So, I finally ditched Windows… All except for my need for a VM to use some hardware that aren’t supported in Windows.

I setup a Virtual Machine with Virt-Manager for a Windows VM but the network traffic is being blocked by UFW. If I disable UFW the Windows VM can pull an IP, which is static as is, and even after turning UFW back on, the network traffic is still allowed.

I am in need of some help with networking for the VM.

<interface type="network">
  <mac address="52:54:00:d7:8f:48"/>
  <source network="default" portid="d7ff3b1f-2c9b-4a62-b9e0-180855f14de7" bridge="virbr0"/>
  <target dev="vnet2"/>
  <model type="e1000e"/>
  <link state="up"/>
  <alias name="net0"/>
  <address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>

This is the networking setup within Virt-Manager.

Any advice for getting network access on the VM?

  • Boris NotTooBadinov@lemmy.world
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    5 months ago

    Are you allowing dhcp (:53 tvp/udp) through the FW? If not try
    sudo ufw allow bootps
    sudo ufw allow 53/udp
    sudo ufw allow 53/tcp

    or maybe give it a static IP on the defined virt-manager network and allow traffic from that IP
    sudo ufw allow from 192.168.150.xxx or whatever the dhcp network is

    • Hellmo_luciferrari@lemm.eeOP
      link
      fedilink
      English
      arrow-up
      2
      ·
      5 months ago

      Thank you for the suggestion. I will for sure give this a shot later tonight when I am able to access my home desktop.

      • Boris NotTooBadinov@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        5 months ago

        No prob, let us know how it goes. Also, thinking more about it, you may want to go the static IP route for 2 reasons

        1. You wont be introducing a 2nd dhcp server to your home/production network
        2. You’ll always know the IP of the guest VM(s)

        w/ regards to the first issue I guess you could just allow :53 and bootps from the dhcp subnet that virt manager created. Something like
        sudo ufw allow from 192.168.122.0/24 to any port 53 where 192.168.122.0/24 is the subnet virt-manager created for dhcp

        I think that’ll allow both tcp and udp. I haven’t used ufw in a while, my RHEL based distros switched to firewalld, but the concepts are the same, just different syntax. I do believe you’ll need udp open as IIRC during DORA the initial DISCOVER is sent over udp, and somewhere between OFFER and REQUEST it switches to tcp…but I also haven’t had to troubleshoot dhcp in a while, and I have forgotten a lot. Either way let us know how it goes!

        • Hellmo_luciferrari@lemm.eeOP
          link
          fedilink
          English
          arrow-up
          1
          ·
          5 months ago

          I did allow TCP/UDP for ports 53, which didn’t seem to work, and 67 and 68. I can get some network connectivity but not fully.

          • Boris NotTooBadinov@lemmy.world
            link
            fedilink
            English
            arrow-up
            1
            ·
            5 months ago

            My bad, I had DNS on the brain when I wrote that earlier. Good catch on your part w/ :67 and :68. Sounds as though you’re able to pull an IP now?

            • Hellmo_luciferrari@lemm.eeOP
              link
              fedilink
              English
              arrow-up
              1
              ·
              5 months ago

              It was able to get an IP, and I was able to get smb access, but for some reason still won’t allow me to open a web browser and browse, or pull windows updates.

              I may have to play around with what is allowed through UFW a bit yet.

              Completely unrelated, but on my Wireguard/PiHole server I setup this weekend I did get a bit more familiarized with UFW and how that works a bit better. So with that fresh new experience for me I think I may have a few ideas on how to accomplish this.

              And thank you again!

              I will check again later tonight when I am back to my desktop.

              Though I think another project I am going to do is instead of using a qcow2 image for my windows installation I am going to experiment with using a dedicated SSD for my windows installl to keep it out of my BTRFS snapshots, and hopefully have a bit better performance. As well as I might install my second GPU for GPU passthrough.