KVM virtual machine & Eddie network lock in host

[vajravrtti 0]

​Could someone explain why a VirtualBox virtual machine can access the Internet in a host with Eddie and network lock but a KVM virtual machine can only do that if network lock is disabled?

[BigX 1]

Hi

​​

Sorry to resurrect an old thread but I can shed some light on this issue which may help someone. ​I've just been experimenting with KVM/Qemu and noticed the same problem.

​

​When the network lock is switched on, I believe Eddie flushes the IPTables firewall rules and so clears the rules created when I used virt-manager to create the VM. I suspect that VirtualBox works because it doesn't make use of IPTables.

​

With the network Lock OFF, my firewall rules are

​

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A INPUT -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A INPUT -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A FORWARD -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A FORWARD -i virbr0 -o virbr0 -j ACCEPT
-A FORWARD -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A FORWARD -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A OUTPUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT

​When the Lock is ON, the rules for the virtual interface "virbr0" are deleted.

​

​I'll probably have to uninstall Eddie and go back using openVPN and scripts directly to achieve the same effect like I used to when I used Windows as my main OS. Haven't figured out how to do that on Linux yet.

​

​Hope that helps

[BigX 1]

​It's just occurred to me that I could use the "Events" in preferences to execute a script to add the rules back in. I'll have to do some experimenting and see if it works (safely)