Qemu/kvm network no longer works

Gull · February 10, 2025, 3:47am

After last update network under virt-manager became broken in both of my VMs(windows and alpine). It’s not completely broken: VM can still resolve previously unknown addresses, so DNS for them works fine, but they timeout with any other type of connection. Anyone had the same issue?

(There is nothing in host iptables)

Network in apline vm is defined as this:

<interface type="network">
  <mac address="52:54:00:d7:14:6b"/>
  <source network="default"/>
  <model type="virtio"/>
  <address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>

garuda-ixni:

system:
  kernel: 6.13.2-zen1-1-zen arch: x86_64 bits: 64 compiler: gcc v: 14.2.1
    clocksource: tsc avail: acpi_pm
    parameters: boot_image=/@/boot/vmlinuz-linux-zen
    root=uuid=f4abdfb3-a5da-4eb0-9ed1-8b2c41c61b6d rw rootflags=subvol=@
    quiet quiet rd.udev.log_priority=3 vt.global_cursor_default=0
    resume=uuid=b63b1b5e-6eea-4c48-a127-6b8f5851874d loglevel=3 ibt=off
  desktop: kde plasma v: 6.2.5 tk: qt v: n/a info: frameworks v: 6.10.0
    wm: kwin_wayland vt: 1 dm: sddm distro: garuda base: arch linux
machine:
  type: laptop system: micro-star product: raider ge76 12uhs v: rev:1.0
    serial: <superuser required> chassis: type: 10 serial: <superuser required>
  mobo: micro-star model: ms-17k4 v: rev:1.0 serial: <superuser required>
    part-nu: 17k4.2 uuid: <superuser required> uefi: american megatrends llc.
    v: e17k4ims.207 date: 03/31/2022
cpu:
  info: model: 12th gen intel core i9-12900hk bits: 64 type: mst amcp
    arch: alder lake gen: core 12 level: v3 note: check built: 2021+
    process: intel 7 (10nm esf) family: 6 model-id: 0x9a (154) stepping: 3
    microcode: 0x435
  topology: cpus: 1x dies: 1 clusters: 8 cores: 14 threads: 20 mt: 6 tpc: 2
    st: 8 smt: enabled cache: l1: 1.2 mib desc: d-8x32 kib, 6x48 kib; i-6x32
    kib, 8x64 kib l2: 11.5 mib desc: 6x1.2 mib, 2x2 mib l3: 24 mib
    desc: 1x24 mib
  speed (mhz): avg: 400 min/max: 400/4900:5000:3800 scaling:
    driver: intel_pstate governor: powersave cores: 1: 400 2: 400 3: 400 4: 400
    5: 400 6: 400 7: 400 8: 400 9: 400 10: 400 11: 400 12: 400 13: 400 14: 400
    15: 400 16: 400 17: 400 18: 400 19: 400 20: 400 bogomips: 116736
  flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
  vulnerabilities: <filter>
graphics:
  device-1: intel alder lake-p gt2 [iris xe graphics] vendor: micro-star msi
    driver: i915 v: kernel alternate: xe arch: xe process: intel 10nm
    built: 2021-22+ ports: active: edp-1 empty: dp-1,dp-2 bus-id: 00:02.0
    chip-id: 8086:46a6 class-id: 0300
  device-2: nvidia ga103m [geforce rtx 3080 ti mobile]
    vendor: micro-star msi driver: nvidia v: 570.86.16
    alternate: nouveau,nvidia_drm non-free: 550/565.xx+ status: current (as
    of 2025-01; eol~2026-12-xx) arch: ampere code: gaxxx
    process: tsmc n7 (7nm) built: 2020-2023 pcie: gen: 4 speed: 16 gt/s
    lanes: 8 link-max: lanes: 16 ports: active: none empty: dp-3, dp-4,
    hdmi-a-1, edp-2 bus-id: 01:00.0 chip-id: 10de:2420 class-id: 0300
  device-3: bison integrated camera driver: uvcvideo type: usb rev: 2.0
    speed: 480 mb/s lanes: 1 mode: 2.0 bus-id: 3-7:4 chip-id: 5986:1160
    class-id: 0e02 serial: <filter>
  display: wayland server: x.org v: 1.21.1.15 with: xwayland v: 24.1.5
    compositor: kwin_wayland driver: x: loaded: modesetting,nvidia
    unloaded: nouveau alternate: fbdev,intel,nv,vesa dri: iris gpu: i915
    display-id: 0
  monitor-1: edp-1 model: sharp lq173m1jw08 built: 2021 res: mode: 1920x1080
    hz: 360 scale: 100% (1) dpi: 128 gamma: 1.2 size: 382x215mm (15.04x8.46")
    diag: 438mm (17.3") ratio: 16:9 modes: 1920x1080
  api: egl v: 1.5 hw: drv: intel iris drv: nvidia platforms: device: 0
    drv: nvidia gbm: drv: nvidia surfaceless: drv: nvidia wayland: drv: iris
    x11: drv: iris
  api: opengl v: 4.6.0 compat-v: 4.6 vendor: intel mesa v: 24.3.4-arch1.1
    glx-v: 1.4 direct-render: yes renderer: mesa intel iris xe graphics (adl
    gt2) device-id: 8086:46a6 memory: 15.16 gib unified: yes display-id: :1.0
  api: vulkan v: 1.4.303 layers: 16 device: 0 type: integrated-gpu
    name: intel iris xe graphics (adl gt2) driver: n/a device-id: 8086:46a6
    surfaces: xcb,xlib,wayland device: 1 type: discrete-gpu name: nvidia
    geforce rtx 3080 ti laptop gpu driver: n/a device-id: 10de:2420
    surfaces: xcb,xlib,wayland device: 2 type: cpu name: llvmpipe (llvm
    19.1.7 256 bits) driver: n/a device-id: 10005:0000
    surfaces: xcb,xlib,wayland
  info: tools: api: clinfo, eglinfo, glxinfo, vulkaninfo
    de: kscreen-console,kscreen-doctor gpu: corectrl, nvidia-settings,
