So, I finally ditched Windows… All except for my need for a VM to use some hardware that aren’t supported in Windows.

I setup a Virtual Machine with Virt-Manager for a Windows VM but the network traffic is being blocked by UFW. If I disable UFW the Windows VM can pull an IP, which is static as is, and even after turning UFW back on, the network traffic is still allowed.

I am in need of some help with networking for the VM.

<interface type="network">
  <mac address="52:54:00:d7:8f:48"/>
  <source network="default" portid="d7ff3b1f-2c9b-4a62-b9e0-180855f14de7" bridge="virbr0"/>
  <target dev="vnet2"/>
  <model type="e1000e"/>
  <link state="up"/>
  <alias name="net0"/>
  <address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>

This is the networking setup within Virt-Manager.

Any advice for getting network access on the VM?

  • Boris NotTooBadinov@lemmy.worldEnglish
    2·
    4 months ago

    No prob, let us know how it goes. Also, thinking more about it, you may want to go the static IP route for 2 reasons

    1. You wont be introducing a 2nd dhcp server to your home/production network
    2. You’ll always know the IP of the guest VM(s)

    w/ regards to the first issue I guess you could just allow :53 and bootps from the dhcp subnet that virt manager created. Something like
    sudo ufw allow from 192.168.122.0/24 to any port 53 where 192.168.122.0/24 is the subnet virt-manager created for dhcp

    I think that’ll allow both tcp and udp. I haven’t used ufw in a while, my RHEL based distros switched to firewalld, but the concepts are the same, just different syntax. I do believe you’ll need udp open as IIRC during DORA the initial DISCOVER is sent over udp, and somewhere between OFFER and REQUEST it switches to tcp…but I also haven’t had to troubleshoot dhcp in a while, and I have forgotten a lot. Either way let us know how it goes!

    • Hellmo_luciferrari@lemm.eeOPEnglish
      1·
      4 months ago

      I did allow TCP/UDP for ports 53, which didn’t seem to work, and 67 and 68. I can get some network connectivity but not fully.

      • Boris NotTooBadinov@lemmy.worldEnglish
        1·
        4 months ago

        My bad, I had DNS on the brain when I wrote that earlier. Good catch on your part w/ :67 and :68. Sounds as though you’re able to pull an IP now?

        • Hellmo_luciferrari@lemm.eeOPEnglish
          1·
          4 months ago

          It was able to get an IP, and I was able to get smb access, but for some reason still won’t allow me to open a web browser and browse, or pull windows updates.

          I may have to play around with what is allowed through UFW a bit yet.

          Completely unrelated, but on my Wireguard/PiHole server I setup this weekend I did get a bit more familiarized with UFW and how that works a bit better. So with that fresh new experience for me I think I may have a few ideas on how to accomplish this.

          And thank you again!

          I will check again later tonight when I am back to my desktop.

          Though I think another project I am going to do is instead of using a qcow2 image for my windows installation I am going to experiment with using a dedicated SSD for my windows installl to keep it out of my BTRFS snapshots, and hopefully have a bit better performance. As well as I might install my second GPU for GPU passthrough.