Libvirtd NAT is not working as expected

Ask Fedora
, ,
1

Hello,
I haven’t used my laptop for some time now. And when I did today, I had a bunch of upgrades to do.
Now after the upgrade, I had to reboot and after that my VMs could not access the Internet, unless I:

  • Stop firewalld server
  • Restart libvirtd

I am using Fedora 32.
The network is the default in libvirtd:

<network connections='1'>
  <name>default</name>
  <uuid>3de0f1d8-25f7-4f6b-ae36-0c5948a384a5</uuid>
  <forward mode='nat'>
    <nat>
      <port start='1024' end='65535'/>
    </nat>
  </forward>
  <bridge name='virbr0' stp='on' delay='0'/>
  <mac address='52:54:00:bb:d6:a8'/>
  <domain name='testenv' localOnly='no'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.5' end='192.168.122.220'/>
      <host mac='52:54:00:0a:f3:8d' name='ipa1' ip='192.168.122.20'/>
      <host mac='52:54:00:90:bf:39' name='ipa2' ip='192.168.122.21'/>
      <host mac='52:54:00:ea:66:4f' name='z1' ip='192.168.122.51'/>
      <host mac='52:54:00:43:d1:87' name='z2' ip='192.168.122.52'/>
      <bootp file='pxelinux.0' server='192.168.122.234'/>
    </dhcp>
  </ip>
</network>

The firewalld configuration is the following:

firewall-cmd --get-active-zones 
LocalKVM
  sources: 192.168.122.0/24
docker
  interfaces: docker0
home
   interfaces: enp0s25 wlp3s0
libvirt
   interfaces: virbr1 virbr0

firewall-cmd --info-service=libvirt
libvirt
  ports: 16509/tcp
  protocols: 
  source-ports: 
  modules: 
  destination: 
  includes: 
  helpers:

Obviously ip forwarding is working since when I stop the firewall I have proper access.
My firewalld is using iptables, since F32 is coming from a long list of upgrades and it’s not migrated to nftables. I really don’t know where I should add the NAT option (or even if I have to!)

So, what can I do to fix this?

2

Post the output when both firewalld and VMs are running:

sudo iptables-save
sudo nft list ruleset
3

I fixed this.
Apparently, after an upgrade the firewalld changed some of the iptables chains.
So, I had custom zones that where not compatible with the default ones.

I removed them and moved the rules in the libvirt zone, reloaded firewalld and then libvirtd and everything is OK.

1 Like
4

@ptselios I have used the same default.xml comfiguration for nat. I want to create multiple vm but both the vm getting same ip 10.0.2.15 and mac adress also is same.
Then i have added mac address for both the vm as above, but still same mac and same ip is getting assigned and mac address hardcoded is different that what assigned to guest vm everytime, can you please help

Also after updating default.xml through sudo virsh net-edit default , destroyed and started it and restart libvirtd.

5

KVM multiple guest vm having same ip address through NAT - #4 by vgaetera

6

Thanks, but the same command should i run or is there any variable in it.
Note: i am using NAT default i.e. virbr0 and want to create 2 guest vm inside it with different ip address

7

this is my default.xml

<!--
WARNING: THIS IS AN AUTO-GENERATED FILE. CHANGES TO IT ARE LIKELY TO BE
OVERWRITTEN AND LOST. Changes to this xml configuration should be made using:
  virsh net-edit default
or other application using the libvirt API.
-->

<network>
  <name>default</name>
  <uuid>987ec465-087a-4a1b-9b46-218b92df34f0</uuid>
  <forward mode='nat'>
    <nat>
      <port start='1024' end='65535'/>
    </nat>
  </forward>
  <bridge name='virbr0' stp='on' delay='0'/>
  <mac address='52:54:00:f7:e2:09'/>
  <domain name='testenv' localOnly='no'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254'/>
      <host mac='52:54:00:0a:f3:8d' name='aux-node' ip='192.168.122.20'/>
      <host mac='52:54:00:90:bf:39' name='app-node' ip='192.168.122.21'/>
    </dhcp>
  </ip>
</network>
8

packer json file through building 2 guest vm, i am using these 2 parameters also “net_device”: “virtio-net”, “disk_interface”: “virtio”,

{

"builders": [

{

"type": "qemu",

"name": "aux-node",

"qemu_binary": "/usr/libexec/qemu-kvm",

"iso_url": "/var/lib/libvirt/images/test.iso",

"iso_checksum": "md5:14029d4c94b74492ee4c97f2f736390a",

"output_directory": "/var/lib/libvirt/images/iso-dir/auxtest",

"disk_size": "350G",


"headless": "true",

"qemuargs": [

            [
                 "-m",

                "8000"

            ],
    [
        "-cpu",
                "host"
            ],
            [

                "-smp",

                "4"

            ]
    
 ],

"format": "qcow2",

"accelerator": "kvm",

"ssh_username": "*****",

"ssh_password": "*****",
"ssh_timeout": "20m",


"vm_name": "auxtest",

"net_device": "virtio-net",

"disk_interface": "virtio",


"http_directory": "/home/sogouser/http",


"boot_wait": "10s",

"boot_command": [

"<down><tab><bs><bs><bs><bs><bs>text ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/anaconda-ks.cfg<enter><wait>"
]

},

{

"type": "qemu",

"name": "app-node",
"qemu_binary": "/usr/libexec/qemu-kvm",

"iso_url": "/var/lib/libvirt/images/test.iso",

"iso_checksum": "md5:14029d4c94b74492ee4c97f2f736390a",

"output_directory": "/var/lib/libvirt/images/iso-dir/apptest",

"disk_size": "150G",


"headless": "true",

"qemuargs": [

            [

                "-m",

                "40000"

            ],
    [
        "-cpu",
                "host"
            ],
            [
                 "-smp",

                "8"

            ]
    
 ],

"format": "qcow2",

"accelerator": "kvm",

"ssh_username": "***",

"ssh_password": "****",

"ssh_timeout": "20m",


"vm_name": "apptest",

"net_device": "virtio-net",

"disk_interface": "virtio",


"http_directory": "/home/sogouser/http",
"boot_wait": "200s",

"boot_command": [

"<tab><bs><bs><bs><bs><bs>text ks=http://{{ .HTTPIP }}:{{ .HTTPPort }}/anaconda-ks-app.cfg<enter><wait>"
]

}

]