    nvidia-smi wl: kanshi, wayland-info, wdisplays, wlr-randr
    x11: xdpyinfo, xprop, xrandr
audio:
  device-1: intel alder lake pch-p high definition audio
    vendor: micro-star msi driver: sof-audio-pci-intel-tgl
    alternate: snd_hda_intel, snd_soc_avs, snd_sof_pci_intel_tgl
    bus-id: 00:1f.3 chip-id: 8086:51c8 class-id: 0401
  device-2: nvidia vendor: micro-star msi driver: snd_hda_intel v: kernel
    pcie: gen: 4 speed: 16 gt/s lanes: 8 link-max: lanes: 16 bus-id: 01:00.1
    chip-id: 10de:2288 class-id: 0403
  api: alsa v: k6.13.2-zen1-1-zen status: kernel-api with: aoss
    type: oss-emulator tools: alsactl,alsamixer,amixer
  server-1: sndiod v: n/a status: off tools: aucat,midicat,sndioctl
  server-2: pipewire v: 1.2.7 status: active with: 1: pipewire-pulse
    status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
    4: pw-jack type: plugin tools: pactl,pw-cat,pw-cli,wpctl
network:
  device-1: intel alder lake-p pch cnvi wifi vendor: rivet networks dual band
    wi-fi 6e ax1675i 160mhz 2x2 driver: iwlwifi v: kernel bus-id: 00:14.3
    chip-id: 8086:51f0 class-id: 0280
  if: wlo1 state: up mac: <filter>
  device-2: realtek killer e3000 2.5gbe vendor: micro-star msi driver: r8169
    v: kernel pcie: gen: 2 speed: 5 gt/s lanes: 1 port: 3000 bus-id: 30:00.0
    chip-id: 10ec:3000 class-id: 0200
  if: enp48s0 state: up speed: 100 mbps duplex: full mac: <filter>
  if-id-1: br-0858a2351da9 state: down mac: <filter>
  if-id-2: docker0 state: down mac: <filter>
  if-id-3: virbr0 state: up speed: 10000 mbps duplex: unknown mac: <filter>
  if-id-4: vnet0 state: unknown speed: 10000 mbps duplex: full mac: <filter>
  info: services: networkmanager, systemd-timesyncd, wpa_supplicant
bluetooth:
  device-1: intel ax211 bluetooth driver: btusb v: 0.8 type: usb rev: 2.0
    speed: 12 mb/s lanes: 1 mode: 1.1 bus-id: 3-10:8 chip-id: 8087:0033
    class-id: e001
  report: btmgmt id: hci0 rfk-id: 0 state: up address: <filter> bt-v: 5.3
    lmp-v: 12 status: discoverable: no pairing: no class-id: 6c010c
drives:
  local storage: total: 2.75 tib used: 1.47 tib (53.4%)
  smart message: unable to run smartctl. root privileges required.
  id-1: /dev/nvme0n1 maj-min: 259:0 vendor: samsung
    model: mzvl21t0hclr-00b00 size: 953.87 gib block-size: physical: 512 b
    logical: 512 b speed: 63.2 gb/s lanes: 4 tech: ssd serial: <filter>
    fw-rev: gxa7401q temp: 52.9 c scheme: gpt
  id-2: /dev/nvme1n1 maj-min: 259:6 vendor: samsung
    model: ssd 970 evo plus 2tb size: 1.82 tib block-size: physical: 512 b
    logical: 512 b speed: 31.6 gb/s lanes: 4 tech: ssd serial: <filter>
    fw-rev: 2b2qexm7 temp: 53.9 c scheme: gpt
partition:
  id-1: / raw-size: 1.79 tib size: 1.79 tib (100.00%) used: 1.47 tib (82.3%)
    fs: btrfs dev: /dev/nvme1n1p2 maj-min: 259:8
  id-2: /boot/efi raw-size: 300 mib size: 299.4 mib (99.80%)
    used: 584 kib (0.2%) fs: vfat dev: /dev/nvme1n1p1 maj-min: 259:7
  id-3: /home raw-size: 1.79 tib size: 1.79 tib (100.00%)
    used: 1.47 tib (82.3%) fs: btrfs dev: /dev/nvme1n1p2 maj-min: 259:8
  id-4: /var/log raw-size: 1.79 tib size: 1.79 tib (100.00%)
    used: 1.47 tib (82.3%) fs: btrfs dev: /dev/nvme1n1p2 maj-min: 259:8
  id-5: /var/tmp raw-size: 1.79 tib size: 1.79 tib (100.00%)
    used: 1.47 tib (82.3%) fs: btrfs dev: /dev/nvme1n1p2 maj-min: 259:8
swap:
  kernel: swappiness: 133 (default 60) cache-pressure: 100 (default) zswap: no
  id-1: swap-1 type: zram size: 31.05 gib used: 0 kib (0.0%) priority: 100
    comp: zstd avail: lzo-rle,lzo,lz4,lz4hc,deflate,842 max-streams: 20
    dev: /dev/zram0
  id-2: swap-2 type: partition size: 34.16 gib used: 0 kib (0.0%)
    priority: -2 dev: /dev/nvme1n1p3 maj-min: 259:9
sensors:
  system temperatures: cpu: 58.0 c mobo: n/a
  fan speeds (rpm): n/a
info:
  memory: total: 32 gib note: est. available: 31.05 gib used: 6.66 gib (21.4%)
  processes: 446 power: uptime: 5m states: freeze,mem,disk suspend: s2idle
    avail: deep wakeups: 0 hibernate: platform avail: shutdown, reboot,
    suspend, test_resume image: 12.37 gib services: org_kde_powerdevil,
    power-profiles-daemon, upowerd init: systemd v: 257 default: graphical
    tool: systemctl
  packages: 2758 pm: pacman pkgs: 2704 libs: 638 tools: octopi,paru,yay
    pm: rpm pkgs: 0 pm: flatpak pkgs: 54 compilers: clang: 19.1.7 gcc: 14.2.1
    alt: 11/13 shell: garuda-inxi default: bash v: 5.2.37 running-in: konsole
    inxi: 3.3.37
garuda (2.6.26-1.1):
  system install date:     2022-12-28
  last full system update: 2025-02-10
  is partially upgraded:   no
  relevant software:       snapper networkmanager mkinitcpio nvidia-dkms
  windows dual boot:       probably (run as root to verify)

