I am running a WIndows 11 VM on OS TW using NAT for the VM. I’m using the virtio driver that is installed in the VM.
The machine seems to be getting an IP but it does not seem to have any kind of internet connection.
I have the OS TW FW disabled. So I’m not sure what the issue could be.
If it matters, this VM was created by copying a qcow2 file from a Debian install but I had to manually import to create the VM config because I lost it.
Same issue for me. I thought the problem was missing conntrack_helper, but it looks like that was removed from the kernel module, so it appears to be something else nftables related.
Same issue for me on TW. Appeared after yesterday’s update. No network/internet connection although net.ipv4.ip_forward = 1 is set and network is running.
I suspect most people encountering this issue have iptables-nft installed. With the 10.4.0 release, libvirt switched from using iptables to nftables. The top-level tables used by iptables-nft are now conflicting with libvirt’s top-level table. See this bug comment for more details, a workaround, and links to further reading
❯ LANG=C sudo nft list ruleset ip
table ip libvirt_network {
chain forward {
type filter hook forward priority filter; policy accept;
counter packets 56 bytes 3776 jump guest_cross
counter packets 56 bytes 3776 jump guest_input
counter packets 56 bytes 3776 jump guest_output
}
chain guest_output {
ip saddr 192.168.100.0/24 iif "virbr0" counter packets 56 bytes 3776 accept
iif "virbr0" counter packets 0 bytes 0 reject
}
chain guest_input {
oif "virbr0" ip daddr 192.168.100.0/24 ct state established,related counter packets 0 bytes 0 accept
oif "virbr0" counter packets 0 bytes 0 reject
}
chain guest_cross {
iif "virbr0" oif "virbr0" counter packets 0 bytes 0 accept
}
chain guest_nat {
type nat hook postrouting priority srcnat; policy accept;
ip saddr 192.168.100.0/24 ip daddr 224.0.0.0/24 counter packets 2 bytes 174 return
ip saddr 192.168.100.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return
meta l4proto tcp ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
meta l4proto udp ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 counter packets 0 bytes 0 masquerade
}
}
I’m not sure what I installed to get access to nft but I appear to have it. I’m experiencing the same issue as others. Let me know what other info I can give you.
I also tried switching the NIC Device model from virtio to e1000e, as suggested on the aforementioned bug report. That didn’t fix the problem for me, but I’m not sure if I have the exact same setup as the folks in that conversation.
This allows forwarding packets with source address in the network 192.168.100.0/24 coming from the interface virbr0. We have no way to check whether this configuration is correct, it is up to you to decide.
And of course it also needs forwarding globally and for each interface.
IPv4 forwarding can be disabled/enabled for each interface individually (net/ipv4/conf/*/forwarding).
That is not how you show the result of commands execution. You copy and paste the full command line (including shell prompt), complete command output and subsequent shell prompt.
But anyway - if this command really returns nothing, your VM cannot access Internet because it most likely needs NAT which is not setup (at least, is not setup using nftables). Show full output of
It does not look like you have any rules related to the libvirt or anything else. The only rules are related to docker and I assume are used for containers. Now, reading back, you never even told us what you use to run your VM so nobody knows what to expect.