Windows 10 KVM VM getting IP but no internet connection

I am running a WIndows 11 VM on OS TW using NAT for the VM. I’m using the virtio driver that is installed in the VM.

The machine seems to be getting an IP but it does not seem to have any kind of internet connection.

I have the OS TW FW disabled. So I’m not sure what the issue could be.

image

If it matters, this VM was created by copying a qcow2 file from a Debian install but I had to manually import to create the VM config because I lost it.

1 Like

@imthenachoman Hi have you set the host interface to allow ip forwarding? Use net.ipv4.ip_forward=1 in a /etc/sysctl.d/ conf file…

Is the network running? I recently had the exact same issue, and ensuring the network was started prior to starting the VM solved my issue.

sudo virsh net-start default

You can persist that with: sudo virsh net-autostart default

It’s already set.

$ sudo sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1

Yes.

1 Like

Same issue for me. I thought the problem was missing conntrack_helper, but it looks like that was removed from the kernel module, so it appears to be something else nftables related.

Same issue for me on TW. Appeared after yesterday’s update. No network/internet connection although net.ipv4.ip_forward = 1 is set and network is running.

Please fix this.

Whom are you addressing? This is a user forum!

If you believe that there is a bug then you have to file a bug report.

see openSUSE Bugzilla (same user/password as forum)

Thank you! Submitted.

https://bugzilla.opensuse.org/show_bug.cgi?id=1226766

I suspect most people encountering this issue have iptables-nft installed. With the 10.4.0 release, libvirt switched from using iptables to nftables. The top-level tables used by iptables-nft are now conflicting with libvirt’s top-level table. See this bug comment for more details, a workaround, and links to further reading

https://bugzilla.opensuse.org/show_bug.cgi?id=1226105#c9

FYI, libvirt switched to nftables to support of Factory’s goal of removing iptables. For more details see

https://bugzilla.opensuse.org/show_bug.cgi?id=1201510

1 Like

I don’t think I have it installed. This is a fresh OS TW install and I didn’t install it manually.

$ zypper se -i '/(nf|ip)tables.*/'
Loading repository data...
Reading installed packages...

S | Name               | Summary                                                 | Type
--+--------------------+---------------------------------------------------------+--------
i | iptables           | IP packet filter administration utilities               | package
i | libnftables1       | nftables firewalling command interface                  | package
i | nftables           | Userspace utility to access the nf_tables packet filter | package
i | python311-nftables | Python bindings for nftables                            | package

Do you have any rules in top-level tables that conflict with rules in libvirt’s table? Check the output of ‘nft list ruleset ip’.

That command returns nothing.

I never installed or configured nft myself. I only installed OS TW.

I see the following when I run that:

❯ LANG=C sudo nft list ruleset ip
table ip libvirt_network {
	chain forward {
		type filter hook forward priority filter; policy accept;
		counter packets 56 bytes 3776 jump guest_cross
		counter packets 56 bytes 3776 jump guest_input
		counter packets 56 bytes 3776 jump guest_output
	}

	chain guest_output {
		ip saddr 192.168.100.0/24 iif "virbr0" counter packets 56 bytes 3776 accept
		iif "virbr0" counter packets 0 bytes 0 reject
	}

	chain guest_input {
		oif "virbr0" ip daddr 192.168.100.0/24 ct state established,related counter packets 0 bytes 0 accept
		oif "virbr0" counter packets 0 bytes 0 reject
	}

	chain guest_cross {
		iif "virbr0" oif "virbr0" counter packets 0 bytes 0 accept
	}

	chain guest_nat {
		type nat hook postrouting priority srcnat; policy accept;
		ip saddr 192.168.100.0/24 ip daddr 224.0.0.0/24 counter packets 2 bytes 174 return
		ip saddr 192.168.100.0/24 ip daddr 255.255.255.255 counter packets 0 bytes 0 return
		meta l4proto tcp ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
		meta l4proto udp ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 counter packets 0 bytes 0 masquerade to :1024-65535
		ip saddr 192.168.100.0/24 ip daddr != 192.168.100.0/24 counter packets 0 bytes 0 masquerade
	}
}

I’m not sure what I installed to get access to nft but I appear to have it. I’m experiencing the same issue as others. Let me know what other info I can give you.

I also tried switching the NIC Device model from virtio to e1000e, as suggested on the aforementioned bug report. That didn’t fix the problem for me, but I’m not sure if I have the exact same setup as the folks in that conversation.

This allows forwarding packets with source address in the network 192.168.100.0/24 coming from the interface virbr0. We have no way to check whether this configuration is correct, it is up to you to decide.

And of course it also needs forwarding globally and for each interface.

IPv4 forwarding can be disabled/enabled for each interface individually (net/ipv4/conf/*/forwarding).

$ sudo sysctl -a | grep -i ipv4 | grep -i "\.forwarding"
net.ipv4.conf.all.forwarding = 1
net.ipv4.conf.br-9fec4199f83d.forwarding = 1
net.ipv4.conf.default.forwarding = 1
net.ipv4.conf.docker0.forwarding = 1
net.ipv4.conf.eno1.forwarding = 1
net.ipv4.conf.lo.forwarding = 1
net.ipv4.conf.veth188b22f.forwarding = 1
net.ipv4.conf.veth1e46a2b.forwarding = 1
net.ipv4.conf.veth5767526.forwarding = 1
net.ipv4.conf.veth753d29e.forwarding = 1
net.ipv4.conf.veth801c4ad.forwarding = 1
net.ipv4.conf.vethbd32492.forwarding = 1
net.ipv4.conf.vethc5bd108.forwarding = 1
net.ipv4.conf.vethcd9f9b5.forwarding = 1
net.ipv4.conf.vethd13f446.forwarding = 1

That is not how you show the result of commands execution. You copy and paste the full command line (including shell prompt), complete command output and subsequent shell prompt.

But anyway - if this command really returns nothing, your VM cannot access Internet because it most likely needs NAT which is not setup (at least, is not setup using nftables). Show full output of

iptables -L -n -v
iptables -L -n -v -t nat
nft list ruleset

Output may be long, so upload to https://paste.opensuse.org/

https://paste.opensuse.org/pastes/32e2fa970ff2

It does not look like you have any rules related to the libvirt or anything else. The only rules are related to docker and I assume are used for containers. Now, reading back, you never even told us what you use to run your VM so nobody knows what to expect.

KVM / virt-manager