Could someone explain why a VirtualBox virtual machine can access the Internet in a host with Eddie and network lock but a KVM virtual machine can only do that if network lock is disabled?
KVM virtual machine & Eddie network lock in hostEddie Network Lock KVM
Posted 29 October 2017 - 01:12 PM
Sorry to resurrect an old thread but I can shed some light on this issue which may help someone. I've just been experimenting with KVM/Qemu and noticed the same problem.
When the network lock is switched on, I believe Eddie flushes the IPTables firewall rules and so clears the rules created when I used virt-manager to create the VM. I suspect that VirtualBox works because it doesn't make use of IPTables.
With the network Lock OFF, my firewall rules are
-P INPUT ACCEPT -P FORWARD ACCEPT -P OUTPUT ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT -A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT -A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT -A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT -A FORWARD -i virbr0 -o virbr0 -j ACCEPT -A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable -A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable -A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
When the Lock is ON, the rules for the virtual interface "virbr0" are deleted.
I'll probably have to uninstall Eddie and go back using openVPN and scripts directly to achieve the same effect like I used to when I used Windows as my main OS. Haven't figured out how to do that on Linux yet.
Hope that helps
- blknit likes this
|Topic||Forum||Started By||Stats||Last Post Info|
||News and Announcement||Staff||
||Blocked websites warning||Pagano||
||Troubleshooting and Problems||Dakin||
||Troubleshooting and Problems||B3nB3n||
1 user(s) are reading this topic
0 members, 1 guests, 0 anonymous users