IP address of VMs in gnome-boxes

Hi,

I created a Fedora 35 VM in gnome-boxes. My host machine also has Fedora 35.

The IP address of the host system is 192.168.36.194.
The IP address of the VM is 10.0.2.15.

I have executed the command:
“sudo systemctl --now enable virtnetworkd.service”, and it ran successfully.

Then, I rebooted my system. But, I still see that the VM is getting the IP address 10.0.2.15 and not 192.168.36.*. Because of this, I’m unable to do “ssh” to the VM. Please let me know if there is a solution.

Thanks,
Mallikarjun

Ho do you set ip address in VM…? any screen shot

I am not convinced whether the IP is the reason for the SSH problem. We need more information.

First, what is the output of cat /etc/libvirt/qemu/networks/default.xml on the host ? This shows us your virtual network configuration. Also show the output of ls /etc/libvirt/qemu/networks/. This shows us whether you have more than one libvirtd virtual network. Further, the output of cat /etc/libvirt/qemu/<virtual machine name>.xml | grep network. This shows us whether your VM has a network controller and to what network it is attached.

Second, a more general question to exclude some other issues: if you are within your VM, does the VM have Internet access? So, is the VM able to do dnf updates?

Because such a SSH problem is often firewall related: what is the output within the vm of firewall-cmd --list-ports ?

1 Like

Hi Christopher,

Thanks for your reply.

The location “/etc/libvirt/qemu/networks/” is having the below contents.
Currently, it does not have the “default.xml” file.
b0e67178833c235d5aa199973acf71cfc1416d56.png

The VM does have internet access. Please find the output of the “firewall-cmd --list-ports” command in the VM below,

[ms.patil@fedora ~]$ firewall-cmd --list-ports
1025-65535/tcp 1025-65535/udp

Currently, the host machine is having the IP address 192.168.36.194, and the VM is having the IP address 10.0.2.15. So, “ssh” from host to VM is not working. But, a few months back, I had created a VM using gnome-boxes, and it had the IP address 192.168.36.*, so “ssh” from host to VM used to work fine.

I hope I answered your queries. Please let me know if you need any other details.

Thanks,
Mallikarjun

Hi allabakash,

The IP addresses in the host and VM is being assigned automatically, I am not setting them.

Thanks,
Mallikarjun

Different subnetes do not imply that ssh cannot connect. However, I am a bit confused that there is no default virtual network configured for libvirtd. Nevertheless, as you have Internet in VM, I would ask whether there is no NATed virtual network but a passthrough or such. This would explain that host and vm cannot communicate.

What about cat /etc/libvirt/qemu/<virtual machine name>.xml? The virtual machine name is equal to the one you choose when creating the VM (if you are unsure, check the folder content: ls /etc/libvirt/qemu). We need to see how the network controller is configured.

Btw, is the ssh daemon active? What does systemctl status sshd output?

Also, what type of error do you have when you try to login through ssh? So, I assume you login using ssh root@10.0.2.15 using a terminal. So, what is the terminal output of that ?

All commands above are to be executed on the host except the systemctl status sshd, which has to be run in the VM.

So then you can set ipv4.method manual and then assign your desired IP address manually in your VM and so it will not change next time…

Before you change the IP manually, I would check why the IP is the way it is, especially if there is a DHCP server in place. The xml files hopefully tell us more. The IP itself is definitely not a problem in connecting to ssh - the question is how the ip addresses & interfaces are connected with each other. However, I forgot to ask about the interfaces on the host, including the virtual ones. May you tell us the output of ip address (on the host) @ms-patil ?

For example, I have a physical IP with 192.168.1.x, a virtual interface/bridge with 192.168.122.x, another virtual interface/bridge with 10.0.2.x, and several VMs with 192.168.122.x and some VMs with 10.0.2.x. So, my physical IP is not relevant if I connect from the host to 10.0.2.x VMs because the signal will be tunneled through the 10.0.2.x bridge. So, the VM sees the IP of the bridge connecting if I connect with ssh to it. I use NATed virtual networks. In the usual “home” libvirt/qemu solutions I have seen before, this used to be the default and nothing you have to do yourself. One of the reasons why I am a bit wondering.

Ssh login as root probably will never work by default on fedora. Root login via ssh is always denied on fedora by default when initially installed; and in my experience is never wanted nor needed since you can login via ssh with your regular user then use sudo to do admin tasks.

You should instead ask the OP to try login as his regular user and post the output of that.

1 Like

I assume the output will currently be a connection refused anyway :slight_smile: But I forgot that root@ssh is off by default, thanks! Makes sense especially when the root account is deactivated anyway (I still use it, but now that you say it, I think in ssh it was off by default even at the time the root account itself was still enabled by default).

But that a root access via ssh is never wanted/needed anymore I think is a bold statement :wink: There are still many systems using an active root account in the os and a ssh security advantage exists only if all su+sudo accounts are unable to login via ssh (nothing for administration). Indeed, the more often a user has to enter a given password (such as his usual user account), the more incentives the user has to choose a simple one :wink: Usernames have to be considered known anyway. But I get a bit offtopic.

