registered: 2023-08-23

Posts: 3

Re: [SOLVED] No Network Connectivity in Virt Manager with KVM/QEMU

I have the same problem and I have also tried to create another bridge interface and I have no connectivity either with the host or with the internet.

I will try adding the configuration line firewall_backend=iptables in /etc/libvirt/network.conf.
or ntftables

But I would like to take this opportunity to ask about a related issue.

I understand that `iptables` and `nfttables` do the same thing and that there are packages like `ufw` and `firewalld` that go on top of them for more friendly control. In my particular case I use `ufw` from cli or NetworkManager in KDE plasma.

Looking at my system:

pacman -Qi iptables | grep Required       
Required By : iproute2 ufw

pacman -Qi nftables | grep Required           
Required By : dnsmasq iptables-nft

And on the other hand, both systemd services `iptables` and `nftables` are disabled, but `ufw` is enabled (`dnsmasq` is also disabled).

My questions:
If `ufw` is enabled and uses iptables, why is iptables not enabled?

Is it possible to use `iptables` and `nftables` at the same time, which one has control? It's not that I want to use both at the same time, in fact I think I'll stick with iptables and ufw, but I see that the package is required by other services and I wonder if this might cause conflict.

According with this info.

cat /etc/libvirt/network.conf                  
# Master configuration file for the network driver.
# All settings described here are optional - if omitted, sensible
# defaults are used.

# firewall_backend:
#
#   determines which subsystem to use to setup firewall packet
#   filtering rules for virtual networks.
#
#   Supported settings:
#
#     iptables - use iptables commands to construct the firewall
#     nftables - use nft commands to construct the firewall
#
#   If firewall_backend isn't configured, libvirt will choose the
#   first available backend from the following list:
#
#     [nftables, iptables]
#
#   If no backend is available on the host, then the network driver
#   will fail to start, and an error will be logged.
#
#   (NB: switching from one backend to another while there are active
#   virtual networks *is* supported. The change will take place the
#   next time that libvirtd/virtnetworkd is restarted - all existing
#   virtual networks will have their old firewalls removed, and then
#   reloaded using the new backend.)
#
#firewall_backend = "nftables"

Can I have my system with iptables + ufw and let virt-manager use nftables? 

What I don't quite understand is if there is any conflict between iptables and nftables and between services that use these as packages like iproute2 and dnsmasq.

Should you start using nftables and drop iptables?

Last edited by Menkent (2024-09-13 13:13:41)

TheDeadCell

Member

Registered: 2022-08-07

Posts: 5

Re: [SOLVED] No Network Connectivity in Virt Manager with KVM/QEMU

You need to set firewall_backend=iptables in /etc/libvirt/network.conf

This and restarting the libvirtd service solved my problem, thank you!!!

colpepe

Member

Registered: 2025-06-08

Posts: 2

Re: [SOLVED] No Network Connectivity in Virt Manager with KVM/QEMU

adonesp's fix also solved my issue. Newbie PSA: close your VM before restarting libvirtd...