To make things worse, if I rollback I can get network in alpine linux, but windows doesn’t even start:

Error starting domain: unable to open /var/lib/libvirt/images/windows10.qcow2: No space left on device

Traceback (most recent call last):
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 71, in cb_wrapper
    callback(asyncjob, *args, **kwargs)
    ~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/share/virt-manager/virtManager/asyncjob.py", line 107, in tmpcb
    callback(*args, **kwargs)
    ~~~~~~~~^^^^^^^^^^^^^^^^^
  File "/usr/share/virt-manager/virtManager/object/libvirtobject.py", line 57, in newfn
    ret = fn(self, *args, **kwargs)
  File "/usr/share/virt-manager/virtManager/object/domain.py", line 1384, in startup
    self._backend.create()
    ~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/lib/python3.13/site-packages/libvirt.py", line 1379, in create
    raise libvirtError('virDomainCreate() failed')
libvirt.libvirtError: unable to open /var/lib/libvirt/images/windows10.qcow2: No space left on device

ETA If I reboot on the latest snapshot, it does start just fine. But doesn’t connect to anything. And I do have 300GB free on host system. Virtual disk is around 20GB.

ETA2: Ok, I’ve figured out about no space left - it’s because I’ve loaded earlier snapshot. Once I applied it, it works fine, except my system is out of date.

ixni from my current time in travel.

