Virt-Manager virtual machines won't get ip address

Support Network
1

I installed Virt-Manager on Manjaro XFCE and manually added virtual machines from .qcow2 files, but none of them can obtain an IP address. The default network is active and working. I tried both VirtIO and e1000e network devices, but neither worked. I also disabled the firewall, but that didn’t resolve the issue. I’m having trouble finding what’s causing this problem.

System:
  Kernel: 6.12.48-1-MANJARO arch: x86_64 bits: 64 compiler: gcc v: 15.2.1
    clocksource: tsc avail: hpet,acpi_pm
    parameters: BOOT_IMAGE=/vmlinuz-6.12-x86_64
    root=UUID=9e2b451e-09b8-4549-aa54-79f35c17e4b3 rw quiet
    cryptdevice=UUID=f0c249b7-26fe-4872-9536-4da23f4b4f98:luks-f0c249b7-26fe-4872-9536-4da23f4b4f98
    root=/dev/mapper/luks-f0c249b7-26fe-4872-9536-4da23f4b4f98 splash
    apparmor=1 security=apparmor udev.log_priority=3
  Desktop: Xfce v: 4.20.1 tk: Gtk v: 3.24.48 wm: xfwm4 v: 4.20.0
    with: xfce4-panel tools: xfce4-screensaver vt: 7 dm: LightDM v: 1.32.0
    Distro: Manjaro base: Arch Linux
Machine:
  Type: Laptop System: Hewlett-Packard product: HP EliteBook 8560w v: A0001D02
    serial: <superuser required> Chassis: type: 10 serial: <superuser required>
  Mobo: Hewlett-Packard model: 1631 v: KBC Version 01.39
    serial: <superuser required> part-nu: XX058AV uuid: <superuser required>
    BIOS: Hewlett-Packard v: 68SVD Ver. F.22 date: 01/05/2012
Battery:
  ID-1: BAT0 charge: 0% condition: 82.9/82.9 Wh (100%) volts: 4.87 min: 14.8
    model: Hewlett-Packard Primary type: Li-ion serial: <filter> charging:
    status: not charging cycles: N/A
Memory:
  System RAM: total: 8 GiB available: 7.71 GiB used: 2.76 GiB (35.8%)
  Message: For most reliable report, use superuser + dmidecode.
  Array-1: capacity: 16 GiB slots: 4 modules: 2 EC: None
    max-module-size: 4 GiB note: est.
  Device-1: Top - Slot 2 (under) type: no module installed
  Device-2: Bottom-Slot 2(right) type: DDR3 detail: synchronous size: 4 GiB
    speed: 1333 MT/s volts: N/A width (bits): data: 64 total: 64
    manufacturer: Micron part-no: 16KTF51264HZ-1G6M1 serial: <filter>
  Device-3: Top - Slot 1 (top) type: no module installed
  Device-4: Bottom-Slot 1(left) type: DDR3 detail: synchronous size: 4 GiB
    speed: 1333 MT/s volts: N/A width (bits): data: 64 total: 64
    manufacturer: Micron part-no: 16KTF51264HZ-1G6M1 serial: <filter>
PCI Slots:
  Permissions: Unable to run dmidecode. Root privileges required.
