no network connection to the vm

Hi, i recently installed a windows 10 vm.
I added a network interface attached to br0.
I can connect to all networks from the vm but i cant access the vm trough the address (like rdp or ping) from the hypervisor…
I noticed that a new interface shows up → vnet0, maybee i have to add some firewall rules for that?

If i do a dumpxml of the running machine it shows me this:


    <interface type='bridge'>
      <mac address='52:54:00:ed:a9:25'/>
      <source bridge='br0'/>
      <target dev='vnet0'/>
      <model type='e1000'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>

in edit mode only this


    <interface type='bridge'>
      <mac address='52:54:00:ed:a9:25'/>
      <source bridge='br0'/>
      <model type='e1000'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>


wicked show all
lo              up
      link:     #1, state up
      type:     loopback
      config:   compat:suse:/etc/sysconfig/network/ifcfg-lo
      leases:   ipv4 static granted
      addr:     ipv4 127.0.0.1/8 [static]


em1             up
      link:     #2, state up, mtu 1500
      type:     ethernet, hwaddr 18:66:da:38:76:61
      config:   compat:suse:/etc/sysconfig/network/ifcfg-em1


p1p1            enslaved
      link:     #3, state up, mtu 1500, master br0
      type:     ethernet, hwaddr 00:15:17:90:1d:6f
      config:   compat:suse:/etc/sysconfig/network/ifcfg-p1p1


p2p1            enslaved
      link:     #4, state device-up, mtu 1500, master br0
      type:     ethernet, hwaddr 00:15:17:70:19:a4
      config:   compat:suse:/etc/sysconfig/network/ifcfg-p2p1


br0             up
      link:     #5, state up, mtu 1500
      type:     bridge
      config:   compat:suse:/etc/sysconfig/network/ifcfg-br0
      leases:   ipv4 static granted
      addr:     ipv4 192.168.1.10/24 [static]
      route:    ipv4 default via 192.168.1.1 [static]


tun0            device-unconfigured
      link:     #6, state up, mtu 1500
      type:     tun
      addr:     ipv4 10.0.0.1/32


vnet0           device-unconfigured
      link:     #11, state up, mtu 1500, master br0
      type:     tap, hwaddr fe:54:00:ed:a9:25




route
Kernel IP routing table
Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
default         192.168.1.1     0.0.0.0         UG    0      0        0 br0
10.0.0.0        10.0.0.2        255.255.255.0   UG    0      0        0 tun0
10.0.0.2        *               255.255.255.255 UH    0      0        0 tun0
192.168.1.0     *               255.255.255.0   U     0      0        0 br0