Nevertheless, @ms-patil , forget ssh root@10.0.2.15 and set ssh <username>@10.0.2.15 concerning my post above :slight_smile: As JV indicated, if you have not activated the root acc yourself, root@ip makes no sense in here.

1 Like

There are cases where enabling the root account is acceptable, and even ssh as root may be acceptable in some situations. Those cases are limited and usually are in a corporate environment or otherwise properly restricted from potential internet access. Very few home users would ever need that direct access as root (although they are free to configure it as they see fit).

1 Like

Hi Christopher,

The folder “/etc/libvirt/qemu” contains only the “networks” folder as shown by the below command. It does not contain any “.xml” file related to the VM.

09:53:09 ~ > sudo ls -l /etc/libvirt/qemu/
total 0
drwx------. 1 root root 18 Sep 8 17:57 networks

Please find the output of the command “ifconfig” at the host and the VM below.

Host:

09:53:18 ~ > ifconfig
eno1: flags=4099<UP,BROADCAST,MULTICAST> mtu 1500
ether b4:b5:2f:36:ca:92 txqueuelen 1000 (Ethernet)
RX packets 0 bytes 0 (0.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 0 bytes 0 (0.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 1109 bytes 128286 (125.2 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1109 bytes 128286 (125.2 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

wlo1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.45.194 netmask 255.255.255.0 broadcast 192.168.45.255
inet6 fe80::143c:c51e:59b9:7b51 prefixlen 64 scopeid 0x20
inet6 2409:4071:2409:c79f:dca2:f4f0:fbd0:68b3 prefixlen 64 scopeid 0x0
ether 74:e5:43:c3:04:5f txqueuelen 1000 (Ethernet)
RX packets 585799 bytes 739029863 (704.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 247938 bytes 48605957 (46.3 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

VM:

[ms.patil@fedora ~]$ ifconfig
enp1s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fec0::a00f:35d4:4f30:ed79 prefixlen 64 scopeid 0x40
inet6 fe80::4e14:bff3:e15f:3571 prefixlen 64 scopeid 0x20
ether 52:54:00:e4:c5:c0 txqueuelen 1000 (Ethernet)
RX packets 1629 bytes 2107388 (2.0 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 556 bytes 45171 (44.1 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10
loop txqueuelen 1000 (Local Loopback)
RX packets 40 bytes 4060 (3.9 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 40 bytes 4060 (3.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

The “sshd.service” has also been started in the VM, as shown by the below output:

[ms.patil@fedora ~]$ systemctl status sshd.service
● sshd.service - OpenSSH server daemon
Loaded: loaded (/usr/lib/systemd/system/sshd.service; disabled; vendor preset: disabled)
Active: active (running) since Mon 2022-01-10 09:51:56 IST; 18s ago
Docs: man:sshd(8)
man:sshd_config(5)
Main PID: 2840 (sshd)
Tasks: 1 (limit: 4613)
Memory: 2.0M
CPU: 34ms
CGroup: /system.slice/sshd.service
└─2840 “sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups”

Jan 10 09:51:56 fedora systemd[1]: Starting OpenSSH server daemon…
Jan 10 09:51:56 fedora sshd[2840]: Server listening on 0.0.0.0 port 22.
Jan 10 09:51:56 fedora sshd[2840]: Server listening on :: port 22.
Jan 10 09:51:56 fedora systemd[1]: Started OpenSSH server daemon.

When I try doing “ssh” from host to VM, the “ssh” is not working, please find its output below.

09:56:56 ~ > ssh ms.patil@10.0.2.15 -X
^C

10:03:39 ~ > ping 10.0.2.15
PING 10.0.2.15 (10.0.2.15) 56(84) bytes of data.
^C
— 10.0.2.15 ping statistics —
9 packets transmitted, 0 received, 100% packet loss, time 8215ms

Please let me know if I missed out any commands.

Thanks,
Mallikarjun

At least, we now know its no immediate connection refused. But how long do you wait until you stop with STRG+C ? Try ssh ms.patil@10.0.2.15 -X again and wait two minutes to see what happens. Is the output then something like “No route to host” ? My guess is, that after some time this will be the output. I think there is simply no connection between the host and the vm. I also cannot see any bridge that connects them.

However, I am still wondering where the VM configs are stored. Can you find any xml files named for your virtual machine somewhere in /etc/libvirt or in one of its subdirectories? So, if you named your VM virtualmachine1, the name of its config should be virtualmachine1.xml. Feel free to let us know the contents of /etc/libvirt and its subdirectories.

Can you find the VM’s config maybe in one of the following directories or their subdirectories?

~/.local/share/libvirt
~/.config/libvirt

Btw, how have you installed your virtualization solution? dnf install gnome-boxes? More/other packages, or another way of installation? Any customizations after installation?

Hi Christopher,

The folder “~/.local/share/” doesn’t have a “libvirt” folder. Please find the contents of the folder “~/.config/libvirt”.

Here, I guess, the VM of concern belongs to the file “fedora-unkno.xml”. I have also printed its contents below. As it was a big file, I have put multiple screenshots of the full file. Please let me know if I can send it in some other way.

