virtualization and firestarter

Mike Lovell mike at
Wed Sep 16 23:44:43 MDT 2009

On 9/16/2009 4:21 PM, Charles Curley wrote:
> I use Ubuntu 9.04 and virt-manager-0.6.1-1ubuntu4--i386 to run
> virtual machines using kvm and ubuntu 9.10 alpha 5 and finix 93. I have
> both virtual machines running nicely, with one exception. If I have
> firestarter's firewall running, the VMs cannot get DHCP offers. I can
> run "dhclient eth0" manually, and see the dhcp discover packets logged
> to the console. If I then remove all the firewalling (ctl-p in the
> firestarter GUI), the VM immediately gets an offer. Internet connection
> sharing is enabled. I have tried adding a rule to admit packets on the
> two DHCP ports for network, but that has not worked.
> I use firestarter on other machines on my network, two of which are
> DHCP servers for the network. The main difference between those and the
> VMs is that they operate DHCP over eth0, and the VMs use a virtual
> network. The host sees that network on device virbr0.
i'm pretty sure you don't have enough open on the firewall. i haven't 
ever used firestarter or tried to do filtering on the bridge interfaces 
like this. but i think you need to open some more ports. you will 
probably need to allow udp 67 and 68 on both the network you are using 
and to the DHCPDISCOVER is going to go to, but iirc, some of the remaining packets might go to 
hosts on your network. is the console logging any other packets that it 
drops or rejects?


More information about the PLUG mailing list