0

I am testing libvirt/qemu/kvm based linux guest vm on an arch linux pc where firewalld is running.

The simple linux guest is using default libvirt network with nat forwarding. According libvirt documentation the guest should be able to access host network (lan) without additional configuration. libvirt installation creates a zone called libvirt in firewalld and puts virbr0 virtual bridge to this zone. 

I have not done any additional configuration to firewalld. The guest can ping host, host can ping guest as expected. however guest can not ping other machines in host network. ping responst as packets are filtered.

However based on https://lukas.zapletalovi.com/posts/202 … rt-network post, if I put virbr0 bridge to trusted zone, then guest can access host lan or ping machines in host network.

I have tried many things in firewalld and libvirt to make the initial default settings to work such as creating policies etc, but none of them worked.

I appreciate any insight about the reason. There is definetly my lack of knowledge either in firewalld or libvirt or both.

benibilme
  • 77
  • 1
  • 6
  • I have noticed that unless firewalld zone target is accept, to make flow traffic from one zone to another, one has to define a policy. The trusted zone accepts all ingress or engress traffic. I guess, I need to define policy from libvirt zone to other in two ways meaning to policies for each direction. – benibilme Feb 17 '23 at 23:16

0 Answers0