System:
  Kernel: 6.13.1-zen3-1-zen arch: x86_64 bits: 64 compiler: gcc v: 14.2.1
    clocksource: tsc avail: acpi_pm
    parameters: BOOT_IMAGE=/@/boot/vmlinuz-linux-zen
    root=UUID=f4abdfb3-a5da-4eb0-9ed1-8b2c41c61b6d rw rootflags=subvol=@
    quiet quiet rd.udev.log_priority=3 vt.global_cursor_default=0
    resume=UUID=b63b1b5e-6eea-4c48-a127-6b8f5851874d loglevel=3 ibt=off
  Desktop: KDE Plasma v: 6.2.5 tk: Qt v: N/A info: frameworks v: 6.10.0
    wm: kwin_wayland vt: 1 dm: SDDM Distro: Garuda base: Arch Linux
Machine:
  Type: Laptop System: Micro-Star product: Raider GE76 12UHS v: REV:1.0
    serial: <superuser required> Chassis: type: 10 serial: <superuser required>
  Mobo: Micro-Star model: MS-17K4 v: REV:1.0 serial: <superuser required>
    part-nu: 17K4.2 uuid: <superuser required> UEFI: American Megatrends LLC.
    v: E17K4IMS.207 date: 03/31/2022
CPU:
  Info: model: 12th Gen Intel Core i9-12900HK bits: 64 type: MST AMCP
    arch: Alder Lake gen: core 12 level: v3 note: check built: 2021+
    process: Intel 7 (10nm ESF) family: 6 model-id: 0x9A (154) stepping: 3
    microcode: 0x435
  Topology: cpus: 1x dies: 1 clusters: 8 cores: 14 threads: 20 mt: 6 tpc: 2
    st: 8 smt: enabled cache: L1: 1.2 MiB desc: d-8x32 KiB, 6x48 KiB; i-6x32
    KiB, 8x64 KiB L2: 11.5 MiB desc: 6x1.2 MiB, 2x2 MiB L3: 24 MiB
    desc: 1x24 MiB
  Speed (MHz): avg: 400 min/max: 400/4900:5000:3800 scaling:
    driver: intel_pstate governor: powersave cores: 1: 400 2: 400 3: 400 4: 400
    5: 400 6: 400 7: 400 8: 400 9: 400 10: 400 11: 400 12: 400 13: 400 14: 400
    15: 400 16: 400 17: 400 18: 400 19: 400 20: 400 bogomips: 116736
  Flags: avx avx2 ht lm nx pae sse sse2 sse3 sse4_1 sse4_2 ssse3 vmx
  Vulnerabilities: <filter>
Graphics:
  Device-1: Intel Alder Lake-P GT2 [Iris Xe Graphics] vendor: Micro-Star MSI
    driver: i915 v: kernel alternate: xe arch: Xe process: Intel 10nm
    built: 2021-22+ ports: active: eDP-1 empty: DP-1,DP-2 bus-ID: 00:02.0
    chip-ID: 8086:46a6 class-ID: 0300
  Device-2: NVIDIA GA103M [GeForce RTX 3080 Ti Mobile]
    vendor: Micro-Star MSI driver: nvidia v: 570.86.16
    alternate: nouveau,nvidia_drm non-free: 550/565.xx+ status: current (as
    of 2025-01; EOL~2026-12-xx) arch: Ampere code: GAxxx
    process: TSMC n7 (7nm) built: 2020-2023 pcie: gen: 4 speed: 16 GT/s
    lanes: 8 link-max: lanes: 16 ports: active: none empty: DP-3, DP-4,
    HDMI-A-1, eDP-2 bus-ID: 01:00.0 chip-ID: 10de:2420 class-ID: 0300
  Device-3: Bison Integrated Camera driver: uvcvideo type: USB rev: 2.0
    speed: 480 Mb/s lanes: 1 mode: 2.0 bus-ID: 3-7:4 chip-ID: 5986:1160
    class-ID: 0e02 serial: <filter>
  Display: wayland server: X.org v: 1.21.1.15 with: Xwayland v: 24.1.5
    compositor: kwin_wayland driver: X: loaded: modesetting,nvidia
    unloaded: nouveau alternate: fbdev,intel,nv,vesa dri: iris gpu: i915
    display-ID: 0
