kvm/qemu debian 10 vm network issue

Question

I'm trying to run a default basic deb10 VM on my deb10 dedicated server but I can't reach the VM on the default network. I can't make it acquire any IP address nor reach it in any way. I tried many things on many threads found online, without success.

The easiest solution I found was to enable port forwarding (because of the NAT mode of default conf) and start over but it didnt worked either.

sudo sysctl -w net.ipv4.ip_forward=1

I'll try to give as many informations as I can.

Script

#!/bin/bash
vname="deb"
virt-builder debian-10 \
   --size 15G \
   --format qcow2 -o "disk/$vname.qcow2" \
   --hostname "$vname.local" \
   --ssh-inject "root:string:ssh-rsa somesuperrsapubkey user@host" \
   --root-password disabled \
   --timezone "Europe/Paris" \
   --update
virt-install \
   --import \
   --name "$vname" \
   --ram 1024 \
   --vcpu 1 \
   --disk "disk/$vname.qcow2" \
   --os-variant debian10 \
   --network default \
   --noautoconsole

Nothing very fancy in this, I'm trying to stay as basic as possible.

IP interfaces

ansible@host:/kvm$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
    link/ether x:x:x:x:x:x brd ff:ff:ff:ff:ff:ff
    inet x.x.x.x/24 brd x.x.x.255 scope global dynamic eno1
       valid_lft 57059sec preferred_lft 57059sec
    inet6 x::x:x:x:x/64 scope link 
       valid_lft forever preferred_lft forever
3: eno2: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000
    link/ether x:x:x:x:x:x brd ff:ff:ff:ff:ff:ff
42: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 52:54:00:9b:bf:4c brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
       valid_lft forever preferred_lft forever
43: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:9b:bf:4c brd ff:ff:ff:ff:ff:ff
44: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master virbr0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:9a:81:24 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:fe9a:8124/64 scope link 
       valid_lft forever preferred_lft forever

Firewall

ansible@host:/kvm$ sudo iptables -nvL
Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:53
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:53
    0     0 ACCEPT     udp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
    0     0 ACCEPT     tcp  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  *      virbr0  0.0.0.0/0            192.168.122.0/24     ctstate RELATED,ESTABLISHED
    0     0 ACCEPT     all  --  virbr0 *       192.168.122.0/24     0.0.0.0/0           
    0     0 ACCEPT     all  --  virbr0 virbr0  0.0.0.0/0            0.0.0.0/0           
    0     0 REJECT     all  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
    0     0 REJECT     all  --  virbr0 *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     udp  --  *      virbr0  0.0.0.0/0            0.0.0.0/0            udp dpt:68

Virsh manipulations

ansible@host:/kvm$ sudo virsh
virsh # net-dumpxml default
<network connections='1'>
  <name>default</name>
  <uuid>75e2d7eb-389c-406b-a63e-7fe5e9f188f5</uuid>
  <forward mode='nat'>
    <nat>
      <port start='1024' end='65535'/>
    </nat>
  </forward>
  <bridge name='virbr0' stp='on' delay='0'/>
  <mac address='52:54:00:9b:bf:4c'/>
  <ip address='192.168.122.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='192.168.122.2' end='192.168.122.254'/>
    </dhcp>
  </ip>
</network>

virsh # domifaddr deb 
 Name       MAC address          Protocol     Address
-------------------------------------------------------------------------------

virsh # domiflist deb 
 Interface   Type      Source    Model    MAC
-------------------------------------------------------------
 vnet0       network   default   virtio   52:54:00:9a:81:24

virsh # list
 Id   Name   State
----------------------
 19   deb    running

virsh # net-list
 Name      State    Autostart   Persistent
--------------------------------------------
 default   active   no          yes

Is there anybody who can help me find my mistake ?

Thanks all

score 0 · Answer 1 · answered Mar 10 '22 at 09:57

It happens that the VM network interface is not activated at first boot : ifup enp1s0

I found this workaround for now but I'd like to have a better solution.

VM image build

virt-builder debian-10 \
  --size 15G \
  --format qcow2 -o "disk/deb.qcow2" \
  --hostname "deb.local" \
  --timezone "Europe/Paris" \
  --upload 00-init:/etc/network/interfaces.d/00-init \
  --update

00-init file

user@host:~/kvm$ cat 00-init 
allow-hotplug enp1s0
iface enp1s0 inet dhcp

Then the VM does get an IP address from host DHCP