KVM Guests no longer can access past virb0

,

Everything has been working fine until today. I did an upgrade this morning and I did not see any packages relating to libvirt or kvm or qemu etc… The only one I could see that MAY be related is crypto-policies.

Anyway, since fedora 41 was out (and before) my kvm guests (windows/centos) have had no issues hitting the internet. The guests can ping the ip of virb0, I can ping the ip of the guests from the host, and a tcpdump shows the traffic hitting virb0 but no return traffic.

I have not made any custom sysctls (just verified net_ipv4.ip_forward is enabled.). And again it was working until today. I tried to do a dnf history rollback but there are too many
“but none of the providers can be installed” errors.

I have created a new bridged virtual network, but I still have the same issue. I have rebooted, reinstalled libvirt. Short of reinstalling I am running out of things to check or do.

This is a very vanilla setup, just dnf installs, no custom configs. no editing of files.

I am not wired, but wireless. What is baffling was that this was all working this morning until the dnf update.

Packages that were updated:

  Upgrade  crypto-policies-0:20241029-1.git8baf557.fc41.noarch         Dependency      updates
  Upgrade  crypto-policies-scripts-0:20241029-1.git8baf557.fc41.noarch Dependency      updates
  Upgrade  gstreamer1-plugins-good-0:1.24.8-2.fc41.x86_64              Group           updates
  Upgrade  gstreamer1-plugins-good-qt6-0:1.24.8-2.fc41.x86_64          Weak Dependency updates
  Upgrade  gstreamer1-plugins-good-qt-0:1.24.8-2.fc41.x86_64           Weak Dependency updates
  Upgrade  gstreamer1-plugins-good-gtk-0:1.24.8-2.fc41.x86_64          Dependency      updates
  Upgrade  qt6-qtbase-0:6.8.0-4.fc41.x86_64                            Dependency      updates
  Upgrade  qt6-qtbase-gui-0:6.8.0-4.fc41.x86_64                        Dependency      updates
  Upgrade  qt6-qtbase-common-0:6.8.0-4.fc41.noarch                     Dependency      updates
  Upgrade  qt6-qtwayland-0:6.8.0-2.fc41.x86_64                         Weak Dependency updates
  Upgrade  qt6-qtsvg-0:6.8.0-1.fc41.x86_64                             Dependency      updates
  Upgrade  qt6-qtspeech-0:6.8.0-1.fc41.x86_64                          Dependency      updates
  Upgrade  qt6-qtshadertools-0:6.8.0-1.fc41.x86_64                     Dependency      updates
  Upgrade  qt6-qtquicktimeline-0:6.8.0-1.fc41.x86_64                   Dependency      updates
  Upgrade  qt6-qtquick3d-0:6.8.0-1.fc41.x86_64                         Dependency      updates
  Upgrade  qt6-qtmultimedia-0:6.8.0-1.fc41.x86_64                      Dependency      updates
  Upgrade  qt6-qtdeclarative-0:6.8.0-1.fc41.x86_64                     Dependency      updates
  Upgrade  qt6-qt5compat-0:6.8.0-1.fc41.x86_64                         Dependency      updates
  Upgrade  kf6-kxmlgui-0:6.7.0-2.fc41.x86_64                           Dependency      updates
  Upgrade  yakuake-0:24.08.2-2.fc41.x86_64                             User            updates
  Upgrade  kwayland-0:6.2.2-2.fc41.x86_64                              Dependency      updates
  Upgrade  kf6-kwindowsystem-0:6.7.0-2.fc41.x86_64                     Dependency      updates
  Upgrade  kf6-kjobwidgets-0:6.7.0-2.fc41.x86_64                       Dependency      updates
  Upgrade  kf6-kio-core-0:6.7.0-2.fc41.x86_64                          Dependency      updates
  Upgrade  kf6-kiconthemes-0:6.7.0-2.fc41.x86_64                       Dependency      updates
  Upgrade  kf6-kdbusaddons-0:6.7.0-2.fc41.x86_64                       Dependency      updates
  Upgrade  kf6-kconfigwidgets-0:6.7.0-2.fc41.x86_64                    Dependency      updates
  Upgrade  kf6-kcolorscheme-0:6.7.0-2.fc41.x86_64                      Dependency      updates
  Upgrade  qt6-qtspeech-speechd-0:6.8.0-1.fc41.x86_64                  Weak Dependency updates
  Upgrade  qt6-qtspeech-flite-0:6.8.0-1.fc41.x86_64                    Weak Dependency updates
  Upgrade  kf6-kio-widgets-0:6.7.0-2.fc41.x86_64                       Dependency      updates
  Upgrade  kf6-kio-gui-0:6.7.0-2.fc41.x86_64                           Dependency      updates
  Upgrade  kf6-kio-core-libs-0:6.7.0-2.fc41.x86_64                     Dependency      updates
  Upgrade  kf6-kio-doc-0:6.7.0-2.fc41.noarch                           Dependency      updates
  Upgrade  kf6-kio-widgets-libs-0:6.7.0-2.fc41.x86_64                  Dependency      updates
  Upgrade  kf6-kio-file-widgets-0:6.7.0-2.fc41.x86_64                  Dependency      updates
  Upgrade  kf6-kguiaddons-0:6.7.0-2.fc41.x86_64                        Weak Dependency updates
  Upgrade  kf6-kstatusnotifieritem-0:6.7.0-2.fc41.x86_64               Dependency      updates
  Upgrade  libportal-0:0.8.1-2.fc41.x86_64                             Dependency      updates
  Upgrade  libportal-gtk4-0:0.8.1-2.fc41.x86_64                        Dependency      updates
  Upgrade  libportal-gtk3-0:0.8.1-2.fc41.x86_64                        Dependency      updates
  Upgrade  libspelling-0:0.4.4-1.fc41.x86_64                           Dependency      updates
  Upgrade  mutter-0:47.1-2.fc41.x86_64                                 Dependency      updates
  Upgrade  mutter-common-0:47.1-2.fc41.noarch                          Dependency      updates
  Upgrade  qadwaitadecorations-qt5-0:0.1.5-8.fc41.x86_64               Group           updates
  Upgrade  qt6-filesystem-0:6.8.0-1.fc41.x86_64                        Dependency      updates
  Upgrade  qt6-qttranslations-0:6.8.0-1.fc41.noarch                    Weak Dependency updates
  Upgrade  qt6-srpm-macros-0:6.8.0-1.fc41.noarch                       Dependency      updates

