You are not logged in.

Pages: 1

#1 2026-06-08 11:16:26

JustADood
Member
Registered: 2026-06-08
Posts: 12

[SOLVED] Virt-manager not giving internet connection to vms

Running arch on a laptop, have firewalld, opensnitch, protonvpn(idk how THAT would affect anything, but worth mentioning just in case), disabled the firewall and opensnitch, still the same result - vm cant even connect to the NAT, not just global internet, the virsh network is in fact running:
virsh net-list --all                                 
Name      State    Autostart   Persistent
--------------------------------------------
default   active   yes         yes

As about the libvirt/network.conf:
#firewall_backend = "nftables"

Thanks to you all in advance, will post any info/configs you need, just ask, been trying to solve this issue for a WHILE

Last edited by JustADood (Yesterday 14:50:37)

Offline

#2 2026-06-08 14:14:28

tekstryder
Member
Registered: 2013-02-14
Posts: 530

Re: [SOLVED] Virt-manager not giving internet connection to vms

JustADood wrote:

As about the libvirt/network.conf:
#firewall_backend = "nftables"

It's the default, but why is that commented out?

What's the output of:

sudo nft list ruleset

Offline

#3 2026-06-08 19:47:54

JustADood
Member
Registered: 2026-06-08
Posts: 12

Re: [SOLVED] Virt-manager not giving internet connection to vms

Its commented out by default since it tries to use nftables anyway, unless ofcourse you set it to iptables, uncommenting it doesnt solve the issue, here is the ruleset:

https://pastebin.com/Uzus6aib

Last edited by JustADood (2026-06-08 22:03:32)

Offline

#4 2026-06-08 19:48:30

JustADood
Member
Registered: 2026-06-08
Posts: 12

Re: [SOLVED] Virt-manager not giving internet connection to vms

I should've posted that to smth like codebucket, ugh, sorry

Offline

#5 2026-06-08 21:17:33

tekstryder
Member
Registered: 2013-02-14
Posts: 530

Re: [SOLVED] Virt-manager not giving internet connection to vms

JustADood wrote:

I should've posted that to smth like codebucket

You can still do so. Edit the post with the link instead.

JustADood wrote:

vm cant even connect to the NAT

Not exactly sure what you mean by "connect to the NAT", but...

Allow DNS/DHCP through the bridge via:

nft add rule inet filter input iifname "virbr0" udp dport { 53, 67 } counter accept

-or-

Just add it manually in /etc/nftables.conf:

iifname virbr0 udp dport {53, 67} counter accept

EDIT: Also, the wiki suggests these in the inet table forward chain, tho I've never found them to be used. Ymmv:

chain forward {
    type filter hook forward priority filter
    policy drop
    
    iifname virbr0 accept
    oifname virbr0 accept
  }

See:

https://wiki.archlinux.org/title/Libvirt#Using_nftables

I put counters on every rule.

Last edited by tekstryder (2026-06-08 21:32:06)

Offline

#6 2026-06-08 22:09:34

JustADood
Member
Registered: 2026-06-08
Posts: 12

Re: [SOLVED] Virt-manager not giving internet connection to vms

tekstryder wrote:

Not exactly sure what you mean by "connect to the NAT", but...

What i meant is it doesnt even connect to the local network, because i know there is a case that it does but without reach to global internet, in my case however its completely fu-SAD
Will test your solution as fast as i can, big thanks!

Offline

#7 Yesterday 10:37:23

JustADood
Member
Registered: 2026-06-08
Posts: 12

Re: [SOLVED] Virt-manager not giving internet connection to vms

Alright, did everything from what you mentioned, but changed the command "nft add rule inet filter input iifname "virbr0" udp dport { 53, 67 } counter accept" to "nft add rule inet filter input iifname "virbr0" udp dport '{ 53, 67 }' counter accept" cuz it gives an error otherwise, still the same result - vm is not connecting to the network

Offline

#8 Yesterday 12:10:29

tekstryder
Member
Registered: 2013-02-14
Posts: 530

Re: [SOLVED] Virt-manager not giving internet connection to vms

Are you using monolithic or socket-based libvirt services?

Did you restart the virtual network?

Is dnsmasq running? Are there stale dnsmasq processes lingering?

Please post the contents of the updated inet filter table.

Offline

#9 Yesterday 12:39:42

JustADood
Member
Registered: 2026-06-08
Posts: 12

Re: [SOLVED] Virt-manager not giving internet connection to vms

1. monolithic daemon libvirtd.service
2. yup, did sudo virsh net-destroy default && sudo virsh net-start default
3. AHA, it isnt, and cant start it either:
systemctl status dnsmasq           
× dnsmasq.service - dnsmasq - A lightweight DHCP and caching DNS server
     Loaded: loaded (/usr/lib/systemd/system/dnsmasq.service; enabled; preset: disabled)
     Active: failed (Result: start-limit-hit) since Tue 2026-06-09 15:38:10 EEST; 6s ago
Invocation: 9366edc1074e4009a4739c7ed8f8e7a6
       Docs: man:dnsmasq(8)
    Process: 8975 ExecStartPre=/usr/bin/dnsmasq --test (code=exited, status=0/SUCCESS)
    Process: 8977 ExecStart=/usr/bin/dnsmasq -k --enable-dbus --user=dnsmasq --pid-file (code=exited, status=2)
   Main PID: 8977 (code=exited, status=2)
   Mem peak: 2.8M
        CPU: 53ms

Jun 09 15:38:10 scrypt0 systemd[1]: dnsmasq.service: Scheduled restart job, restart counter is at 5.
Jun 09 15:38:10 scrypt0 systemd[1]: dnsmasq.service: Start request repeated too quickly.
Jun 09 15:38:10 scrypt0 systemd[1]: dnsmasq.service: Failed with result 'start-limit-hit'.
Jun 09 15:38:10 scrypt0 systemd[1]: Failed to start dnsmasq - A lightweight DHCP and caching DNS server.


