| View previous topic :: View next topic |
| Author |
Message |
Rockman8
n00b
Joined: 19 Sep 2023
Posts: 36
|
 Posted: Fri Aug 09, 2024 9:11 pm Post subject: Got no internet with qemu/kvm and firewalld/nftables. |
 |
|
Hello guys,
As stated above I got no internet when running vmm/libvirt/qemu/kvm with firewalld/nftables.
When I first ran virsh net-list I did not find any network.
Then I proceeded to include with virsh net-define /usr/share/libvirt/networks/default.xml, but there was no networks folder. So I used the /etc/libvirt/qemu/networks/default.xml
When I run the virsh net-list as non-root, there is no network although my current user is belongs to libvirt group.
But if i do run virsh net-list as root I do find the default network.
When I run virsh edit vmName as root I found out that this file is located in /tmp/some_random_numbers&letters
Which enabled me to activate default NAT network.
I tried to install both Windows Server and Ubuntu only to find that both did not have any connection to internet.
If I go into virt-manager > virtual hardware details > virtual network interface (NIC: ca:df:7d) and on IP address it shows unknown and then click to "recycle" ip adddres nothing happens.
Here's the default's content
| Code: |
<network>
<name>default</name>
<uuid>e5985c4b-37e7-419a-900a-3f02e86df9bd</uuid>
<forward mode='nat'/>
<bridge name='virbr0' stp='on' delay='0'/>
<mac address='52:54:00:1c:8c:b8'/>
<ip address='192.168.122.1' netmask='255.255.255.0'>
<dhcp>
<range start='192.168.122.2' end='192.168.122.254'/>
</dhcp>
</ip>
</network>
ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp10s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 60:a4:4c:62:f4:ab brd ff:ff:ff:ff:ff:ff
3: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
4: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/sit 0.0.0.0 brd 0.0.0.0
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000
link/ether 52:54:00:1c:8c:b8 brd ff:ff:ff:ff:ff:ff
|
If you wish to check nft rules' content or kernel config just ask.
edit:
I just got internet working on vm but as soon as I got it working I lost internet connection on the host
| Code: |
ip link set enp10s0 master virbr0
|
but as soon I run the above command enp10s0 loses its' ip.
| Code: |
ip link
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: enp10s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 60:a4:4c:62:f4:ab brd ff:ff:ff:ff:ff:ff
3: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
4: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN mode DEFAULT group default qlen 1000
link/sit 0.0.0.0 brd 0.0.0.0
5: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 52:54:00:1c:8c:b8 brd ff:ff:ff:ff:ff:ff
7: vnet1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr0 state UNKNOWN mode DEFAULT group default qlen 1000
link/ether fe:54:00:ee:22:fb brd ff:ff:ff:ff:ff:ff
|
at this state I have internet working on vm but no internet on the host
How can i get internet working on the host and guest?
Thanks in advance. |
|
| Back to top |
|
 |
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3916
|
| Posted: Sun Aug 11, 2024 6:00 pm Post subject: |
|
|
Is this openrc or systemd system?
Is enp10s0 your host ethernet iface?
How do you configure it?
NetworkManager or netifrc?
Can you post
| Code: |
cat /etc/conf.d/net
|
This
| Code: |
ip link set enp10s0 master virbr0
|
seems wrong.What are you trying to achieve?
Temporarily disable firewalld and install a binary kernel and see if it works.
You do NOT need to do any manual config in kvm default nat network.It should work out of the box via virt-manager.
Do you need bridged or nat networking for your vm?
_________________
 |
|
| Back to top |
|
|
Rockman8
n00b
Joined: 19 Sep 2023
Posts: 36
|
| Posted: Thu Aug 15, 2024 5:50 pm Post subject: |
|
|
Hello alamahant!!!
Sorry for my late reply.
But allow me to answer your questions.
| Quote: | | Is this openrc or systemd system? |
OpenRC
| Quote: | | Is enp10s0 your host ethernet iface? |
Yes
| Quote: | | How do you configure it? |
I configured it along with gentoo handbook at the time.
| Quote: | | NetworkManager or netifrc? |
netifrc
| Quote: | Can you post
| Code: | | cat /etc/conf.d/net |
|
| Code: | config_eth0="dhcp" <---------- inactive, enp10s0 used to be eth0, I left there just in case.
config_enp10s0="dhcp" |
| Quote: | This
| Code: | | ip link set enp10s0 master virbr0 |
seems wrong.What are you trying to achieve? |
I wanted to have my vm's to communicate with each other and reach the internet
| Quote: | | Do you need bridged or nat networking for your vm? |
I'm new into this. But allow me to explain what I wanted to achieve. I was planning to run Windows Server 2022 and deploy into another vm.
