I'm trying to install a Debian KVM virtual machine on a Debian server. The virt-install command starts the GUI, but it stops at the Configure Package Manager step.
I already have some VMs installed, and what I noticed is that the command apt update will fail because of some networking/firewall problem:
Err:1 http://ftp.de.debian.org/debian buster InRelease
Could not connect to ftp.de.debian.org:80 (141.76.2.4). - connect (113: No route to host)
Err:2 http://ftp.de.debian.org/debian buster-updates InRelease
Unable to connect to ftp.de.debian.org:http:
Err:3 http://security.debian.org/debian-security buster/updates InRelease
Could not connect to debian.map.fastlydns.net:80 (199.232.138.132). - connect (113: No route to host) Could not connect to security.debian.org:80 (151.101.130.132). - connect (113: No route to host) Could not connect to security.debian.org:80 (151.101.194.132). - connect (113: No route to host) Could not connect to security.debian.org:80 (151.101.2.132). - connect (113: No route to host) Could not connect to security.debian.org:80 (151.101.66.132). - connect (113: No route to host)
Reading package lists... Done
Building dependency tree
Reading state information... Done
26 packages can be upgraded. Run 'apt list --upgradable' to see them.
W: Failed to fetch http://ftp.de.debian.org/debian/dists/buster/InRelease Could not connect to ftp.de.debian.org:80 (141.76.2.4). - connect (113: No route to host)
W: Failed to fetch http://security.debian.org/debian-security/dists/buster/updates/InRelease Could not connect to debian.map.fastlydns.net:80 (199.232.138.132). - connect (113: No route to host) Could not connect to security.debian.org:80 (151.101.130.132). - connect (113: No route to host) Could not connect to security.debian.org:80 (151.101.194.132). - connect (113: No route to host) Could not connect to security.debian.org:80 (151.101.2.132). - connect (113: No route to host) Could not connect to security.debian.org:80 (151.101.66.132). - connect (113: No route to host)
W: Failed to fetch http://ftp.de.debian.org/debian/dists/buster-updates/InRelease Unable to connect to ftp.de.debian.org:http:
W: Some index files failed to download. They have been ignored, or old ones used instead.
The name can be resolved from other VMs:
$ host ftp.de.debian.org
ftp.de.debian.org has address 141.76.2.4
It can be pinged from other VMs:
$ ping ftp.de.debian.org
PING ftp.de.debian.org (141.76.2.4) 56(84) bytes of data.
64 bytes from debian.inf.tu-dresden.de (141.76.2.4): icmp_seq=1 ttl=54 time=19.5 ms
...
--- ftp.de.debian.org ping statistics ---
2 packets transmitted, 2 received, 0% packet loss, time 3ms
rtt min/avg/max/mdev = 19.520/19.656/19.792/0.136 ms
Can't telnet:
$ telnet ftp.de.debian.org 80
Trying 141.76.2.4...
^C
I use the default NAT-ed networking and I read the libvirt docs, but it did really help.
Iptables looks like this:
# sudo iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
...
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
...
RETURN all -- 192.168.122.0/24 base-address.mcast.net/24
RETURN all -- 192.168.122.0/24 255.255.255.255
MASQUERADE all -- 192.168.122.0/24 !192.168.122.0/24
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Do you have any idea, what could be wrong with this iptables setup? If it's not the iptables, what tests could I make to narrow down the state space? Any help or pointing me to the right direction would be highly appreciated.
p.s. I also tried using apt-get with forced ipv4, did not help.