In a while, I will provide the output of the “ssh” command after letting it run for some time. Sorry for this delay.

Also, I have created the VM in the gnome-boxes application, that comes installed in Fedora by default.

Please let me know if you need any other details.

Contents of the file “fedora-unkno.xml”.

Thanks,
Mallikarjun

Hi Christopher,

As a continuation to the above post, please find the output of the “ssh” command after waiting for a few minutes.

979d156c3e74f3ebbda836c7a80fcaa9f5b683a4.png

Thanks,
Mallikarjun

It seems gnome-boxes creates user-specific configs in the home directory (my libvirt-environment was set up long ago, maybe the default configuration in Fedora has changed since in general).

However, I assume you have two virtual machines: one fedora and one Windows 10. Let me know if my assumption is wrong! If this is correct, fedora-unkno.xml is the file we are looking for.

In this file, the important part for us is:

<interface type='user'>
    <mac address='52:54:00:e4:c5:c0/>
    <model type='virtio'/>
    <address type='pci domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</interface>

However, in future, focus on providing text files, which allow search and copy.

What I miss in the config is a source network line, such as <source network='external'/>. However, this can only be added if the virtual network (such as ‘external’) exists. But you have no direct hardware passthrough because such a passthrough would look different.

Ironically, if I remove the source network line in my VM’s, the respective VM does no longer work. But it seems to work at you, and you even have Internet in the VM.

I will check out what this configuration is all about. Seems I can learn here a bit myself :slight_smile: But at the first glance, I think it will be necessary to create a virtual network and then add it to the network controller in the VM. Give me some time to check :slight_smile:

Btw, just out of curiosity: Is there a source network line in the win10.xml ?

@ms-patil

Because I don’t know for sure where which (type of) config file has to be stored in your environment, I tend to not just create any virtual network config manually.

My suggestion here is to install virt-manager (dnf install virt-manager) and use that to create the network and to add it to the vm.

So, install virt-manager and then open it with the same user you open gnome-boxes. Now, you should see the same VMs in virt-manager as in gnome-boxes. If this is not the case, let me know. Only if this is the case, proceed as follows:

In the virt-manager, click on “edit” in the menu bar and then click on “connection details”. In the connection details window’s menu bar, click on “Virtual Networks”. Click now on the “+” button to create a new virtual network. Give the network a name (I will assume in the next steps you call it “network1”), set it to NAT mode (should be default), Forward to: Any physical device (should be default). The IPv4 configuration should be by default a proper network with X at “Enable IPv4” and X at “Enable DHCPv4”. If not by default, enable both! Check the contained addresses/address spaces, but they should fit automatically. Then finish.

Now, a new network is added in the connection details window. Click on the new network and add the X at “on boot” and then click “apply”. Now, click on the play button to start it. Close the window.

Now open the virtual machine configuration file as before and to the following section:

<interface type='user'>
    <mac address='52:54:00:e4:c5:c0/>
    <model type='virtio'/>
    <address type='pci domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</interface>

Now add the <source network="network1"/> line (or whatever name you choose for the virtual network) to the section:

<interface type='user'>
    <mac address='52:54:00:e4:c5:c0/>
    <source network="network1"/>
    <model type='virtio'/>
    <address type='pci domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
</interface>

Save & close.

Now systemctl restart libvirtd.service to ensure that everything gets reloaded, and now try again your vm! You can use gnome-boxes or virt-manager.

Check out your ip address within the VM and check the connection with ssh and ping.

How does it work?

when using libvirt with KVM/QEMU the files are located in /var/lib/libvirt. I don’t know about gnome-boxes.

@computersavvy gnome-boxes is just a frontend for qemu/kvm using libvirt, comparable to virt-manager but unlike the latter, gnome-boxes only supports qemu/kvm, no lxc. As you said, libvirt stores the images in /var/lib/libvirt, but the qemu xml files/configs of the virtual networks and the VMs are stored in /etc/libvirt/qemu. virt-manager or gnome-boxes don’t make a difference in that.

I have already checked whether something has changed in recent Fedora versions, but as of 35 KDE, libvirt keeps using /etc/libvirt/qemu for xml files and configs, and as you said, /var/lib/libvirt for the images, even if initially setup with gnome-boxes or virt-manager. The configuration on Mallikarjun’s machine is an intended possibility according to libvirt docs, but I wonder why it is by default at Mallikarjun.

However, the simplistic network config on his machine seems to originate in gnome-boxes, which creates the VMs network configuration as easy and simple as possible, not intending virtual networks among machines. On a fresh default installation, these configs work. So we just need to add a virtual network with a bridge to achieve the desired capability (hopefully : ). I think at my system to much is already customized, which may explain why my initial test of Mallikarjun’s network config above didn’t work.

@ms-patil I have just seen that if you install virt-manager, it seems to create a default virtual network anyway, you just have to start it (see my explanation above).

If that is easier for you, you can also replace the manual adjustment of the xml file after starting the virtual network with simply going to the virt-manager, open your machine, click on the bulb button to get into the config menu, and then remove the old network interface and simply add a new one (using network source: virtual network “network name”: NAT). virt-manager will do the rest.