CPU:
  Info: model: Intel Core i7-2820QM bits: 64 type: MT MCP arch: Sandy Bridge
    gen: core 2 level: v2 built: 2010-12 process: Intel 32nm family: 6
    model-id: 0x2A (42) stepping: 7 microcode: 0x2F
  Topology: cpus: 1x dies: 1 clusters: 4 cores: 4 threads: 8 tpc: 2
    smt: enabled cache: L1: 256 KiB desc: d-4x32 KiB; i-4x32 KiB L2: 1024 KiB
    desc: 4x256 KiB L3: 8 MiB desc: 1x8 MiB
  Speed (MHz): avg: 798 min/max: 800/3400 scaling: driver: intel_cpufreq
    governor: conservative cores: 1: 798 2: 798 3: 798 4: 798 5: 798 6: 798
    7: 798 8: 798 bogomips: 36735
  Flags: acpi aes aperfmperf apic arat arch_perfmon avx bts clflush cmov
    constant_tsc cpuid cx16 cx8 de ds_cpl dtes64 dtherm dts epb ept est
    flexpriority flush_l1d fpu fxsr ht ibpb ibrs ida lahf_lm lm mca mce
    md_clear mmx monitor msr mtrr nonstop_tsc nopl nx pae pat pbe pcid
    pclmulqdq pdcm pebs pge pln pni popcnt pse pse36 pti pts rdtscp rep_good
    sep smx ssbd sse sse2 sse4_1 sse4_2 ssse3 stibp syscall tm tm2 tpr_shadow
    tsc tsc_deadline_timer vme vmx vnmi vpid x2apic xsave xsaveopt xtopology
    xtpr
  Vulnerabilities:
  Type: gather_data_sampling status: Not affected
  Type: indirect_target_selection status: Not affected
  Type: itlb_multihit status: KVM: Split huge pages
  Type: l1tf mitigation: PTE Inversion; VMX: conditional cache flushes, SMT
    vulnerable
  Type: mds mitigation: Clear CPU buffers; SMT vulnerable
  Type: meltdown mitigation: PTI
  Type: mmio_stale_data status: Unknown: No mitigations
  Type: reg_file_data_sampling status: Not affected
  Type: retbleed status: Not affected
  Type: spec_rstack_overflow status: Not affected
  Type: spec_store_bypass mitigation: Speculative Store Bypass disabled via
    prctl
  Type: spectre_v1 mitigation: usercopy/swapgs barriers and __user pointer
    sanitization
  Type: spectre_v2 mitigation: Retpolines; IBPB: conditional; IBRS_FW;
    STIBP: conditional; RSB filling; PBRSB-eIBRS: Not affected; BHI: Not
    affected
  Type: srbds status: Not affected
  Type: tsa status: Not affected
  Type: tsx_async_abort status: Not affected
  Type: vmscape mitigation: IBPB before exit to userspace
Graphics:
  Device-1: NVIDIA GF108GLM [Quadro 1000M] vendor: Hewlett-Packard
    driver: nvidia v: 390.157 alternate: nouveau,nvidia_drm non-free:
    series: 390.xx+ status: legacy (EOL~2022-11-22) last: release: 390.157
    kernel: 6.0 xorg: 1.21 arch: Fermi code: GF1xx process: 40/28nm
    built: 2010-2016 pcie: gen: 2 speed: 5 GT/s lanes: 16 link-max: gen: 1
    speed: 2.5 GT/s ports: active: none off: LVDS-1 empty: DP-1, DP-2, DP-3,
    VGA-1, eDP-1 bus-ID: 01:00.0 chip-ID: 10de:0dfa class-ID: 0300
  Device-2: IMC Networks USB2.0-Camera driver: uvcvideo type: USB rev: 2.0
    speed: 480 Mb/s lanes: 1 mode: 2.0 bus-ID: 3-1.4:5 chip-ID: 13d3:5125
    class-ID: 0e02 serial: <filter>
  Display: x11 server: X.org v: 1.21.1.18 compositor: xfwm4 v: 4.20.0
    driver: X: loaded: nvidia gpu: nvidia display-ID: :0 screens: 1
  Screen-1: 0 s-res: 1920x1080 s-size: <missing: xdpyinfo>
  Monitor-1: LVDS-0 res: mode: 1920x1080 hz: 60 scale: 100% (1) dpi: 142
    size: 344x193mm (13.54x7.6") diag: 394mm (15.53") modes: N/A
  API: EGL v: 1.5 platforms: gbm: drv: kms_swrast
  API: OpenGL v: 4.5 compat-v: 4.6.0 vendor: nvidia mesa v: 390.157
    glx-v: 1.4 direct-render: yes renderer: Quadro 1000M/PCIe/SSE2
    memory: 1.95 GiB
  API: Vulkan Message: No Vulkan data available.
