I'm running libvirt 9.0.0 on a Debian 12 bookworm host, setting up a
Windows 11 guest using qemu-kvm and the default NAT network[1]. When I
start the guest VM, it successfully acquires a DHCP lease, and I can
ping other hosts on my local network subnet, but something then happens
which messes up routing on the *host* machine, resulting in no access
to anything beyond my LAN. If I shutdown the VM, network access returns
to normal on the host system.
I've been unable to figure out how to fix this, and unfortunately the
terms are generic enough that Google isn't much help -- most of the
results are about issues with NAT setup (which is working), not route
configuration of the host. I did find one similar report[2], but
there's no reported solution.
I feel like this should be a very common use case, so maybe I've just
setup something wrong. Since I haven't been able to solve it on my own,
I'm hoping someone will have a pointer to get me going in the right
direction.
Further details are below, and I'm happy to provide anything else
that might prove useful.
Thanks,
Mathias
Before starting the guest VM, routes on the host are:
$ ip route
default via 172.20.1.1 dev wlan0 proto dhcp src 172.20.1.110 metric 600
169.254.0.0/16 dev virbr0 scope link metric 1000 linkdown
172.20.1.0/24 dev wlan0 proto kernel scope link src 172.20.1.110 metric 600
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 linkdown
A few seconds after the guest finishes booting, the host gets some
new routes, and connectivity outside of the local LAN subnet breaks:
$ ip route
0.0.0.0 dev vnet0 scope link
default dev vnet0 scope link
default via 172.20.1.1 dev wlan0 proto dhcp src 172.20.1.110 metric 600
169.254.0.0/16 dev vnet0 proto kernel scope link src 169.254.103.112
169.254.0.0/16 dev virbr0 scope link metric 1000
172.20.1.0/24 dev wlan0 proto kernel scope link src 172.20.1.110 metric 600
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
Within the guest, I can ping the NAT gateway (192.168.122.1), the
host's IP (172.20.1.110), and another computer on the network
(172.20.1.105), so NAT appears to be working correctly:
C:\Users\user>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : DESKTOP-LGNEPEC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Red Hat VirtIO Ethernet Adapter
Physical Address. . . . . . . . . : 52-54-00-AE-05-B2
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::2881:98b7:34b8:fe2%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.122.203(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Monday, June 19, 2023 14:03:57
Lease Expires . . . . . . . . . . : Monday, June 19, 2023 15:03:57
Default Gateway . . . . . . . . . : 192.168.122.1
DHCP Server . . . . . . . . . . . : 192.168.122.1
DHCPv6 IAID . . . . . . . . . . . : 340939776
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2C-0E-E6-F4-52-54-00-AE-05-B2
DNS Servers . . . . . . . . . . . : 192.168.122.1
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\Users\user>ping 192.168.122.1
Pinging 192.168.122.1 with 32 bytes of data:
Reply from 192.168.122.1: bytes=32 time<1ms TTL=64
Reply from 192.168.122.1: bytes=32 time<1ms TTL=64
Reply from 192.168.122.1: bytes=32 time<1ms TTL=64
Reply from 192.168.122.1: bytes=32 time<1ms TTL=64
Ping statistics for 192.168.122.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Users\user>ping 172.20.1.110
Pinging 172.20.1.110 with 32 bytes of data:
Reply from 172.20.1.110: bytes=32 time<1ms TTL=64
Reply from 172.20.1.110: bytes=32 time<1ms TTL=64
Reply from 172.20.1.110: bytes=32 time<1ms TTL=64
Reply from 172.20.1.110: bytes=32 time<1ms TTL=64
Ping statistics for 172.20.1.110:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
C:\Users\user>ping 172.20.1.105
Pinging 172.20.1.105 with 32 bytes of data:
Reply from 172.20.1.105: bytes=32 time=49ms TTL=63
Reply from 172.20.1.105: bytes=32 time=31ms TTL=63
Reply from 172.20.1.105: bytes=32 time=26ms TTL=63
Reply from 172.20.1.105: bytes=32 time=26ms TTL=63
Ping statistics for 172.20.1.105:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 26ms, Maximum = 49ms, Average = 33ms
-----
[1] -- Here's the NAT configuration:
<network>
<name>default</name>
<uuid>ff6cd6ed-a8fe-4e50-8852-3c93a169e156</uuid>
<forward mode="nat">
<nat>
<port start="1024" end="65535"/>
</nat>
</forward>
<bridge name="virbr0" stp="on" delay="0"/>
<mac address="52:54:00:4e:80:30"/>
<ip address="192.168.122.1" netmask="255.255.255.0">
<dhcp>
<range start="192.168.122.2" end="192.168.122.254"/>
</dhcp>
</ip>
</network>
[2] --
https://unix.stackexchange.com/questions/723091/kvm-booting-guest-breaks-...