iptables


iptables-save
# Generated by iptables-save v1.4.21 on Thu Feb 23 09:14:22 2017
*nat
:PREROUTING ACCEPT [79:10501]
:INPUT ACCEPT [3:146]
:OUTPUT ACCEPT [21:1901]
:POSTROUTING ACCEPT [89:11373]
-A POSTROUTING -s 10.0.0.0/24 -o br0 -j MASQUERADE
COMMIT
# Completed on Thu Feb 23 09:14:22 2017
# Generated by iptables-save v1.4.21 on Thu Feb 23 09:14:22 2017
*raw
:PREROUTING ACCEPT [2822:362960]
:OUTPUT ACCEPT [1463:329302]
-A PREROUTING -i lo -j CT --notrack
-A OUTPUT -o lo -j CT --notrack
COMMIT
# Completed on Thu Feb 23 09:14:22 2017
# Generated by iptables-save v1.4.21 on Thu Feb 23 09:14:22 2017
*filter
:INPUT DROP [0:0]
:FORWARD DROP [0:0]
:OUTPUT ACCEPT [1434:326706]
:forward_ext - [0:0]
:forward_int - [0:0]
:input_ext - [0:0]
:input_int - [0:0]
:reject_func - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate ESTABLISHED -j LOG --log-prefix "SFW2-IN-ACC-EST " --log-tcp-options --log-ip-options
-A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT
-A INPUT -p icmp -m conntrack --ctstate RELATED -j LOG --log-prefix "SFW2-IN-ACC-REL " --log-tcp-options --log-ip-options
-A INPUT -p icmp -m conntrack --ctstate RELATED -j ACCEPT
-A INPUT -i br0 -j input_int
-A INPUT -j input_ext
-A INPUT -j LOG --log-prefix "SFW2-IN-ILL-TARGET " --log-tcp-options --log-ip-options
-A INPUT -j DROP
-A FORWARD -p tcp -m tcp --tcp-flags SYN,RST SYN -j TCPMSS --clamp-mss-to-pmtu
-A FORWARD -m physdev --physdev-is-bridged -j ACCEPT
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 10.0.0.0/24 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i br0 -j forward_int
-A FORWARD -i em1 -j forward_ext
-A FORWARD -i p1p1 -j forward_ext
-A FORWARD -i p2p1 -j forward_ext
-A FORWARD -j LOG --log-prefix "SFW2-FWD-ILL-ROUTING " --log-tcp-options --log-ip-options
-A FORWARD -j DROP
-A OUTPUT -o lo -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 0 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 0 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 11 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 11 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 12 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 12 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 14 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 14 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 18 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 18 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j ACCEPT
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 5 -j LOG --log-prefix SFW2-FWDext-FWD-RELA --log-tcp-options --log-ip-options
-A forward_ext -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 5 -j ACCEPT
-A forward_ext -m pkttype --pkt-type multicast -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_ext -m pkttype --pkt-type multicast -j DROP
-A forward_ext -m pkttype --pkt-type broadcast -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_ext -m pkttype --pkt-type broadcast -j DROP
-A forward_ext -j LOG --log-prefix "SFW2-FWDext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_ext -j DROP
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 0 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 0 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 11 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 11 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 12 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 12 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 14 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 14 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 18 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 18 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 3/2 -j ACCEPT
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 5 -j LOG --log-prefix SFW2-FWDint-FWD-RELA --log-tcp-options --log-ip-options
-A forward_int -p icmp -m conntrack --ctstate RELATED,ESTABLISHED -m icmp --icmp-type 5 -j ACCEPT
-A forward_int -m pkttype --pkt-type multicast -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_int -m pkttype --pkt-type multicast -j DROP
-A forward_int -m pkttype --pkt-type broadcast -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_int -m pkttype --pkt-type broadcast -j DROP
-A forward_int -j LOG --log-prefix "SFW2-FWDint-DROP-DEFLT " --log-tcp-options --log-ip-options
-A forward_int -j reject_func
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 137 -j LOG --log-prefix "SFW2-ACC-BCASTe " --log-tcp-options --log-ip-options
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 137 -j ACCEPT
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 138 -j LOG --log-prefix "SFW2-ACC-BCASTe " --log-tcp-options --log-ip-options
-A input_ext -p udp -m pkttype --pkt-type broadcast -m udp --dport 138 -j ACCEPT
-A input_ext -m pkttype --pkt-type broadcast -j LOG --log-prefix "SFW2-DROP-BCASTe " --log-tcp-options --log-ip-options
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -p icmp -m icmp --icmp-type 4 -j LOG --log-prefix "SFW2-INext-ACC-SQUENCH " --log-tcp-options --log-ip-options
-A input_ext -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A input_ext -p icmp -m icmp --icmp-type 8 -j LOG --log-prefix "SFW2-INext-ACC-PING " --log-tcp-options --log-ip-options
-A input_ext -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A input_ext -p udp -m udp --sport 137 -m conntrack --ctstate RELATED -j LOG --log-prefix "SFW2-INext-REL " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --sport 137 -m conntrack --ctstate RELATED -j ACCEPT
-A input_ext -p tcp -m tcp --dport 139 -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 139 -j ACCEPT
-A input_ext -p tcp -m tcp --dport 445 -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 445 -j ACCEPT
-A input_ext -p tcp -m tcp --dport 22 -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 22 -j ACCEPT
-A input_ext -p tcp -m tcp --dport 5900:5999 -j LOG --log-prefix "SFW2-INext-ACC-TCP " --log-tcp-options --log-ip-options
-A input_ext -p tcp -m tcp --dport 5900:5999 -j ACCEPT
-A input_ext -p udp -m udp --dport 1194 -j LOG --log-prefix "SFW2-INext-ACC-UDP " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 1194 -j ACCEPT
-A input_ext -p udp -m udp --dport 137 -j LOG --log-prefix "SFW2-INext-ACC-UDP " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 137 -j ACCEPT
-A input_ext -p udp -m udp --dport 138 -j LOG --log-prefix "SFW2-INext-ACC-UDP " --log-tcp-options --log-ip-options
-A input_ext -p udp -m udp --dport 138 -j ACCEPT
-A input_ext -m pkttype --pkt-type multicast -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -m pkttype --pkt-type multicast -j DROP
-A input_ext -m pkttype --pkt-type broadcast -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -m pkttype --pkt-type broadcast -j DROP
-A input_ext -j LOG --log-prefix "SFW2-INext-DROP-DEFLT " --log-tcp-options --log-ip-options
-A input_ext -j DROP
-A input_int -j LOG --log-prefix "SFW2-INint-ACC-ALL " --log-tcp-options --log-ip-options
-A input_int -j ACCEPT
-A reject_func -p tcp -j REJECT --reject-with tcp-reset
-A reject_func -p udp -j REJECT --reject-with icmp-port-unreachable
-A reject_func -j REJECT --reject-with icmp-proto-unreachable
COMMIT
# Completed on Thu Feb 23 09:14:22 2017




I solved the problem… The windows firewall was blocking…
Now everything works fine

Nice fix. Thanks for replying back and letting us know the fix.