how to setup virtmanager/kvm only using Host VPN
by KahemameHa from LinuxQuestions.org on (#5F1MD)
Hello first of sorry if my english isnt optimal, I just hope you understand me and can help me with my problem to solve.
I have installed openvpn with killswitch with IPTables on my hostsystem and it works very fine, when the vpn disconnects there is no connection at all besides local connections. So until here everything is fine.
Now the most work I do is from my virtual machine using kvm over virt-manager.
Now when I start a virtual machine inside kvm/virtmanager everything works like it should all connections go through the host vpn tunnel, but unfortunately the killswitch doesnt work, if the vpn disconnects or anything the connection from the virtual machine goes directly to my router and just bridges the openvpn tunnel (I use NAT) So my real IP gets exposed. I dont know where to start to fix this, every hint or help will be appreciated. If you need screens or logs or whatever just ask I will provide anything what is needed, hope you guys can help.
unfortunately Im not a pro at iptables, its a new chapter for me.
My rules are folows
# flush
sudo iptables --flush
sudo iptables --delete-chain
# Drop
sudo iptables -P OUTPUT DROP
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
# Loopback
sudo iptables -A OUTPUT -j ACCEPT -o lo
sudo iptables -A INPUT -j ACCEPT -i lo
# openvpn through UDP
sudo iptables -A OUTPUT -j ACCEPT -o eth0 -p udp -m udp -m multiport --dports 1189,1190 -m state --state NEW,ESTABLISHED,RELATED
sudo iptables -A INPUT -j ACCEPT -i eth0 -p udp -m udp -m multiport --sports 1189,1190 -m state --state ESTABLISHED,RELATED
sudo iptables -A OUTPUT -j ACCEPT -o tun0
sudo iptables -A INPUT -j ACCEPT -i tun0
# private network
sudo iptables -A OUTPUT -j ACCEPT --dst 192.168.1.0/24
sudo iptables -A INPUT -j ACCEPT --src 192.168.1.0/24
#finish
ip6tables everything is on drop
thats for the general killswitch, so how and what and where can I look how to setup a killswitch for the vm/kvm
I have installed openvpn with killswitch with IPTables on my hostsystem and it works very fine, when the vpn disconnects there is no connection at all besides local connections. So until here everything is fine.
Now the most work I do is from my virtual machine using kvm over virt-manager.
Now when I start a virtual machine inside kvm/virtmanager everything works like it should all connections go through the host vpn tunnel, but unfortunately the killswitch doesnt work, if the vpn disconnects or anything the connection from the virtual machine goes directly to my router and just bridges the openvpn tunnel (I use NAT) So my real IP gets exposed. I dont know where to start to fix this, every hint or help will be appreciated. If you need screens or logs or whatever just ask I will provide anything what is needed, hope you guys can help.
unfortunately Im not a pro at iptables, its a new chapter for me.
My rules are folows
# flush
sudo iptables --flush
sudo iptables --delete-chain
# Drop
sudo iptables -P OUTPUT DROP
sudo iptables -P INPUT DROP
sudo iptables -P FORWARD DROP
# Loopback
sudo iptables -A OUTPUT -j ACCEPT -o lo
sudo iptables -A INPUT -j ACCEPT -i lo
# openvpn through UDP
sudo iptables -A OUTPUT -j ACCEPT -o eth0 -p udp -m udp -m multiport --dports 1189,1190 -m state --state NEW,ESTABLISHED,RELATED
sudo iptables -A INPUT -j ACCEPT -i eth0 -p udp -m udp -m multiport --sports 1189,1190 -m state --state ESTABLISHED,RELATED
sudo iptables -A OUTPUT -j ACCEPT -o tun0
sudo iptables -A INPUT -j ACCEPT -i tun0
# private network
sudo iptables -A OUTPUT -j ACCEPT --dst 192.168.1.0/24
sudo iptables -A INPUT -j ACCEPT --src 192.168.1.0/24
#finish
ip6tables everything is on drop
thats for the general killswitch, so how and what and where can I look how to setup a killswitch for the vm/kvm