  Info: Tools: api: eglinfo, glxinfo, vulkaninfo de: xfce4-display-settings
    gpu: nvidia-settings,nvidia-smi x11: xprop,xrandr
Audio:
  Device-1: Intel 6 Series/C200 Series Family High Definition Audio
    vendor: Hewlett-Packard driver: snd_hda_intel v: kernel bus-ID: 00:1b.0
    chip-ID: 8086:1c20 class-ID: 0403
  Device-2: NVIDIA GF108 High Definition Audio vendor: Hewlett-Packard
    driver: snd_hda_intel v: kernel pcie: gen: 2 speed: 5 GT/s lanes: 16
    link-max: gen: 1 speed: 2.5 GT/s bus-ID: 01:00.1 chip-ID: 10de:0bea
    class-ID: 0403
  API: ALSA v: k6.12.48-1-MANJARO status: kernel-api with: aoss
    type: oss-emulator tools: alsactl,alsamixer,amixer
  Server-1: sndiod v: N/A status: off tools: aucat,midicat,sndioctl
  Server-2: JACK v: 1.9.22 status: off tools: N/A
  Server-3: PipeWire v: 1.4.8 status: active with: 1: pipewire-pulse
    status: active 2: wireplumber status: active 3: pipewire-alsa type: plugin
    tools: pactl,pw-cat,pw-cli,wpctl
Network:
  Device-1: Intel 82579LM Gigabit Network vendor: Hewlett-Packard
    driver: e1000e v: kernel port: 5020 bus-ID: 00:19.0 chip-ID: 8086:1502
    class-ID: 0200
  IF: enp0s25 state: down mac: <filter>
  Device-2: Intel Centrino Advanced-N 6205 [Taylor Peak] driver: iwlwifi
    v: kernel pcie: gen: 1 speed: 2.5 GT/s lanes: 1 bus-ID: 25:00.0
    chip-ID: 8086:0085 class-ID: 0280
  IF: wlo1 state: up mac: <filter>
  IP v4: <filter> type: dynamic noprefixroute scope: global
    broadcast: <filter>
  IP v6: <filter> type: noprefixroute scope: link
  IF-ID-1: virbr0 state: down mac: <filter>
  IP v4: <filter> scope: global broadcast: <filter>
  Info: services: NetworkManager, systemd-timesyncd, wpa_supplicant
  WAN IP: <filter>
Bluetooth:
  Device-1: HP Broadcom 2070 Bluetooth Combo driver: btusb v: 0.8 type: USB
    rev: 2.0 speed: 12 Mb/s lanes: 1 mode: 1.1 bus-ID: 3-1.6:6
    chip-ID: 03f0:231d class-ID: fe01
  Report: rfkill ID: hci0 rfk-id: 2 state: down bt-service: enabled,running
    rfk-block: hardware: no software: yes address: see --recommends
Logical:
  Message: No logical block device data found.
  Device-1: luks-f0c249b7-26fe-4872-9536-4da23f4b4f98 maj-min: 254:0
    type: LUKS dm: dm-0 size: 111.3 GiB
  Components:
  p-1: sda2 maj-min: 8:2 size: 111.3 GiB
  Device-2: data1 maj-min: 254:1 type: LUKS dm: dm-1 size: 599.98 GiB
  Components:
  p-1: sdb3 maj-min: 8:19 size: 600 GiB
RAID:
  Message: No RAID data found.
Drives:
  Local Storage: total: 1.02 TiB used: 428.75 GiB (41.1%)
  SMART Message: Unable to run smartctl. Root privileges required.