  Monitor-1: eDP-1 model: Sharp LQ173M1JW08 built: 2021 res: mode: 1920x1080
    hz: 360 scale: 100% (1) dpi: 128 gamma: 1.2 size: 382x215mm (15.04x8.46")
    diag: 438mm (17.3") ratio: 16:9 modes: 1920x1080
  API: EGL v: 1.5 hw: drv: intel iris drv: nvidia platforms: device: 0
    drv: nvidia gbm: drv: nvidia surfaceless: drv: nvidia wayland: drv: iris
    x11: drv: iris
  API: OpenGL v: 4.6.0 compat-v: 4.6 vendor: intel mesa v: 24.3.4-arch1.1
    glx-v: 1.4 direct-render: yes renderer: Mesa Intel Iris Xe Graphics (ADL
    GT2) device-ID: 8086:46a6 memory: 15.16 GiB unified: yes display-ID: :1.0
  API: Vulkan v: 1.4.303 layers: 16 device: 0 type: integrated-gpu
    name: Intel Iris Xe Graphics (ADL GT2) driver: N/A device-ID: 8086:46a6
    surfaces: xcb,xlib,wayland device: 1 type: discrete-gpu name: NVIDIA
    GeForce RTX 3080 Ti Laptop GPU driver: N/A device-ID: 10de:2420
    surfaces: xcb,xlib,wayland device: 2 type: cpu name: llvmpipe (LLVM
    19.1.7 256 bits) driver: N/A device-ID: 10005:0000
    surfaces: xcb,xlib,wayland
  Info: Tools: api: clinfo, eglinfo, glxinfo, vulkaninfo
    de: kscreen-console,kscreen-doctor gpu: corectrl, nvidia-settings,
    nvidia-smi wl: kanshi, wayland-info, wdisplays, wlr-randr
    x11: xdpyinfo, xprop, xrandr
Audio:
  Device-1: Intel Alder Lake PCH-P High Definition Audio
    vendor: Micro-Star MSI driver: sof-audio-pci-intel-tgl
    alternate: snd_hda_intel, snd_soc_avs, snd_sof_pci_intel_tgl
    bus-ID: 00:1f.3 chip-ID: 8086:51c8 class-ID: 0401
  Device-2: NVIDIA vendor: Micro-Star MSI driver: snd_hda_intel v: kernel
    pcie: gen: 4 speed: 16 GT/s lanes: 8 link-max: lanes: 16 bus-ID: 01:00.1
    chip-ID: 10de:2288 class-ID: 0403
  API: ALSA v: k6.13.1-zen3-1-zen status: kernel-api with: aoss
    type: oss-emulator tools: alsactl,alsamixer,amixer
  Server-1: sndiod v: N/A status: off tools: aucat,midicat,sndioctl
  Server-2: PipeWire v: 1.2.7 status: active with: 1: pipewire-pulse
    status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
    4: pw-jack type: plugin tools: pactl,pw-cat,pw-cli,wpctl
Network:
  Device-1: Intel Alder Lake-P PCH CNVi WiFi vendor: Rivet Networks Dual Band
    Wi-Fi 6E AX1675i 160MHz 2x2 driver: iwlwifi v: kernel bus-ID: 00:14.3
    chip-ID: 8086:51f0 class-ID: 0280
  IF: wlo1 state: up mac: <filter>
  Device-2: Realtek Killer E3000 2.5GbE vendor: Micro-Star MSI driver: r8169
    v: kernel pcie: gen: 2 speed: 5 GT/s lanes: 1 port: 3000 bus-ID: 30:00.0
    chip-ID: 10ec:3000 class-ID: 0200
  IF: enp48s0 state: up speed: 100 Mbps duplex: full mac: <filter>
  IF-ID-1: virbr0 state: up speed: 10000 Mbps duplex: unknown mac: <filter>
  IF-ID-2: vnet0 state: unknown speed: 10000 Mbps duplex: full mac: <filter>
  Info: services: NetworkManager, systemd-timesyncd, wpa_supplicant
Bluetooth:
  Device-1: Intel AX211 Bluetooth driver: btusb v: 0.8 type: USB rev: 2.0
