You have to set: networking.firewall.checkReversePath = false; For dhcp to work and probably also want: networking.firewall.trustedInterfaces = [ "virbr0" ];
globin On 4 January 2016 02:57:44 CET, Joachim Schiele <[email protected]> wrote: >hey, > >i've added this adapter (among others) to a KVM guest: >----------------------- >a Virtual Network 'default': NAT >----------------------- > >however, KVM guests can't get a DHCP lease as the ports are filtered. >do >i have to add rules to the firewall manually to make this work? i've >checked this by disabling the firewall on the host. after the the >guests >do get leases. > >what would be the best way of extending the nixos firewall? > > >======== ip a on the host: ============================= >4: virbr1: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue >state DOWN group default > link/ether 52:54:00:2c:e7:37 brd ff:ff:ff:ff:ff:ff > inet 192.168.100.1/24 brd 192.168.100.255 scope global virbr1 > valid_lft forever preferred_lft forever > inet6 fc00::1/64 scope global tentative > valid_lft forever preferred_lft forever >5: virbr1-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master >virbr1 state DOWN group default qlen 500 > link/ether 52:54:00:2c:e7:37 brd ff:ff:ff:ff:ff:ff >6: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue >state UP group default > link/ether 52:54:00:cb:3e:ff brd ff:ff:ff:ff:ff:ff > inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 > valid_lft forever preferred_lft forever >7: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc pfifo_fast master >virbr0 state DOWN group default qlen 500 > link/ether 52:54:00:cb:3e:ff brd ff:ff:ff:ff:ff:ff >===================================== > >thanks, >joachim > > > > >_______________________________________________ >nix-dev mailing list >[email protected] >http://lists.science.uu.nl/mailman/listinfo/nix-dev
_______________________________________________ nix-dev mailing list [email protected] http://lists.science.uu.nl/mailman/listinfo/nix-dev