4. sudo nft list table inet filter
table inet filter {
        chain input {
                type filter hook input priority filter; policy drop;
                udp sport 53 queue flags bypass to 0
                iifname "lo" accept
                ct state established,related accept
                ct state invalid drop comment "early drop of invalid connections"
                ct state { established, related } accept comment "allow tracked connections"
                iif "lo" accept comment "allow from loopback"
                meta l4proto { icmp, ipv6-icmp } accept comment "allow icmp"
                tcp dport 22 accept comment "allow sshd"
                meta pkttype host limit rate 5/second burst 5 packets counter packets 14 bytes 2921 reject with icmpx admin-prohibited
                counter packets 16 bytes 1514
        }

        chain forward {
                type filter hook forward priority filter; policy accept;
                iifname "virbr0" accept
                oifname "virbr0" accept
        }

        chain output {
                type filter hook output priority filter; policy accept;
        }
}


Right now gotta go out for like 40 minutes, thanks a lot for pointing out dnsmasq! Gonna wait for your reply

Offline

#10 Yesterday 13:39:25

JustADood
Member
Registered: 2026-06-08
Posts: 12

Re: [SOLVED] Virt-manager not giving internet connection to vms

uncommented bind-interfaces and set interface=lo in the /etc/dnsmasq.conf, now it runs successfully, vm still doesnt get internet connection though

Last edited by JustADood (Yesterday 14:51:01)

Offline

#11 Yesterday 14:05:04

JustADood
Member
Registered: 2026-06-08
Posts: 12

Re: [SOLVED] Virt-manager not giving internet connection to vms

Solved, first ran a thang that broke nftables(OOPSIE DAISY) after that i fixed it with(first typed in a notepad and then copied into the terminal cuz thats faster):
sudo tee /etc/nftables.conf << 'EOF'
#!/usr/bin/nft -f

flush ruleset

table inet filter {
        chain input {
                type filter hook input priority filter; policy accept;
        }
        chain forward {
                type filter hook forward priority filter; policy accept;
        }
        chain output {
                type filter hook output priority filter; policy accept;
        }
}
EOF



Aaaaand after that i did sudo nft -c -f /etc/nftables.conf && sudo systemctl restart nftables.service and voila - works

Offline

#12 Yesterday 14:17:02

JustADood
Member
Registered: 2026-06-08
Posts: 12

Re: [SOLVED] Virt-manager not giving internet connection to vms

One thing that i found broken already is opensnitch, iiiiiim not sure what's wrong but it kills every connection if activated, will nuke it and reinstall now

Offline

#13 Yesterday 14:27:54

JustADood
Member
Registered: 2026-06-08
Posts: 12

Re: [SOLVED] Virt-manager not giving internet connection to vms

Soooooo, now what, im supposed to mark the thread as [SOLVED] or?

Offline

#14 Yesterday 14:31:15

tekstryder
Member
Registered: 2013-02-14
Posts: 530

Re: [SOLVED] Virt-manager not giving internet connection to vms

JustADood wrote:

uncommented bind-interfaces and set interface=lo in the /etc/dnsmasq.conf, now it run successfully

I have no idea why that was necessary. All defaults here.


JustADood wrote:

flush ruleset

Yup.

JustADood wrote:

One thing that i found broken already is opensnitch

If that issue persists I'd suggest opening a separate thread and marking this one as [SOLVED].

As I always suggest in libvirt threads, do consider migrating to socket-based activation with modular daemons:

https://libvirt.org/daemons.html#switch … ar-daemons

Offline

#15 Yesterday 14:43:17

JustADood
Member
Registered: 2026-06-08
Posts: 12

Re: [SOLVED] Virt-manager not giving internet connection to vms

While im at it - kde integration with firewalld is uuuuuh... broken? kinda? Off topic to this thread, probably gonna ask elsewhere

Offline

#16 Yesterday 14:47:59

JustADood
Member
Registered: 2026-06-08
Posts: 12

Re: [SOLVED] Virt-manager not giving internet connection to vms

tekstryder wrote:

If that issue persists I'd suggest opening a separate thread and marking this one as [SOLVED].

As I always suggest in libvirt threads, do consider migrating to socket-based activation with modular daemons:

https://libvirt.org/daemons.html#switch … ar-daemons

Opensnitch issue was solved by just... nuking it, as always:D

Will check the modular daemons, thanks a lot!

Offline

Pages: 1

Board footer

Powered by FluxBB