I have attached the screenshot of `nmcli` inside guest (clipboard doesn't work, but that's for another day may be): https://imgur.com/NlDtDtc The guest is stuck in two states basically - connecting and after a few seconds it reaches disconnected state. $ cat /proc/sys/net/ipv4/ip_forward 1 (I'm using bridge instead of brctl because it is not available and seems to be deprecated in favor of bridge, please let me know if that's not the case) $ sudo bridge link show virbr0 The command gave no output, so I tried ip link (apologies if that doesn't help) $ ip link show virbr0 4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN mode DEFAULT group default qlen 1000 link/ether 52:54:00:78:76:0f brd ff:ff:ff:ff:ff:ff (It says state is DOWN ??) $ for i in nat filter mangle; do sudo iptables -t $i -L -v ; done Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 1099 packets, 77803 bytes) pkts bytes target prot opt in out source destination 1016 71246 ts-postrouting all -- any any anywhere anywhere 1099 77803 LIBVIRT_PRT all -- any any anywhere anywhere Chain LIBVIRT_PRT (1 references) pkts bytes target prot opt in out source destination 0 0 RETURN all -- any any 192.168.122.0/24 base-address.mcast.net/24 0 0 RETURN all -- any any 192.168.122.0/24 255.255.255.255 0 0 MASQUERADE tcp -- any any 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 0 0 MASQUERADE udp -- any any 192.168.122.0/24 !192.168.122.0/24 masq ports: 1024-65535 0 0 MASQUERADE all -- any any 192.168.122.0/24 !192.168.122.0/24 Chain ts-postrouting (1 references) pkts bytes target prot opt in out source destination 0 0 MASQUERADE all -- any any anywhere anywhere mark match 0x40000/0xff0000 Chain INPUT (policy ACCEPT 4723 packets, 3908K bytes) pkts bytes target prot opt in out source destination 5260 3961K ts-input all -- any any anywhere anywhere 4723 3908K LIBVIRT_INP all -- any any anywhere anywhere Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination 0 0 ts-forward all -- any any anywhere anywhere 0 0 LIBVIRT_FWX all -- any any anywhere anywhere 0 0 LIBVIRT_FWI all -- any any anywhere anywhere 0 0 LIBVIRT_FWO all -- any any anywhere anywhere Chain OUTPUT (policy ACCEPT 5305 packets, 604K bytes) pkts bytes target prot opt in out source destination 5305 604K LIBVIRT_OUT all -- any any anywhere anywhere Chain LIBVIRT_FWI (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- any virbr0 anywhere 192.168.122.0/24 ctstate RELATED,ESTABLISHED 0 0 REJECT all -- any virbr0 anywhere anywhere reject-with icmp-port-unreachable Chain LIBVIRT_FWO (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- virbr0 any 192.168.122.0/24 anywhere 0 0 REJECT all -- virbr0 any anywhere anywhere reject-with icmp-port-unreachable Chain LIBVIRT_FWX (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- virbr0 virbr0 anywhere anywhere Chain LIBVIRT_INP (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- virbr0 any anywhere anywhere udp dpt:domain 0 0 ACCEPT tcp -- virbr0 any anywhere anywhere tcp dpt:domain 0 0 ACCEPT udp -- virbr0 any anywhere anywhere udp dpt:bootps 0 0 ACCEPT tcp -- virbr0 any anywhere anywhere tcp dpt:67 Chain LIBVIRT_OUT (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT udp -- any virbr0 anywhere anywhere udp dpt:domain 0 0 ACCEPT tcp -- any virbr0 anywhere anywhere tcp dpt:domain 0 0 ACCEPT udp -- any virbr0 anywhere anywhere udp dpt:bootpc 0 0 ACCEPT tcp -- any virbr0 anywhere anywhere tcp dpt:68 Chain ts-forward (1 references) pkts bytes target prot opt in out source destination 0 0 MARK all -- tailscale0 any anywhere anywhere MARK xset 0x40000/0xff0000 0 0 ACCEPT all -- any any anywhere anywhere mark match 0x40000/0xff0000 0 0 DROP all -- any tailscale0 100.64.0.0/10 anywhere 0 0 DROP all -- any tailscale0 anywhere anywhere ! ctstate RELATED,ESTABLISHED 0 0 ACCEPT all -- any tailscale0 anywhere anywhere Chain ts-input (1 references) pkts bytes target prot opt in out source destination 0 0 ACCEPT all -- lo any thinking.taila514c.ts.net anywhere 0 0 RETURN all -- !tailscale0 any 100.115.92.0/23 anywhere 0 0 DROP all -- !tailscale0 any 100.64.0.0/10 anywhere 469 65919 ACCEPT all -- tailscale0 any anywhere anywhere 223 16320 ACCEPT udp -- any any anywhere anywhere udp dpt:41641 Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain INPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain FORWARD (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes) pkts bytes target prot opt in out source destination Chain POSTROUTING (policy ACCEPT 5331 packets, 607K bytes) pkts bytes target prot opt in out source destination 5331 607K LIBVIRT_PRT all -- any any anywhere anywhere Chain LIBVIRT_PRT (1 references) pkts bytes target prot opt in out source destination 0 0 CHECKSUM udp -- any virbr0 anywhere anywhere udp dpt:bootpc CHECKSUM fill Please let me know if some other information is required. Thanks for helping! Arun Mani J On Wednesday, May 22nd, 2024 at 3:48 PM, Michal Prívozník <mprivozn@xxxxxxxxxx> wrote: > On 5/21/24 18:02, Arun Mani J wrote: > > > Sorry I thought I clicked Reply instead of Reply All. > > > > So I restarted my laptop, ran virsh net-destroy > > default && virsh net-start default. Then created a new VM out of Debian 12 KDE Live ISO (to avoid any trailing configurations). > > > > Still the issue persists. nmcli in the guest says enp1s0: disconnected. > > > This looks weird. I'm not familiar with networkmanager, but I suspect > this is not telling the state of the link, is it? Because the link > should be up no matter the host side configuration. > > > But ps axf | grep dnsmasq gives this: > > 4341 pts/0 S+ 0:00 | \_ grep --color=auto dnsmasq > > 3995 ? S 0:00 /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper > > 3996 ? S 0:00 \_ /usr/sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper > > > > What am I missing :( > > > One thing that comes to my mind is - ip forwarding. Libvirt sets up NAT > and should set enable ip forwarding too, but maybe that failed? > > Inside the host - can you share the output of: > > cat /proc/sys/net/ipv4/ip_forward > brctl show virbr0 > for i in nat filter mangle; do iptables -t $i -L -v ; done > > Michal
