Jump to content


Photo

KVM virtual machine & Eddie network lock in host

Eddie Network Lock KVM

  • Please log in to reply
2 replies to this topic

#1 vajravrtti

vajravrtti

    Newbie

  • New Members
  • Pip
  • 3 posts

Posted 06 August 2017 - 01:55 AM

​Could someone explain why a VirtualBox virtual machine can access the Internet in a host with Eddie and network lock but a KVM virtual machine can only do that if network lock is disabled?



#2 BigX

BigX

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 29 October 2017 - 01:12 PM

Hi

​​

Sorry to resurrect an old thread but I can shed some light on this issue which may help someone. ​I've just been experimenting with KVM/Qemu and noticed the same problem.

​When the network lock is switched on, I believe Eddie flushes the IPTables firewall rules and so clears the rules created when I used virt-manager to create the VM. I suspect that VirtualBox works because it doesn't make use of IPTables.

With the network Lock OFF, my firewall rules are

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT

​When the Lock is ON, the rules for the virtual interface "virbr0" are deleted.

​I'll probably have to uninstall Eddie and go back using openVPN and scripts directly to achieve the same effect like I used to when I used Windows as my main OS. Haven't figured out how to do that on Linux yet.

​Hope that helps



#3 BigX

BigX

    Newbie

  • New Members
  • Pip
  • 2 posts

Posted 29 October 2017 - 06:48 PM

​It's just occurred to me that I could use the "Events" in preferences to execute a script to add the rules back in. I'll have to do some experimenting and see if it works (safely)







Similar Topics Collapse

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Servers online. Online Sessions: 14523 - BW: 41069 Mbit/sYour IP: 54.81.195.240Guest Access.