My virtual network xml

<network connections="1">
  <name>default</name>
  <uuid>19ba9e45-3d7b-412b-bcf8-bd3d01dc0b96</uuid>
  <forward mode="nat">
    <nat>
      <port start="1024" end="65535"/>
    </nat>
  </forward>
  <bridge name="virbr0" stp="on" delay="0"/>
  <mac address="52:54:00:37:af:d0"/>
  <ip address="192.168.124.1" netmask="255.255.255.0">
    <dhcp>
      <range start="192.168.124.2" end="192.168.124.254"/>
    </dhcp>
  </ip>
</network>

Any suggestions would be greatly appreciated. Thank you.

I did the following and they now have connectivity. I want to stress again, I made zero configuration changes. I installed do a group install @virtualization.

I edited:

/etc/libvirt/network.conf

added the following (all lines were commented out, including firewall_backend=nftables)

firewall_backend = "iptables"

did a systemctl restart libvirtd

and I they now have internet access. Not sure how or what changed but this fixed it for me.

1 Like

Releases/41/ChangeSet - Fedora Project Wiki

:link: Summary

The default firewall backend for the default libvirt virtual network (the virbr0 bridge device), will change from ‘iptables’ to ‘nftables’.

Just that you can see why it changed.

2 Likes

Thank you @ilikelinux

What I do not understand is that I never changed any defaults and previously (as of this morning) it is was using nftables and working.

I would love to know what changed. It is just a little maddening that all this install of virtualization is a group install @virtualization and it worked until it didnt :slight_smile:

If I get time I will do a reinstall. Thank you!

Sorry for the spam. I found the problem. I completely forgot I had docker installed which DOES install another repo. I installed it yesterday but by default it does not start on boot. I started it…this afternoon. I apologize, maybe this will help someone else:

per https://bugzilla.redhat.com/show_bug.cgi?id=2298852
“But unfortunately my VM’s NAT interface stopped being able to outbound to the 'net, because I also have dockerd installed and running.”
problem fixed!