  ID-1: /dev/sda maj-min: 8:0 vendor: Kingston model: SA400S37120G
    size: 111.79 GiB block-size: physical: 512 B logical: 512 B speed: 6.0 Gb/s
    tech: SSD serial: <filter> fw-rev: B1D1 scheme: MBR
  ID-2: /dev/sdb maj-min: 8:16 vendor: HGST (Hitachi) model: HTS541010B7E610
    size: 931.51 GiB block-size: physical: 4096 B logical: 512 B speed: 6.0 Gb/s
    tech: HDD rpm: 5400 serial: <filter> fw-rev: 1A01 scheme: MBR
  Message: No optical or floppy data found.
Partition:
  ID-1: / raw-size: 111.3 GiB size: 108.99 GiB (97.93%)
    used: 24.66 GiB (22.6%) fs: ext4 dev: /dev/dm-0 maj-min: 254:0
    mapped: luks-f0c249b7-26fe-4872-9536-4da23f4b4f98 label: Manjaro
    uuid: 9e2b451e-09b8-4549-aa54-79f35c17e4b3
  ID-2: /boot raw-size: 500 MiB size: 458.3 MiB (91.67%)
    used: 230.4 MiB (50.3%) fs: ext4 dev: /dev/sda1 maj-min: 8:1 label: boot
    uuid: 93ee7a47-4bb9-413d-9064-263725fc0aac
  ID-3: /mnt/data1 raw-size: 599.98 GiB size: 589.5 GiB (98.25%)
    used: 403.86 GiB (68.5%) fs: ext4 dev: /dev/dm-1 maj-min: 254:1
    mapped: data1 label: N/A uuid: N/A
Swap:
  Kernel: swappiness: 60 (default) cache-pressure: 100 (default) zswap: no
  ID-1: swap-1 type: file size: 4 GiB used: 0 KiB (0.0%) priority: -2
    file: /swapfile
Unmounted:
  ID-1: /dev/sdb1 maj-min: 8:17 size: 177.29 GiB fs: ntfs label: Win7
    uuid: 64128B1C128AF27A
  ID-2: /dev/sdb2 maj-min: 8:18 size: 1 KiB fs: <superuser required>
    label: N/A uuid: N/A
  ID-3: /dev/sdb6 maj-min: 8:22 size: 500 MiB fs: ext4 label: N/A
    uuid: d8f8632a-41ed-4c64-a8b0-f85fc59eaeed
USB:
  Hub-1: 1-0:1 info: hi-speed hub with single TT ports: 2 rev: 2.0
    speed: 480 Mb/s (57.2 MiB/s) lanes: 1 mode: 2.0 chip-ID: 1d6b:0002
    class-ID: 0900
  Hub-2: 2-0:1 info: super-speed hub ports: 2 rev: 3.0
    speed: 5 Gb/s (596.0 MiB/s) lanes: 1 mode: 3.2 gen-1x1 chip-ID: 1d6b:0003
    class-ID: 0900
  Hub-3: 3-0:1 info: full speed or root hub ports: 3 rev: 2.0
    speed: 480 Mb/s (57.2 MiB/s) lanes: 1 mode: 2.0 chip-ID: 1d6b:0002
    class-ID: 0900
  Hub-4: 3-1:2 info: Intel Integrated Rate Matching Hub ports: 8 rev: 2.0
    speed: 480 Mb/s (57.2 MiB/s) lanes: 1 mode: 2.0 chip-ID: 8087:0024
    class-ID: 0900
  Device-1: 3-1.1:3 info: Logitech Mouse type: mouse
    driver: hid-generic,usbhid interfaces: 1 rev: 2.0
    speed: 1.5 Mb/s (183 KiB/s) lanes: 1 mode: 1.0 power: 100mA
    chip-ID: 046d:c077 class-ID: 0301
  Device-2: 3-1.4:5 info: IMC Networks USB2.0-Camera type: video
    driver: uvcvideo interfaces: 2 rev: 2.0 speed: 480 Mb/s (57.2 MiB/s)
    lanes: 1 mode: 2.0 power: 500mA chip-ID: 13d3:5125 class-ID: 0e02
    serial: <filter>
  Device-3: 3-1.6:6 info: HP Broadcom 2070 Bluetooth Combo type: bluetooth