How do I know that libvirt is running dnsmasq?
When i run
| Code: | ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: enp10s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 60:a4:4c:62:f4:ab brd ff:ff:ff:ff:ff:ff
inet 192.168.15.25/24 brd 192.168.15.255 scope global dynamic noprefixroute enp10s0
valid_lft 12411sec preferred_lft 10611sec
inet6 2804:7f0:7b42:b970:ac33:9d8d:99e9:a4cb/64 scope global dynamic mngtmpaddr noprefixroute
valid_lft 43175sec preferred_lft 43175sec
inet6 fe80::348c:aa83:40a0:ae05/64 scope link
valid_lft forever preferred_lft forever
3: tunl0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/ipip 0.0.0.0 brd 0.0.0.0
4: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default qlen 1000
link/sit 0.0.0.0 brd 0.0.0.0
5: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54:00:f0:38:3e brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
6: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr0 state UNKNOWN group default qlen 1000
link/ether fe:54:00:e5:44:e1 brd ff:ff:ff:ff:ff:ff
inet6 fe80::fc54:ff:fee5:44e1/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever |
vnet0 state is unknown
I'm using virt-manager to run my VM
When I click on "Check virtual hardware details" and click on NIC :e5:44:e1
Virtual Network Interface
Network source: Virtual network 'default': NAT
device: model
MAC address 52:54:00:e5:44:e1
IP address: Unknown (If click on recycle button next to it nothing happens)
Link State: active (check box is ticked)
if I run ipconfig on powershell (vmGuest - Windows Server 2022)
| Code: | Windows IP Configuration
Ethernet adapter Ethernet Instance 0 2:
Connection-specific DNS Suffix . :
Link-local IPv6 Address . . . . . : fe80::e103:6ca9:fec5:f6c0%3
Autoconfiguration IPv4 Address. . : 169.254.246.192
Subnet Mask . . . . . . . . . . . : 255.255.0.0
Default Gateway . . . . . . . . . :
|
this what I get I click on Undentified network
| Code: | Metered connection Off
IP settings Automatic (DHCP)
DNS settings Automatic (DHCP)
Link speed (Receive/Transmit): 10/10 (Gbps)
Link-local IPv6 address: fe80::e103:6ca9:fec5:f6c0%3
IPv6 DNS servers: fec0:0:0:ffff::1%1 (Unencrypted)
fec0:0:0:ffff::2%1 (Unencrypted)
fec0:0:0:ffff::3%1 (Unencrypted)
Manufacturer: Red Hat, Inc.
Description: Red Hat VirtIO Ethernet Adapter
Driver version: 100.92.104.22900
Physical address (MAC): 52-54-00-E5-44-E1 |
Thanks for your attention,
rockman
Last edited by Rockman8 on Fri Aug 16, 2024 6:33 am; edited 2 times in total |
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3916
|
| Posted: Thu Aug 15, 2024 6:21 pm Post subject: |
|
|
Ok please downgrade dnsmasq to
| Code: |
net-dns/dnsmasq-2.89-r1
|
and try again to start default NAT via virt-manager.
If it works please open a bug for
| Code: |
net-dns/dnsmasq-2.90
|
mentioning that libvirtd "can not create a socket--address already in use" error when starting NAT.
Please make sure dnsmasq is neither enabled nor running when starting libvirtd.
_________________
|
|
| Back to top |
|
|
Rockman8
n00b
Joined: 19 Sep 2023
Posts: 36
|
| Posted: Thu Aug 15, 2024 7:08 pm Post subject: |
|
|
| Quote: | Ok please downgrade dnsmasq to
| Code: | | net-dns/dnsmasq-2.89-r1 |
|
Would you care to explain how can I safely downgrade a dependency?