    speed: 12 Mb/s lanes: 1 mode: 1.1 bus-ID: 3-10:8 chip-ID: 8087:0033
    class-ID: e001
  Report: btmgmt ID: hci0 rfk-id: 0 state: up address: <filter> bt-v: 5.3
    lmp-v: 12 status: discoverable: no pairing: no class-ID: 6c010c
Drives:
  Local Storage: total: 2.75 TiB used: 1.49 TiB (54.0%)
  SMART Message: Unable to run smartctl. Root privileges required.
  ID-1: /dev/nvme0n1 maj-min: 259:0 vendor: Samsung
    model: MZVL21T0HCLR-00B00 size: 953.87 GiB block-size: physical: 512 B
    logical: 512 B speed: 63.2 Gb/s lanes: 4 tech: SSD serial: <filter>
    fw-rev: GXA7401Q temp: 53.9 C scheme: GPT
  ID-2: /dev/nvme1n1 maj-min: 259:6 vendor: Samsung
    model: SSD 970 EVO Plus 2TB size: 1.82 TiB block-size: physical: 512 B
    logical: 512 B speed: 31.6 Gb/s lanes: 4 tech: SSD serial: <filter>
    fw-rev: 2B2QEXM7 temp: 59.9 C scheme: GPT
Partition:
  ID-1: / raw-size: 1.79 TiB size: 1.79 TiB (100.00%) used: 1.49 TiB (83.2%)
    fs: btrfs dev: /dev/nvme1n1p2 maj-min: 259:8
  ID-2: /boot/efi raw-size: 300 MiB size: 299.4 MiB (99.80%)
    used: 584 KiB (0.2%) fs: vfat dev: /dev/nvme1n1p1 maj-min: 259:7
  ID-3: /home raw-size: 1.79 TiB size: 1.79 TiB (100.00%)
    used: 1.49 TiB (83.2%) fs: btrfs dev: /dev/nvme1n1p2 maj-min: 259:8
  ID-4: /var/log raw-size: 1.79 TiB size: 1.79 TiB (100.00%)
    used: 1.49 TiB (83.2%) fs: btrfs dev: /dev/nvme1n1p2 maj-min: 259:8
  ID-5: /var/tmp raw-size: 1.79 TiB size: 1.79 TiB (100.00%)
    used: 1.49 TiB (83.2%) fs: btrfs dev: /dev/nvme1n1p2 maj-min: 259:8
Swap:
  Kernel: swappiness: 133 (default 60) cache-pressure: 100 (default) zswap: no
  ID-1: swap-1 type: zram size: 31.05 GiB used: 0 KiB (0.0%) priority: 100
    comp: zstd avail: lzo-rle,lzo,lz4,lz4hc,deflate,842 max-streams: 20
    dev: /dev/zram0
  ID-2: swap-2 type: partition size: 34.16 GiB used: 0 KiB (0.0%)
    priority: -2 dev: /dev/nvme1n1p3 maj-min: 259:9
Sensors:
  System Temperatures: cpu: 58.8 C mobo: N/A
  Fan Speeds (rpm): N/A
Info:
  Memory: total: 32 GiB note: est. available: 31.05 GiB
    used: 10.91 GiB (35.1%)
  Processes: 454 Power: uptime: 2m states: freeze,mem,disk suspend: s2idle
    avail: deep wakeups: 0 hibernate: platform avail: shutdown, reboot,
    suspend, test_resume image: 12.37 GiB services: org_kde_powerdevil,
    power-profiles-daemon, upowerd Init: systemd v: 257 default: graphical
    tool: systemctl
  Packages: 2754 pm: pacman pkgs: 2700 libs: 638 tools: octopi,paru,yay
    pm: rpm pkgs: 0 pm: flatpak pkgs: 54 Compilers: clang: 19.1.7 gcc: 14.2.1
    alt: 11/13 Shell: garuda-inxi default: Bash v: 5.2.37 running-in: konsole
    inxi: 3.3.37
Garuda (2.6.26-1.1):
  System install date:     2022-12-28
  Last full system update: 2025-02-01
  Is partially upgraded:   No
  Relevant software:       snapper NetworkManager mkinitcpio nvidia-dkms
  Windows dual boot:       Probably (Run as root to verify)
  Failed units:

nepti · February 10, 2025, 7:22pm

Maybe, but it could also be that “Docker” is the cause:

Gull:

if-id-1: br-0858a2351da9 state: down mac: <filter>
  if-id-2: docker0 state: down mac: <filter>
  if-id-3: virbr0 state: up speed: 10000 mbps duplex: unknown mac: <filter>
  if-id-4: vnet0 state: unknown speed: 10000 mbps duplex: full mac: <filter>

Check if the FORWARD policy in iptables is set to ACCEPT:

sudo iptables -L

If not, then create a rule to allow forwarding on the interface you are bridging to.

Gull · February 10, 2025, 9:04pm

Maybe. I’ve checked it: on working snapshot after a day of work at least after I’ve used docker, and also setting it to autostart, iptables were full and VMs were fine. (I don’t know if iptables were filled just after reverting or after I’ve started docker during the work: I checked iptables only when VMs didn’t work).

I did iptables-save and did the update again. Network in VMs beside DNS stopped working. But this time there were rules in iptables. I saved them and compared:

--- iptables.saved      2025-02-11 02:09:09.953755232 +0600
+++ iptables.nonworking 2025-02-11 02:15:55.291746347 +0600
@@ -1,7 +1,7 @@
-# Generated by iptables-save v1.8.10 (nf_tables) on Tue Feb 11 02:09:09 2025
+# Generated by iptables-save v1.8.10 (nf_tables) on Tue Feb 11 02:15:55 2025
 *filter
 :INPUT ACCEPT [0:0]
-:FORWARD ACCEPT [24069:2960493]
+:FORWARD DROP [8:672]
 :OUTPUT ACCEPT [0:0]
 :DOCKER - [0:0]
 :DOCKER-ISOLATION-STAGE-1 - [0:0]
@@ -25,13 +25,13 @@
 -A DOCKER-ISOLATION-STAGE-2 -j RETURN
 -A DOCKER-USER -j RETURN
 COMMIT
-# Completed on Tue Feb 11 02:09:09 2025
-# Generated by iptables-save v1.8.10 (nf_tables) on Tue Feb 11 02:09:09 2025
+# Completed on Tue Feb 11 02:15:55 2025
+# Generated by iptables-save v1.8.10 (nf_tables) on Tue Feb 11 02:15:55 2025
 *nat
-:PREROUTING ACCEPT [647:58727]
+:PREROUTING ACCEPT [15:2146]
 :INPUT ACCEPT [0:0]
-:OUTPUT ACCEPT [5276:802518]
-:POSTROUTING ACCEPT [5399:809227]
+:OUTPUT ACCEPT [114:18227]
+:POSTROUTING ACCEPT [112:17603]
 :DOCKER - [0:0]
 -A PREROUTING -m addrtype --dst-type LOCAL -j DOCKER
 -A OUTPUT ! -d 127.0.0.0/8 -m addrtype --dst-type LOCAL -j DOCKER
@@ -40,4 +40,4 @@
 -A DOCKER -i docker0 -j RETURN
 -A DOCKER -i br-0858a2351da9 -j RETURN
 COMMIT
-# Completed on Tue Feb 11 02:09:09 2025
+# Completed on Tue Feb 11 02:15:55 2025

After update forward was changed from ACCEPT to DROP. I’m not sure why first time I checked iptables were in a clean state but VM network didn’t work. Maybe it did not work because it wanted its own rules.

Well, I’ve iptables-restored working rules to and it works. I’ve also stopped and started docker service (together with docker.socket service), and at least this didn’t change iptables.

Gull · February 11, 2025, 6:54pm

Yeah, it seems docker started to misbehave.
Adding forwarding in both direction between real and virtual devices made it work

iptables -A FORWARD -i enp48s0 -o virbr0 -j ACCEPT
iptables -A FORWARD -i virbr0 -o enp48s0 -j ACCEPT

system · February 13, 2025, 6:54pm

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.