    driver: btusb interfaces: 4 rev: 2.0 speed: 12 Mb/s (1.4 MiB/s) lanes: 1
    mode: 1.1 chip-ID: 03f0:231d class-ID: fe01
  Device-4: 3-1.8:7 info: Alcor Micro AU9540 Smartcard Reader
    type: smart card driver: N/A interfaces: 1 rev: 1.1
    speed: 12 Mb/s (1.4 MiB/s) lanes: 1 mode: 1.1 power: 50mA
    chip-ID: 058f:9540 class-ID: 0b00
  Hub-5: 4-0:1 info: full speed or root hub ports: 3 rev: 2.0
    speed: 480 Mb/s (57.2 MiB/s) lanes: 1 mode: 2.0 chip-ID: 1d6b:0002
    class-ID: 0900
  Hub-6: 4-1:2 info: Intel Integrated Rate Matching Hub ports: 6 rev: 2.0
    speed: 480 Mb/s (57.2 MiB/s) lanes: 1 mode: 2.0 chip-ID: 8087:0024
    class-ID: 0900
  Device-1: 4-1.1:3 info: Validity Sensors VFS471 Fingerprint Reader
    type: <vendor specific> driver: N/A interfaces: 1 rev: 1.1
    speed: 12 Mb/s (1.4 MiB/s) lanes: 1 mode: 1.1 power: 100mA
    chip-ID: 138a:003c class-ID: ff00 serial: <filter>
Sensors:
  System Temperatures: cpu: 47.0 C mobo: N/A gpu: nvidia temp: 44 C
  Fan Speeds (rpm): N/A
Repos:
  Packages: pm: pacman pkgs: 1659 libs: 476 tools: octopi,pamac,yay
    pm: flatpak pkgs: 0
  Active pacman repo servers in: /etc/pacman.d/mirrorlist
    1: https://manjaro.ipacct.com/manjaro/stable/$repo/$arch
    2: https://mirrors.dotsrc.org/manjaro/stable/$repo/$arch
    3: https://ftp.rz.tu-bs.de/pub/mirror/manjaro.org/repos/stable/$repo/$arch
    4: https://ct.mirror.garr.it/mirrors/manjaro/stable/$repo/$arch
    5: https://irltoolkit.mm.fcix.net/manjaro/stable/$repo/$arch
    6: https://ziply.mm.fcix.net/manjaro/stable/$repo/$arch
    7: https://manjaro.repo.cure.edu.uy/stable/$repo/$arch
    8: https://linorg.usp.br/manjaro/stable/$repo/$arch
Processes:
  CPU top: 5 of 289
  1: cpu: 300% command: ps pid: 8264 mem: 4.02 MiB (0.0%)
  2: cpu: 8.2% command: firefox pid: 1884 mem: 698.0 MiB (8.8%)
  3: cpu: 5.4% command: firefox pid: 2368 mem: 406.2 MiB (5.1%)
  4: cpu: 3.1% command: firefox pid: 2350 mem: 468.7 MiB (5.9%)
  5: cpu: 2.8% command: Xorg pid: 1544 mem: 132.4 MiB (1.6%)
  Memory top: 5 of 289
  1: mem: 698.0 MiB (8.8%) command: firefox pid: 1884 cpu: 8.2%
  2: mem: 468.7 MiB (5.9%) command: firefox pid: 2350 cpu: 3.1%
  3: mem: 406.2 MiB (5.1%) command: firefox pid: 2368 cpu: 5.4%
  4: mem: 406.0 MiB (5.1%) command: firefox pid: 4416 cpu: 0.9%
  5: mem: 347.0 MiB (4.3%) command: firefox pid: 6962 cpu: 2.4%
Info:
  Processes: 289 Power: uptime: 2h 9m states: freeze,mem,disk suspend: deep
    avail: s2idle wakeups: 1 hibernate: platform avail: shutdown, reboot,
    suspend, test_resume image: 3.05 GiB services: upowerd,xfce4-power-manager
    Init: systemd v: 257 default: graphical tool: systemctl
  Compilers: N/A Shell: Zsh v: 5.9 running-in: xfce4-terminal inxi: 3.3.39
```
2

Be sure you install dnsmasq on the host.

