You are not logged in.
Pages: 1
Hello,
I have a Windows VM set up via QEMU. However, it is unable to connect to the internet. Probably because UFW blocks it.
My setup for the virtual machine:
Basically a default NAT connection, here is the XML:
<interface type="network">
<mac address="52:54:00:c0:98:e3"/>
<source network="default"/>
<model type="e1000e"/>
<address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>It is also set to start up with the machine:
<network connections="1">
<name>default</name>
<uuid>4431c2fa-d73d-425e-b206-c9ad46dd81dd</uuid>
<forward mode="nat">
<nat>
<port start="1024" end="65535"/>
</nat>
</forward>
<bridge name="virbr0" stp="on" delay="0"/>
<mac address="52:54:00:eb:fe:5b"/>
<ip address="192.168.122.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.122.2" end="192.168.122.254"/>
</dhcp>
</ip>
</network>My firewall setup:
I did this via KDE Settings and have Incoming set to Ignore and Outgoing to Allow. I do not have any extra rules.
The reason why I guess this is firewall related it that when I disable it, machine connects successfully I am able to reach the internet. However, with the firewall is enabled, I cannot.
This also had to come up with some recent changes because when I tried this on my old laptop, it did not work either (on 12th June virtiofsd was updated). That system has had the same VM with the same config for the past 2 years and the connection stopped working recently.
Last edited by othersamo_ (2024-06-18 13:47:12)
"Why join the navy if you can be a pirate?"
- Steve Jobs
Offline
I have tried setting my ufw to allow incoming/outgoing traffic virbr0 "sudo ufw allow in/out on virbr0" via. Whilst that makes the machine connected to the internet, I can only ping available servers via cmd. When I try to load the web page, it fails. If I disable the firewall, it starts to work again.
EDIT: This only worked once. After re-setting it, it does not work anymore.
Last edited by othersamo_ (2024-06-18 18:02:00)
"Why join the navy if you can be a pirate?"
- Steve Jobs
Offline
if you can ping a target but not connect to a website this sound like the browser fails to resolve the dns o an ip.
Offline
Does it mean that I have configure DNS servers inside of the machine to 1.1.1.1 as it is probably defaulting to a dns server it cannot reach?
"Why join the navy if you can be a pirate?"
- Steve Jobs
Offline
Well, it unfortunately does not work anymore even if I enable it on firewall. This means even with the mentioned firewall rules I cannot even ping anything. It worked once and that was it.
"Why join the navy if you can be a pirate?"
- Steve Jobs
Offline
I had the same issue, DHCP requests do not work anymore. I have no idea if this is a bug or if it is expected behavior, but these gufw rules helped:
[Rule0]
ufw_rule = Anywhere on virbr0 ALLOW IN Anywhere
description = QEMU NAT
command = /usr/sbin/ufw allow in on virbr0 from any to any
policy = allow
direction = in
protocol =
from_ip = any
from_port =
to_ip = any
to_port =
iface = virbr0
routed =
logging =
[Rule1]
ufw_rule = Anywhere (v6) on virbr0 ALLOW IN Anywhere (v6)
description = QEMU NAT
command = /usr/sbin/ufw allow in on virbr0 from any to any
policy = allow
direction = in
protocol =
from_ip = any
from_port =
to_ip = any
to_port =
iface = virbr0
routed =
logging = // edit: looks like this is only a partial fix. DHCP is working now, but it's not possible to establish an internet connection.
Last edited by zer0_me (2024-06-20 12:55:30)
Offline
Although I can understand the requirement for nat networking (if you're on mobile or a campus or other public network) I switched to bridged networking so the vm becomes part of my regular lan. Can't help unless using a bridge is an option.
Offline
// edit: looks like this is only a partial fix. DHCP is working now, but it's not possible to establish an internet connection.
So basically with this the machine gets ip address but cannot connect to the internet?
"Why join the navy if you can be a pirate?"
- Steve Jobs
Offline
zer0_me wrote:// edit: looks like this is only a partial fix. DHCP is working now, but it's not possible to establish an internet connection.
So basically with this the machine gets ip address but cannot connect to the internet?
exactly. actual fix is here: https://www.reddit.com/r/archlinux/comm … t/l7iiale/
Offline
Did you tried this ?
You need to set firewall_backend=iptables in /etc/libvirt/network.conf
source : https://bbs.archlinux.org/viewtopic.php … 0#p2180700
Edit : @zer0_me I missed your answer... sorry !
Last edited by resu_xunilhcrA (2024-06-29 10:39:31)
Offline
Pages: 1