Cant access virtual machine from hypervisor

Hi, i recently installed a windows 10 vm.
I added a network interface attached to br0.
I can connect to all networks from the vm but i cant access the vm trough the address (like rdp or ping) from the hypervisor…
From other clients on network i can access the vm…
I noticed that a new interface shows up when the vm has been started → vnet0 connected to br0
maybee i have to add some firewall rules for that?
I have to add a device to /etc/sysconfig/network/ifcfg-

libvirt shows me this:


<interface type='bridge'>
      <mac address='52:54:00:ed:a9:25'/>
      <source bridge='br0'/>
      <target dev='vnet0'/>
      <model type='e1000'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>


brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.0015177019a4       no              p1p1
                                                        p2p1
                                                        vnet0



wicked show all
lo              up
      link:     #1, state up
      type:     loopback
      config:   compat:suse:/etc/sysconfig/network/ifcfg-lo
      leases:   ipv4 static granted
      addr:     ipv4 127.0.0.1/8 [static]




em1             up
      link:     #2, state up, mtu 1500
      type:     ethernet, hwaddr 18:66:da:38:76:61
      config:   compat:suse:/etc/sysconfig/network/ifcfg-em1




p1p1            enslaved
      link:     #3, state up, mtu 1500, master br0
      type:     ethernet, hwaddr 00:15:17:90:1d:6f
      config:   compat:suse:/etc/sysconfig/network/ifcfg-p1p1




p2p1            enslaved
      link:     #4, state device-up, mtu 1500, master br0
      type:     ethernet, hwaddr 00:15:17:70:19:a4
      config:   compat:suse:/etc/sysconfig/network/ifcfg-p2p1




br0             up
      link:     #5, state up, mtu 1500
      type:     bridge
      config:   compat:suse:/etc/sysconfig/network/ifcfg-br0
      leases:   ipv4 static granted
      addr:     ipv4 192.168.1.10/24 [static]
      route:    ipv4 default via 192.168.1.1 [static]




tun0            device-unconfigured
      link:     #6, state up, mtu 1500
      type:     tun
      addr:     ipv4 10.0.0.1/32




vnet0           device-unconfigured
      link:     #11, state up, mtu 1500, master br0
      type:     tap, hwaddr fe:54:00:ed:a9:25


route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    0      0        0 br0
10.0.0.0        10.0.0.2        255.255.255.0   UG    0      0        0 tun0
10.0.0.2        *               255.255.255.255 UH    0      0        0 tun0
192.168.1.0     *               255.255.255.0   U     0      0        0 br0