Regards,
rockman |
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3916
|
| Posted: Thu Aug 15, 2024 7:19 pm Post subject: |
|
|
Yes
| Code: |
echo "=net-dns/dnsmasq-2.90" > /etc/portage/package.mask/dnsmasq
emerge -1av dnsmasq
|
_________________
|
|
| Back to top |
|
|
Rockman8
n00b
Joined: 19 Sep 2023
Posts: 36
|
| Posted: Thu Aug 15, 2024 7:53 pm Post subject: |
|
|
it's installed, also killed dnsmasq
| Code: | nobody 3528 0.0 0.0 3132 1792 ? S 13:45 0:00 /bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
root 3529 0.0 0.0 3132 768 ? S 13:45 0:00 /bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
|
if I run my VM with virt-manager it should launch dnsmasq along with it right? if it does not should I run it manually? |
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3916
|
| Posted: Thu Aug 15, 2024 8:15 pm Post subject: |
|
|
| Quote: | if I run my VM with virt-manager it should launch dnsmasq along with it right? if it does not should I run it manually?
|
It doesnt launch the service.I think it invokes tthe daemon directly.
Do not start it manually.
_________________
|
|
| Back to top |
|
|
Rockman8
n00b
Joined: 19 Sep 2023
Posts: 36
|
| Posted: Thu Aug 15, 2024 8:26 pm Post subject: |
|
|
I restarted the host, the actual machine, and still got nothing.
Would you clarify this to me?
Do you happen to have on /etc/libvirt/dnsmasq/default.xml? |
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3916
|
| Posted: Thu Aug 15, 2024 8:31 pm Post subject: |
|
|
No.
I have
| Code: |
/etc/libvirt/qemu/networks/default.xml
|
Can you post
_________________
|
|
| Back to top |
|
|
Rockman8
n00b
Joined: 19 Sep 2023
Posts: 36
|
| Posted: Thu Aug 15, 2024 8:48 pm Post subject: |
|
|
| Code: | emerge -pv libvirt
These are the packages that would be merged, in order:
Calculating dependencies... done!
Dependency resolution took 5.19 s (backtrack: 0/20).
[ebuild R ] app-emulation/libvirt-10.3.0-r2:0/10.3.0::gentoo USE="caps firewalld fuse libvirtd nls numa pcap (policykit) qemu udev virt-network -apparmor -audit -bash-completion -dtrace -glusterfs -iscsi -iscsi-direct -libssh -libssh2 -lvm -lxc -nbd -nfs (-openvz) -parted -rbd -sasl (-selinux) -test -verify-sig -virtiofsd -virtualbox -wireshark-plugins -xen -zfs" 0 KiB
Total: 1 package (1 reinstall), Size of downloads: 0 KiB |
|
|
| Back to top |
|
|
alamahant
Advocate
Joined: 23 Mar 2019
Posts: 3916
|
| Posted: Thu Aug 15, 2024 8:53 pm Post subject: |
|
|
Ok if you still have problems try first stopping firewalld and check.
Then install
| Code: |
emerge -1av gentoo-kernel-bin
|
If it works then you know your current kernel lacks some net related functionality.
Also make sure you have
| Code: |
net.ipv4.ip_forward = 1
|
in /etc/sysctl.d/<>.conf
Plz Do open a bug report for
dnsmasq-2,90
I checked it also and libvirt NAT networks wont start with it.
_________________
|
|
| Back to top |
|
|
Rockman8
n00b
Joined: 19 Sep 2023
Posts: 36
|
| Posted: Fri Aug 16, 2024 4:32 am Post subject: |
|
|
| Quote: | Ok if you still have problems try first stopping firewalld and check.
Then install
| Code: | | emerge -1av gentoo-kernel-bin |
If it works then you know your current kernel lacks some net related functionality. |
Is there an alternative way? Just tried to boot up with kernel-bin but it won't get along well with my lvm setup.
| Quote: | Also make sure you have
| Code: | | net.ipv4.ip_forward = 1 |
in /etc/sysctl.d/<>.conf |
Just placed a file in there.
Restarted and it won't do.
Also stopping firewalld will stop libvirtd too. |
|
| Back to top |
|
|
Rockman8
n00b
Joined: 19 Sep 2023
Posts: 36
|
| Posted: Fri Aug 16, 2024 6:32 am Post subject: |
|
|
| Quote: | | Also stopping firewalld will stop libvirtd too. |
Finally my vm got an ip, just disabling nftables allowed my vm to reach internet, now I can check whether dnsmasq 2.90 is working or not, but I'm sure 2.89 does work.
And how to make libvirt work with nftables although there's a libvirt zone on firewalld. |
|
| Back to top |
|
|
Rockman8
n00b
Joined: 19 Sep 2023
Posts: 36
|
| Posted: Mon Aug 19, 2024 9:48 pm Post subject: |
|
|
| Updated dnsmasq back to 2.90 and everything works, nftables service is disabled and firewalld is enabled though. |
|
| Back to top |
|
|
|
Networking & Security