It is listed as an optional dependency for virt-manager libvirt - because it is not strictly required - but if you expect the guest to request a DHCP address - it is needed.

 $ pamac info libvirt

[...]

Optional Dependencies : dmidecode: DMI system info support [Installed]
                        dnsmasq: required for default NAT/DHCP for guests [Installed]

[...]

Therefore - the solution is to sync dnsmasq

sudo pacman -Syu dnsmasq
3

really ? please post the output of

sudo virsh net-list --all

and the output of

groups
4

dnsmasq is installed.

This is the output of sudo virsh net-list --all

Name      State    Autostart   Persistent

default   active   no          yes

…and groups

user sys network power libvirt lp wheel

5

good

Your network is not set to Autostart - is that on purpose?

You can check your network in virt-manager → Edit menu → Connection Details for the QEMU/KVM item.

I have taken many rounds with the configuration.. I had a hard time getting it work - lot of conflicts with remnant NetworkManager configurations - but that was issues local to my system.

If you check the status of libvirtd you should get something like

 $ systemctl status libvirtd
● libvirtd.service - libvirt legacy monolithic daemon
     Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; preset: disabled)
     Active: active (running) since Thu 2025-10-30 06:49:12 CET; 9h ago
 Invocation: fdf8d30121554ac093d7d47ae92d317f
TriggeredBy: ● libvirtd-ro.socket
             ● libvirtd-admin.socket
             ● libvirtd.socket
       Docs: man:libvirtd(8)
             https://libvirt.org/
   Main PID: 1075 (libvirtd)
      Tasks: 23 (limit: 32768)
     Memory: 77.3M (peak: 109.9M)
        CPU: 2.073s
     CGroup: /system.slice/libvirtd.service
             ├─1075 /usr/bin/libvirtd --timeout 120
             ├─1234 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
             └─1235 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper

okt 30 06:49:13 manjaro dnsmasq[1234]: compile time options: IPv6 GNU-getopt DBus no-UBus i18n IDN2 DHCP DHCPv6 no-Lua TFTP conntrack ipset nftset auth DNSSEC loop-detect inotify dumpfile
okt 30 06:49:13 manjaro dnsmasq-dhcp[1234]: DHCP, IP range 192.168.122.2 -- 192.168.122.254, lease time 1h
okt 30 06:49:13 manjaro dnsmasq-dhcp[1234]: DHCP, sockets bound exclusively to interface virbr0
okt 30 06:49:13 manjaro dnsmasq[1234]: reading /etc/resolv.conf
okt 30 06:49:13 manjaro dnsmasq[1234]: using nameserver 172.30.30.2#53
okt 30 06:49:13 manjaro dnsmasq[1234]: read /etc/hosts - 7 names
okt 30 06:49:13 manjaro dnsmasq[1234]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 names
okt 30 06:49:13 manjaro dnsmasq-dhcp[1234]: read /var/lib/libvirt/dnsmasq/default.hostsfile
okt 30 06:49:27 manjaro dnsmasq[1234]: reading /etc/resolv.conf
okt 30 06:49:27 manjaro dnsmasq[1234]: using nameserver 172.30.30.2#53
6

add yourself additional to the groups “kvm” and “libvirt-qemu” and enable the vm-network-autostart with

sudo virsh net-autostart --network default

reboot

1 Like
7

I copied this directly from my site tutorial page so that I would not have to link to an outside source.

