On Thu, Sep 2, 2021, at 2:09 PM, Charles Curley wrote: > On Thu, 02 Sep 2021 12:43:41 -0500 > "David Palacio" <debian@david.palacio.io> wrote: > > > Good day, > > > > I have recently installed Debian testing around its alpha release > > state. Previously I had a working Windows 10 QEMU guest with access > > to the host Samba shares in a previous Debian testing install. I > > copied the Windows 10 disk image over to the new Debian install and > > set it up to run again but it no longer could connect to the host. It > > can ping it and the host responds to the ping but any access attempt > > to the host on a TCP port is dropped. This too happens to any new > > virtual machine I create from scratch, including Linux VMs. I have no > > idea what has changed on the host. I suspect it may be the firewall > > but I'm no network admin and I know very little outside of > > network-manager and /etc/network/interfaces. > > > > I use virtual machine manager to create and run my virtual machines. Hi, > If you copied a disk image (.qcow2 extension) over, but not the setup > files that Virtual Machine Manager (VMM) uses (in /etc/libvirt), then > Windows is on a new machine, and can have conniptions over it. Go into > Windows' device manager (or whatever they're calling it this week) and > see if it is finding all its hardware correctly. The VM virtual network hardware is working. It can access the internet. It can't access only the host, either on the virtual network ip or the physical network ip. I have since removed the old guest image and replaced it with a new installation on a new VM configuration. The same behavior is also seen on a new Linux VM running the Debian Bullseye Live KDE CD. > What program are you using to try to contact the host? I noticed the problem first with Windows Explorer to access the samba share. It simply timesout after a minute or two. Then I have tried ping and a browser. Pinging the host works and the host responds. Then I used nc to test connections like this: nc -lp 8080 On the host and point a guest browser to http://hostip:8080/ but nc never receives anything. > You may also have a firewall issue, as you say. On the host, please run > whatever you use as a firewall control program and check to see if the > relevant port(s) is open. I have to point out I haven't touched anything regarding firewall since installation, however I have attached the output of iptables and nft in this message. > You may find it useful to open a terminal and, as root, run > > tail -f /var/log/syslog > > and, while that is sitting there, try contacting the host again. If the > firewall is blocking you, you'll see it in syslog. Neither syslog nor journalctl display anything related at the time this problem happens. > If nothing obvious jumps out at you, let us know which program(s) you > are using to control your firewall (shorewall, ufw, gufw, etc.), and we > will see if someone familiar with that program can help. I don't `control` my firewall. It's all Debian's default and the installed Debian packages defaults, like libvirt, which adds some firewall rules automatically. Attached are the outputs of `iptables -L`, `nft list tables` and `nft list table tablename`. > -- > Does anybody read signatures any more? > > https://charlescurley.com > https://charlescurley.com/blog/ > >
Attachment:
nft.table.mangle
Description: Binary data
Attachment:
nft.table.nat
Description: Binary data
Attachment:
nft.table.filter
Description: Binary data
Attachment:
nft.table.firewalld
Description: Binary data
Attachment:
nft.tables
Description: Binary data
Attachment:
iptables
Description: Binary data
Attachment:
virsh.net-dumpxml.default
Description: Binary data