You are not logged in.

#1 2024-06-18 09:00:40

othersamo_
Member
From: Braislava
Registered: 2020-10-26
Posts: 137

UFW blocks internet access to QEMU machine

Hello,
I have a Windows VM set up via QEMU. However, it is unable to connect to the internet. Probably because UFW blocks it.

My setup for the virtual machine:
Basically a default NAT connection, here is the XML:

<interface type="network">
  <mac address="52:54:00:c0:98:e3"/>
  <source network="default"/>
  <model type="e1000e"/>
  <address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>

It is also set to start up with the machine:

<network connections="1">
  <name>default</name>
  <uuid>4431c2fa-d73d-425e-b206-c9ad46dd81dd</uuid>
  <forward mode="nat">
    <nat>
      <port start="1024" end="65535"/>
    </nat>
  </forward>
  <bridge name="virbr0" stp="on" delay="0"/>
  <mac address="52:54:00:eb:fe:5b"/>
  <ip address="192.168.122.1" netmask="255.255.255.0">
    <dhcp>
      <range start="192.168.122.2" end="192.168.122.254"/>
    </dhcp>
  </ip>
</network>

My firewall setup:
I did this via KDE Settings and have Incoming set to Ignore and Outgoing to Allow. I do not have any extra rules.

The reason why I guess this is firewall related it that when I disable it, machine connects successfully I am able to reach the internet. However, with the firewall is enabled, I cannot.

This also had to come up with some recent changes because when I tried this on my old laptop, it did not work either (on 12th June virtiofsd was updated). That system has had the same VM with the same config for the past 2 years and the connection stopped working recently.

Last edited by othersamo_ (2024-06-18 13:47:12)


"Why join the navy if you can be a pirate?"
- Steve Jobs

Offline

#2 2024-06-18 13:46:51

othersamo_
Member
From: Braislava
Registered: 2020-10-26
Posts: 137

Re: UFW blocks internet access to QEMU machine

I have tried setting my ufw to allow incoming/outgoing traffic virbr0 "sudo ufw allow in/out on virbr0" via. Whilst that makes the machine connected to the internet, I can only ping available servers via cmd. When I try to load the web page, it fails. If I disable the firewall, it starts to work again.

EDIT: This only worked once. After re-setting it, it does not work anymore.

Last edited by othersamo_ (2024-06-18 18:02:00)


"Why join the navy if you can be a pirate?"
- Steve Jobs

Offline

#3 2024-06-18 13:49:33

cryptearth
Member
Registered: 2024-02-03
Posts: 344

Re: UFW blocks internet access to QEMU machine

if you can ping a target but not connect to a website this sound like the browser fails to resolve the dns o an ip.

Offline

#4 2024-06-18 16:30:45

othersamo_
Member
From: Braislava
Registered: 2020-10-26
Posts: 137

Re: UFW blocks internet access to QEMU machine

Does it mean that I  have configure DNS servers inside of the machine to 1.1.1.1 as it is probably defaulting to a dns server it cannot reach?


"Why join the navy if you can be a pirate?"
- Steve Jobs

Offline

#5 2024-06-18 18:00:52

othersamo_
Member
From: Braislava
Registered: 2020-10-26
Posts: 137

Re: UFW blocks internet access to QEMU machine

Well, it unfortunately does not work anymore even if I enable it on firewall. This means even with the mentioned firewall rules I cannot even ping anything. It worked once and that was it.


"Why join the navy if you can be a pirate?"
- Steve Jobs

Offline

#6 2024-06-20 12:32:44

zer0_me
Member
Registered: 2020-11-22
Posts: 4

Re: UFW blocks internet access to QEMU machine

I had the same issue, DHCP requests do not work anymore. I have no idea if this is a bug or if it is expected behavior, but these gufw rules helped:

[Rule0]
ufw_rule = Anywhere on virbr0 ALLOW IN Anywhere
description = QEMU NAT
command = /usr/sbin/ufw allow in on virbr0 from any to any
policy = allow
direction = in
protocol = 
from_ip = any
from_port = 
to_ip = any
to_port = 
iface = virbr0
routed = 
logging = 

[Rule1]
ufw_rule = Anywhere (v6) on virbr0 ALLOW IN Anywhere (v6)
description = QEMU NAT
command = /usr/sbin/ufw allow in on virbr0 from any to any
policy = allow
direction = in
protocol = 
from_ip = any
from_port = 
to_ip = any
to_port = 
iface = virbr0
routed = 
logging = 

// edit: looks like this is only a partial fix. DHCP is working now, but it's not possible to establish an internet connection.

Last edited by zer0_me (2024-06-20 12:55:30)

Offline

#7 2024-06-20 14:25:08

cryptearth
Member
Registered: 2024-02-03
Posts: 344

Re: UFW blocks internet access to QEMU machine

Although I can understand the requirement for nat networking (if you're on mobile or a campus or other public network) I switched to bridged networking so the vm becomes part of my regular lan. Can't help unless using a bridge is an option.

Offline

#8 2024-06-24 22:19:26

othersamo_
Member
From: Braislava
Registered: 2020-10-26
Posts: 137

Re: UFW blocks internet access to QEMU machine

zer0_me wrote:

// edit: looks like this is only a partial fix. DHCP is working now, but it's not possible to establish an internet connection.

So basically with this the machine gets ip address but cannot connect to the internet?


"Why join the navy if you can be a pirate?"
- Steve Jobs

Offline

#9 2024-06-28 17:15:05

zer0_me
Member
Registered: 2020-11-22
Posts: 4

Re: UFW blocks internet access to QEMU machine

othersamo_ wrote:
zer0_me wrote:

// edit: looks like this is only a partial fix. DHCP is working now, but it's not possible to establish an internet connection.

So basically with this the machine gets ip address but cannot connect to the internet?

exactly. actual fix is here: https://www.reddit.com/r/archlinux/comm … t/l7iiale/

Offline

#10 2024-06-29 10:37:17

resu_xunilhcrA
Member
Registered: 2024-05-08
Posts: 6

Re: UFW blocks internet access to QEMU machine

Did you tried this ?

adonesp wrote:

You need to set firewall_backend=iptables in /etc/libvirt/network.conf

source : https://bbs.archlinux.org/viewtopic.php … 0#p2180700


Edit : @zer0_me I missed your answer... sorry !

Last edited by resu_xunilhcrA (2024-06-29 10:39:31)

Offline

Board footer

Powered by FluxBB