iptables-save
# Generated by iptables-save v1.4.21 on Thu Feb 23 09:14:22 2017
*nat
:PREROUTING ACCEPT [79:10501]
:INPUT ACCEPT [3:146]
:OUTPUT ACCEPT [21:1901]
:POSTROUTING ACCEPT [89:11373]
-A POSTROUTING -s 10.0.0.0/24 -o br0 -j MASQUERADE
COMMIT
# Completed on Thu Feb 23 09:14:22 2017
# Generated by iptables-save v1.4.21 on Thu Feb 23 09:14:22 2017
*raw
:PREROUTING ACCEPT [2822:362960]
:OUTPUT ACCEPT [1463:329302]
-A PREROUTING -i lo -j CT --notrack
-A OUTPUT -o lo -j CT --notrack
COMMIT
# Completed on Thu Feb 23 09:14:22 2017
# Generated by iptables-save v1.4.21 on Thu Feb 23 09:14:22 2017
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1434:326706]
:forward_ext - [0:0]
:forward_int - [0:0]
:input_ext - [0:0]
:input_int - [0:0]
:reject_func - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED -j LOG --log-prefix "SFW2-IN-ACC-EST " --log-tcp-options --log-ip-options
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m conntrack --ctstate RELATED -j LOG --log-prefix "SFW2-IN-ACC-REL " --log-tcp-options --log-ip-options
-A INPUT -p icmp -m conntrack --ctstate RELATED -j ACCEPT
-A INPUT -i br0 -j input_int
-A INPUT -j input_ext
-A INPUT -j LOG --log-prefix "SFW2-IN-ILL-TARGET " --log-tcp-options --log-ip-options
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.0.0/24 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i br0 -j forward_int
-A FORWARD -i em1 -j forward_ext
-A FORWARD -i p1p1 -j forward_ext
-A FORWARD -i p2p1 -j forward_ext
-A FORWARD -j LOG --log-prefix "SFW2-FWD-ILL-ROUTING " --log-tcp-options --log-ip-options
-A FORWARD -j DROP
-A OUTPUT -o lo -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 0 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 0 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 11 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 11 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 12 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 12 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 14 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 14 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 18 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 18 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 5 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 5 -j ACCEPT
-A forward_ext -m pkttype --pkt-type multicast -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_ext -m pkttype --pkt-type multicast -j DROP
-A forward_ext -m pkttype --pkt-type broadcast -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_ext -m pkttype --pkt-type broadcast -j DROP
-A forward_ext -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_ext -j DROP
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 0 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 0 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 11 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 11 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 12 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 12 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 14 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 14 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 18 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 18 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 5 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 5 -j ACCEPT
-A forward_int -m pkttype --pkt-type multicast -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_int -m pkttype --pkt-type multicast -j DROP
-A forward_int -m pkttype --pkt-type broadcast -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_int -m pkttype --pkt-type broadcast -j DROP
-A forward_int -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_int -j reject_func
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 137 -j LOG --log-prefix "SFW2-ACC-BCASTe " --log-tcp-options --log-ip-options
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 137 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 138 -j LOG --log-prefix "SFW2-ACC-BCASTe " --log-tcp-options --log-ip-options
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 138 -j ACCEPT
-A input_ext -m pkttype --pkt-type broadcast -j LOG --log-prefix "SFW2-DROP-BCASTe " --log-tcp-options --log-ip-options
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -p icmp -m icmp --icmp-type 4 -j LOG --log-prefix "SFW2-INext-ACC-SQUENCH " --log-tcp-options --log-ip-options
-A input_ext -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A input_ext -p icmp -m icmp --icmp-type 8 -j LOG --log-prefix "SFW2-INext-ACC-PING " --log-tcp-options --log-ip-options
-A input_ext -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A input_ext -p udp -m udp --sport 137 -m conntrack --ctstate RELATED -j LOG --log-prefix "SFW2-INext-REL " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --sport 137 -m conntrack --ctstate RELATED -j ACCEPT
-A input_ext -p tcp -m tcp --dport 139 -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 139 -j ACCEPT
-A input_ext -p tcp -m tcp --dport 445 -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 445 -j ACCEPT
-A input_ext -p tcp -m tcp --dport 22 -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 22 -j ACCEPT
-A input_ext -p tcp -m tcp --dport 5900:5999 -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 5900:5999 -j ACCEPT
-A input_ext -p udp -m udp --dport 1194 -j LOG --log-prefix "SFW2-INext-ACC-UDP " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 1194 -j ACCEPT
-A input_ext -p udp -m udp --dport 137 -j LOG --log-prefix "SFW2-INext-ACC-UDP " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 137 -j ACCEPT
-A input_ext -p udp -m udp --dport 138 -j LOG --log-prefix "SFW2-INext-ACC-UDP " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 138 -j ACCEPT
-A input_ext -m pkttype --pkt-type multicast -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -m pkttype --pkt-type multicast -j DROP
-A input_ext -m pkttype --pkt-type broadcast -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -j DROP
-A input_int -j LOG --log-prefix "SFW2-INint-ACC-ALL " --log-tcp-options --log-ip-options
-A input_int -j ACCEPT
-A reject_func -p tcp -j REJECT --reject-with tcp-reset
-A reject_func -p udp -j REJECT --reject-with icmp-port-unreachable
-A reject_func -j REJECT --reject-with icmp-proto-unreachable
COMMIT
# Completed on Thu Feb 23 09:14:22 2017

Don’t double post.

This thread should be closed.

TSU

@o5i

Is this still an open problem? Some people think this is in fact a duplicate of https://forums.opensuse.org/showthread.php/523238-no-network-connection-to-the-vm