No Internet connection inside VM using using KVM/Qemu and "NAT Network"

Hello, I have installed required virtualization tools using yast, specifically the patterns “KVM_Server” and “KVM_Tools” and have created an Ubuntu VM which is working fine with good performance. However, I am unable to access internet inside my VM.

I performed general troubleshooting with my limited networking knowledge, and packets from VM are correctly visible to my host (verified using sudo tcpdump -i virbr0)

Also, my virbr0 interface is in the “public” zone as per firewal config in “yast firewall” GUI. I am assuming there is some firewall rule that is restricting access, but I am unsure about the source of problem here.

Just for reference, my host (tumbleweed) is connected to wifi and heres the output of sudo nmcli connection show --active:

NAME     UUID                                  TYPE      DEVICE  
wlp2s0   7e3d4661-94bb-3c1e-ae2d-2167436223a8  wifi      wlp2s0  
lo       1658fe03-593a-4366-8bfc-73a1cb8c937a  loopback  lo      
docker0  91f025b1-625d-4196-94b6-d8d913e0d78b  bridge    docker0 
virbr0   41635696-4bed-47c4-9c86-59778f4e667d  bridge    virbr0  
vnet2    9c89968a-7555-4855-911c-837205391525  tun       vnet2

Update: Even shutting down the firewall does not resolve the issue!

Apologies for the unnecessary thread, but I solved it. For anyone facing the same issue, apparently, the firewall cli tool (firewall-cmd) is the default front-end for nftables as compared to the legacy iptables. However, the virtual machines still honor the rules of iptables, so changing any firewall rules will have no effect.

So I solved using the following steps:

  1. Set FirewallBackend=iptables in /etc/firewalld/firewalld.conf.
  2. Restart the firewall: sudo systemctl restart firewalld.

Now, try starting the VM and if internet access still does not work, then make sure that IP forwarding is allowed for your host machine and set firewall rule:

  1. Get zone: sudo firewall-cmd --get-active-zones.
  2. Select the zone which has the default NAT interface (created by libvirt), which in my case was virbr0.
  3. Set IP forwarding accordingly:
    sudo firewall-cmd --add-forward --zone=[SELECTED ZONE HERE] --permanent
    

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.