this post was submitted on 26 Jun 2024
9 points (100.0% liked)

Linux 101 stuff. Questions are encouraged, noobs are welcome!

1053 readers
2 users here now

Linux introductions, tips and tutorials. Questions are encouraged. Any distro, any platform! Explicitly noob-friendly.

founded 1 year ago
MODERATORS
gyro@lemmy.world
Guenther_Amanita@feddit.de
9
UFW and a Windows KVM with Virt-Manager (lemm.ee)
submitted 4 months ago by Hellmo_Luciferrari@lemm.ee to c/linux4noobs@lemmy.world
6 comments fedilink hide all child comments
 

So, I finally ditched Windows... All except for my need for a VM to use some hardware that aren't supported in Windows.

I setup a Virtual Machine with Virt-Manager for a Windows VM but the network traffic is being blocked by UFW. If I disable UFW the Windows VM can pull an IP, which is static as is, and even after turning UFW back on, the network traffic is still allowed.

I am in need of some help with networking for the VM.

<interface type="network">
  <mac address="52:54:00:d7:8f:48"/>
  <source network="default" portid="d7ff3b1f-2c9b-4a62-b9e0-180855f14de7" bridge="virbr0"/>
  <target dev="vnet2"/>
  <model type="e1000e"/>
  <link state="up"/>
  <alias name="net0"/>
  <address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>

This is the networking setup within Virt-Manager.

Any advice for getting network access on the VM?

you are viewing a single comment's thread
view the rest of the comments
[–] Boris_NotTooBadinoff@lemmy.world 2 points 4 months ago* (last edited 4 months ago) (1 children)

Are you allowing dhcp (:53 tvp/udp) through the FW? If not try
sudo ufw allow bootps
sudo ufw allow 53/udp
sudo ufw allow 53/tcp

or maybe give it a static IP on the defined virt-manager network and allow traffic from that IP
sudo ufw allow from 192.168.150.xxx or whatever the dhcp network is

[–] Hellmo_Luciferrari@lemm.ee 2 points 4 months ago (1 children)

Thank you for the suggestion. I will for sure give this a shot later tonight when I am able to access my home desktop.

[–] Boris_NotTooBadinoff@lemmy.world 2 points 4 months ago (1 children)

No prob, let us know how it goes. Also, thinking more about it, you may want to go the static IP route for 2 reasons

  1. You wont be introducing a 2nd dhcp server to your home/production network
  2. You'll always know the IP of the guest VM(s)

w/ regards to the first issue I guess you could just allow :53 and bootps from the dhcp subnet that virt manager created. Something like
sudo ufw allow from 192.168.122.0/24 to any port 53 where 192.168.122.0/24 is the subnet virt-manager created for dhcp

I think that'll allow both tcp and udp. I haven't used ufw in a while, my RHEL based distros switched to firewalld, but the concepts are the same, just different syntax. I do believe you'll need udp open as IIRC during DORA the initial DISCOVER is sent over udp, and somewhere between OFFER and REQUEST it switches to tcp...but I also haven't had to troubleshoot dhcp in a while, and I have forgotten a lot. Either way let us know how it goes!

[–] Hellmo_Luciferrari@lemm.ee 1 points 4 months ago (1 children)

I did allow TCP/UDP for ports 53, which didn't seem to work, and 67 and 68. I can get some network connectivity but not fully.

[–] Boris_NotTooBadinoff@lemmy.world 1 points 4 months ago (1 children)

My bad, I had DNS on the brain when I wrote that earlier. Good catch on your part w/ :67 and :68. Sounds as though you're able to pull an IP now?

[–] Hellmo_Luciferrari@lemm.ee 1 points 4 months ago

It was able to get an IP, and I was able to get smb access, but for some reason still won't allow me to open a web browser and browse, or pull windows updates.

I may have to play around with what is allowed through UFW a bit yet.

Completely unrelated, but on my Wireguard/PiHole server I setup this weekend I did get a bit more familiarized with UFW and how that works a bit better. So with that fresh new experience for me I think I may have a few ideas on how to accomplish this.

And thank you again!

I will check again later tonight when I am back to my desktop.

Though I think another project I am going to do is instead of using a qcow2 image for my windows installation I am going to experiment with using a dedicated SSD for my windows installl to keep it out of my BTRFS snapshots, and hopefully have a bit better performance. As well as I might install my second GPU for GPU passthrough.