Well I can certainly see the host network from a VM, but I don't think I have transparent dns across the bridge, but explicit ip works.
artix-dinit:[robin]:~$ ping google.com
PING google.com (142.250.187.206) 56(84) bytes of data.
64 bytes from lhr25s33-in-f14.1e100.net (142.250.187.206): icmp_seq=1 ttl=116 time=1.86 ms
64 bytes from lhr25s33-in-f14.1e100.net (142.250.187.206): icmp_seq=2 ttl=116 time=4.38 ms
^C
--- google.com ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 1002ms
rtt min/avg/max/mdev = 1.857/3.116/4.375/1.259 ms
artix-dinit:[robin]:~$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host proto kernel_lo
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,DYNAMIC,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
link/ether 52:54:00:3c:6b:ff brd ff:ff:ff:ff:ff:ff
inet 192.168.123.188/24 brd 192.168.123.255 scope global eth0
valid_lft forever preferred_lft forever
inet6 fe80::5054:ff:fe3c:6bff/64 scope link proto kernel_ll
valid_lft forever preferred_lft forever
artix-dinit:[robin]:~$ ssh 192.168.0.9
Welcome to Artix
Last login: Fri Jun 27 08:27:49 2025 from 192.168.0.16
You! What PLANET is this!
-- McCoy, "The City on the Edge of Forever", stardate 3134.0
robin@delilah:~
I can also ssh directly into the VM using an explicit IP eg
[robin@minikat:~
$ ssh 192.168.123.188
artix-dinit:[robin]:~$
Although I have nat in the virtmanager setup I see this in nm
$ nmcli connection
NAME UUID TYPE DEVICE
eno1 9cb5f3b0-eb4b-48ee-b2b0-3943c010e2b7 ethernet eno1
lo 66bee815-e115-4b0b-bbb3-ea3275fd7afd loopback lo
virbr0 f07e7176-31ad-4bf1-aed4-c13debc255d9 bridge virbr0
virbr1 9df63bd0-abbd-4bff-b16e-02757a2b2065 bridge virbr1
vnet1 152c0aac-ffe9-4cdb-be3c-524f943a8925 tun vnet1
NeuHeimat 77841e45-e6d7-4eca-a405-d3291a517946 wifi --
NeuHeimat5 1c435a04-abd4-4efe-b25d-6d1d6814dd39 wifi --
I don't know where vnet1 comes from, but it's probably from virtmanager somehow.
virtmanager/libvirt puts a lot of stuff into my iptables to do all this eg
$ sudo iptables-save | sed -e 's/\[[0-9:]*\]/[0,0]/' -e '/^#/d' | grep LIBVIRT
:LIBVIRT_PRT - [0,0]
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -o virbr1 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
-A LIBVIRT_PRT -o virbr0 -p udp -m udp --dport 68 -j CHECKSUM --checksum-fill
:LIBVIRT_PRT - [0,0]
-A POSTROUTING -j LIBVIRT_PRT
-A LIBVIRT_PRT -s 192.168.123.0/24 -d 224.0.0.0/24 -j RETURN
-A LIBVIRT_PRT -s 192.168.123.0/24 -d 255.255.255.255/32 -j RETURN
-A LIBVIRT_PRT -s 192.168.123.0/24 ! -d 192.168.123.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.123.0/24 ! -d 192.168.123.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.123.0/24 ! -d 192.168.123.0/24 -j MASQUERADE
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535
-A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
:LIBVIRT_FWI - [0,0]
:LIBVIRT_FWO - [0,0]
:LIBVIRT_FWX - [0,0]
:LIBVIRT_INP - [0,0]
:LIBVIRT_OUT - [0,0]
-A INPUT -j LIBVIRT_INP
-A FORWARD -j LIBVIRT_FWX
-A FORWARD -j LIBVIRT_FWI
-A FORWARD -j LIBVIRT_FWO
-A OUTPUT -j LIBVIRT_OUT
-A LIBVIRT_FWI -d 192.168.123.0/24 -o virbr1 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A LIBVIRT_FWI -o virbr1 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWI -d 192.168.122.0/24 -o virbr0 -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A LIBVIRT_FWI -o virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWO -s 192.168.100.0/24 ! -d 192.168.0.0/24 -i virbr1 -j ACCEPT
-A LIBVIRT_FWO -s 192.168.123.0/24 -i virbr1 -j ACCEPT
-A LIBVIRT_FWO -i virbr1 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWO -s 192.168.122.0/24 -i virbr0 -j ACCEPT
-A LIBVIRT_FWO -i virbr0 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_FWX -i virbr1 -o virbr1 -j ACCEPT
-A LIBVIRT_FWX -i virbr0 -o virbr0 -j ACCEPT
-A LIBVIRT_INP -s 192.168.100.0/24 -d 192.168.0.16/32 -i virbr1 -j REJECT --reject-with icmp-port-unreachable
-A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 67 -j ACCEPT
-A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 67 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p udp -m udp --dport 67 -j ACCEPT
-A LIBVIRT_INP -i virbr0 -p tcp -m tcp --dport 67 -j ACCEPT
-A LIBVIRT_OUT -o virbr1 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr1 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr1 -p udp -m udp --dport 68 -j ACCEPT
-A LIBVIRT_OUT -o virbr1 -p tcp -m tcp --dport 68 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p udp -m udp --dport 68 -j ACCEPT
-A LIBVIRT_OUT -o virbr0 -p tcp -m tcp --dport 68 -j ACCEPT
Topic: virbr0 has no master interfaces (Read 3813 times)
previous topic - next topic