To install and configure on any Arch based distro, here are the four easy steps;

  1. Install the required software packages from the terminal.
    sudo pacman -S virt-manager qemu-full vde2 dnsmasq bridge-utils edk2-ovmf
    Note, edk2-ovmf must be installed in order to use UEFI!

  2. Add your current user to the group “libvirt”.
    sudo usermod -G libvirt -a $USER
    Note, “$USER” can be changed to which ever user you want to give access, leaving $USER automatically adds the currently logged in user.

  3. Next you need to start & enable the libvirt service.
    sudo systemctl enable libvirtd.service
    sudo systemctl start libvirtd.service

  4. Autostart Networking
    sudo virsh net-start default
    sudo virsh net-autostart default

1 Like
8

I set defatul network as autostart but this was not a issue.

This is the status of libvirtd:

```
● libvirtd.service - libvirt legacy monolithic daemon
     Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; preset: disabled)
     Active: active (running) since Thu 2025-10-30 17:31:28 EET; 1h 40min ago
 Invocation: 978d2e617d18450aaffa00edd7fb79be
TriggeredBy: ● libvirtd-ro.socket
             ● libvirtd.socket
             ● libvirtd-admin.socket
       Docs: man:libvirtd(8)
             https://libvirt.org/
   Main PID: 10331 (libvirtd)
      Tasks: 23 (limit: 32768)
     Memory: 21.1M (peak: 52.6M)
        CPU: 1.614s
     CGroup: /system.slice/libvirtd.service
             ├─ 9834 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
             ├─ 9835 /usr/bin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/lib/libvirt/libvirt_leaseshelper
             └─10331 /usr/bin/libvirtd --timeout 120

окт 30 17:31:28 hp systemd[1]: Starting libvirt legacy monolithic daemon...
окт 30 17:31:28 hp systemd[1]: Started libvirt legacy monolithic daemon.
окт 30 17:31:28 hp dnsmasq[9834]: read /etc/hosts - 7 names
окт 30 17:31:28 hp dnsmasq[9834]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 names
окт 30 17:31:28 hp dnsmasq-dhcp[9834]: read /var/lib/libvirt/dnsmasq/default.hostsfile
```
9

Another thing to check: you can switch firewall backends (esp. if you use UFW firewall you have to do it)

[teo@teo-lenovo-v15 ~]$ cat /etc/libvirt/network.conf
# Master configuration file for the network driver.
# All settings described here are optional - if omitted, sensible
# defaults are used.

# firewall_backend:
#
#   determines which subsystem to use to setup firewall packet
#   filtering rules for virtual networks.
#
#   Supported settings:
#
#     iptables - use iptables commands to construct the firewall
#     nftables - use nft commands to construct the firewall
#
#   If firewall_backend isn't configured, libvirt will choose the
#   first available backend from the following list:
#
#     [nftables, iptables]
#
#   If no backend is available on the host, then the network driver
#   will fail to start, and an error will be logged.
#
#   (NB: switching from one backend to another while there are active
#   virtual networks *is* supported. The change will take place the
#   next time that libvirtd/virtnetworkd is restarted - all existing
#   virtual networks will have their old firewalls removed, and then
#   reloaded using the new backend.)
#
firewall_backend = "iptables"
10

I disabled gufw firewall and cleared all ip tables rules created by the firewall and after that i started a virtual machine and the machine was able to get ip address and connect to internet. So it seems the problem is with the firewall and iptables rules that it creates. But what firewall rules to create that will prevent connection problems from happening?

11

Either use other firewall (like firewalld), or the old backend (iptables) as in my config above.

nftables and UFW are just not compatible at this time. Maybe in the future a new version of UFW will be released that is compatible, but for now it is what it is.

Reading the monthly announcements is a very good habit by the way, since this issue was in the known issues for the update several months ago.

1 Like
12

Yes, i probably will remove gufw and install firewalld.

13

Are there user friendly gui front ends for iptables, other then gufw and firewalld?

14

I had the same issue yesterday, or prior to that rather…I got it sorted yesterday.
