[Nix-dev] virt-manager and KVM networking

Robin Gloster robin at loc-com.de
Mon Jan 4 04:09:16 CET 2016 

You have to set:
networking.firewall.checkReversePath = false;
For dhcp to work and probably also want:
networking.firewall.trustedInterfaces = [ "virbr0" ];

globin


On 4 January 2016 02:57:44 CET, Joachim Schiele <js at lastlog.de> wrote:
>hey,
>
>i've added this adapter (among others) to a KVM guest:
>-----------------------
>a Virtual Network 'default': NAT
>-----------------------
>
>however, KVM guests can't get a DHCP lease as the ports are filtered.
>do
>i have to add rules to the firewall manually to make this work? i've
>checked this by disabling the firewall on the host. after the the
>guests
>do get leases.
>
>what would be the best way of extending the nixos firewall?
>
>
>======== ip a on the host: =============================
>4: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue
>state DOWN group default
>    link/ether 52:54:00:2c:e7:37 brd ff:ff:ff:ff:ff:ff
>    inet 192.168.100.1/24 brd 192.168.100.255 scope global virbr1
>       valid_lft forever preferred_lft forever
>    inet6 fc00::1/64 scope global tentative
>       valid_lft forever preferred_lft forever
>5: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master
>virbr1 state DOWN group default qlen 500
>    link/ether 52:54:00:2c:e7:37 brd ff:ff:ff:ff:ff:ff
>6: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue
>state UP group default
>    link/ether 52:54:00:cb:3e:ff brd ff:ff:ff:ff:ff:ff
>    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
>       valid_lft forever preferred_lft forever
>7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master
>virbr0 state DOWN group default qlen 500
>    link/ether 52:54:00:cb:3e:ff brd ff:ff:ff:ff:ff:ff
>=====================================
>
>thanks,
>joachim
>
>
>
>
>_______________________________________________
>nix-dev mailing list
>nix-dev at lists.science.uu.nl
>http://lists.science.uu.nl/mailman/listinfo/nix-dev
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.science.uu.nl/pipermail/nix-dev/attachments/20160104/6b68150f/attachment.html

More information about the nix-dev mailing list