I have on the host machine two network interfaces. One is lan and the other is a wlan. For libvirt I have created a nat network which is bound to the wlan. From the guest I can access other machines in the network host wlan is connected to. Also DNS lookup works. The problem is that there’s no connection to the internet at all, e.g. pinging something gives “Destination network unreachable”. This only happens when both network connection on the host are active. Running qemu/libvirt on OpenSuse Tumbleweed.

The nat network in question:

<network>
  <name>natToWlan</name>
  <uuid>a44c939c-e6bf-44d0-8f86-376056d418a4</uuid>
  <forward dev="wlp19s0f4u1u1" mode="nat">
    <nat>
      <port start="1024" end="65535"/>
    </nat>
    <interface dev="wlp19s0f4u1u1"/>
  </forward>
  <bridge name="virbr1" stp="on" delay="0"/>
  <mac address="52:54:00:1f:64:95"/>
  <ip address="192.168.100.1" netmask="255.255.255.0">
    <dhcp>
      <range start="192.168.100.128" end="192.168.100.254"/>
    </dhcp>
  </ip>
</network>
  • Technus@lemmy.zip
    link
    fedilink
    arrow-up
    7
    ·
    7 months ago

    This only happens when both network connection on the host are active.

    I’m not a networking expert by any means but this seems like a pretty strong hint that it’s a routing issue.

    Check the routing tables on the host? I’d bet that the internet is only reachable on the LAN interface (again, not an expert but one of them has to take priority, right?). I’m guessing that disconnecting the LAN interface changes the routing to go through the WLAN interface instead.

    You could possibly add a static route to work around this: https://libvirt.org/formatnetwork.html#static-routes

  • just_another_person@lemmy.world
    link
    fedilink
    arrow-up
    4
    ·
    edit-2
    7 months ago

    Your routing table on the host changes when you have both networks active because the OS is preferring the NIC I’m guessing. You’re using a static config for only one interface here.

    Either switch to a static setup for NIC and Wlan, or create two interfaces for the VM that cover both host interfaces. A simpler setup would be host networking (macvtap) vs a bridged nat with only one path.

    • FrostyPolicy@suppo.fiOP
      link
      fedilink
      arrow-up
      1
      ·
      edit-2
      7 months ago

      This sounds reasonable. Curiously now that I tried again with both host lan & wlan active there was no problem. I have a hunch the routing depends on which interface networkmanger starts first.

      $route
      Kernel IP routing table
      Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
      default         192.168.102.1   0.0.0.0         UG    600    0        0 wlp19s0f4u1u1
      default         RT-AC86U-6D60   0.0.0.0         UG    20100  0        0 enp15s0
      192.168.2.0     0.0.0.0         255.255.255.0   U     100    0        0 enp15s0
      192.168.100.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr1
      192.168.102.0   0.0.0.0         255.255.255.0   U     600    0        0 wlp19s0f4u1u1
      192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0_
      
  • Possibly linux@lemmy.zip
    link
    fedilink
    English
    arrow-up
    3
    ·
    7 months ago

    This is not great practice. You should get a dedicated Ethernet card for wlan and then block list the device on the host. The way your doing it is a little more complicated and is a security risk if the VM stops running for some reason.

    • FrostyPolicy@suppo.fiOP
      link
      fedilink
      arrow-up
      1
      ·
      7 months ago

      When the host routing table is like this:

      $route
      Kernel IP routing table
      Destination     Gateway         Genmask         Flags Metric Ref    Use Iface
      default         192.168.102.1   0.0.0.0         UG    600    0        0 wlp19s0f4u1u1
      default         RT-AC86U-6D60   0.0.0.0         UG    20100  0        0 enp15s0
      

      the VM has internet connection. If the defaults are the other way around it doesn’t.

  • NeoNachtwaechter@lemmy.world
    link
    fedilink
    arrow-up
    1
    ·
    7 months ago
    • Your wlan

    • Your home lan

    • The internet

    That makes three networks. Not two.

    First, think about the way from the internet to your home lan. Is there NAT happening? Is there a DHCP server?

    And then on the way from lan to wlan your server is doing NAT and DHCP again.

    That doubling of NAT and/or DHCP is probably creating trouble.

  • FrostyPolicy@suppo.fiOP
    link
    fedilink
    arrow-up
    1
    ·
    7 months ago

    Have an idea which might solve this.

    1. Change the vm net config to NOT bind to specific host interface
    2. Change host networks so that there’s only one default route (lan)
    3. Add routing to host that all traffic which goes to 192.168.102.x goes through the host wlan connection