It was the network.conf file as Teo mentioned for me, mine was set to nftables and needed to be switched to iptables.
After doing that restarting the machine all of my VMs got their network functionality back.

1 Like
15

if i don’t want to install firewall what iptables rules i can set that can give me the same level of protection as firewall?

16

When you have to ask the advise is - don’t. Manually fiddling with iptables can cause weird hard-to-diagnose connectivity errors - so don’t.

If you are behind a normal ISP provided router you will be using a NAT network and any modern router will provide a basic firewall with all ports closed.

Thus you will not need a firewall - unless - It is a laptop with active network services e.g. ssh or samba and you are actively using the laptop on untrusted public networks.

In any case firewalld will - in it’s default configuration provide you with absolute lock down - suffice you didn’t enable sshd service.

EDIT:

2025-10-31T16:52:00Z

I grabbed my worklaptop - it has not seen any installation related to libvirt/virt-manager and qemu.

  • installed libvirt, virt-manager, qemu-full and dnsmasw.
  • added myself to libvirt and kvm groups
  • downloaded the latest Manjaro Xfce
  • created a new default VM using the downloaded ISO
  • booted the vm
  • got a message the network is not acativated
  • used the dialog to start and acivate the network
  • vm boot with internet access

So default OOB - the installation work as expected.

In your initial post you explicitly state that you created vm from .qxow2 files.

This makes me assume the vm in question is a preconfigured virtual machine. Have you verified the network settings inside the vm?

17

See the note in section 1.1 of the Arch wiki on libvirt:

libvirt - ArchWiki

Note
If you are using firewalld, as of libvirt 5.1.0 and firewalld 0.7.0 you no longer need to change the firewall backend to iptables. libvirt now installs a zone called ‘libvirt’ in firewalld and manages its required network rules there. See Firewall and network filtering in libvirt.

firewalld uses nftables as it’s default backend
which you will see when you follow that link in the wiki.

1 Like
18

The following script works for me.
Instead of dnsmasq I keep using NetworkManager

Add the script to your .zshrc then run virtManager_UP.

In Virt-Manager, make sure you have added Network-Hardware in virtual hardware details.

script 

virtManager_UP() {
    # Virt-Manager
    # https://wiki.manjaro.org/index.php?title=Virt-manager
    # https://wiki.archlinux.org/title/Libvirt

    debug=off
    # wrapper="paru -S --needed"

    if [[ $debug == "on" ]]; then
        echo "virt-manager --"
    else
        pkg=(
            virt-manager
            qemu-desktop
            libvirt
            edk2-ovmf
            # dnsmasq   #! pi-hole-ftl
            iptables-nft
        )

        sudo pacman -Sy

        for pkg_ in "${pkg[@]}"; do
            sudo pacman -Su --needed "$pkg_"
        done

        if systemctl status libvirtd | grep "inactive" >/dev/null 2>&1; then
            sudo systemctl enable libvirtd.service --now

            sudo usermod -a -G libvirt,libvirt-qemu,kvm "$USER"
        fi

        # Guest auto screen resize:
        # sudo pacman -Syu spice-vdagent
        #  xrandr --output Virtual-1 --auto

        # share Folder
        # https://de.linux-terminal.com/?p=7672
        # sudo mount -t virtiofs <name> <vmFolderPath>

        # Disk resize
        # https://absprog.com/post/qemu-kvm-enlarge-disk
        # sudo qemu-img resize /home/"USER"/.local/share/libvirt/images/manjaro.qcow2 +1G

        # Disk Convert  #todo
        # https://cubiclenate.com/2024/05/30/converting-vdi-to-qcow2-step-by-step-guide-for-virt-manager-migration/

        # status check
        lscpu | grep -i Virtualization
        sudo virt-host-validate qemu
        sudo virsh list --all
    fi
}
19

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.