From mboxrd@z Thu Jan 1 00:00:00 1970 Authentication-Results: passt.top; dmarc=none (p=none dis=none) header.from=gibson.dropbear.id.au Authentication-Results: passt.top; dkim=pass (2048-bit key; secure) header.d=gibson.dropbear.id.au header.i=@gibson.dropbear.id.au header.a=rsa-sha256 header.s=202510 header.b=afryKbME; dkim-atps=neutral Received: from mail.ozlabs.org (mail.ozlabs.org [IPv6:2404:9400:2221:ea00::3]) by passt.top (Postfix) with ESMTPS id 9668C5A08B5 for ; Mon, 10 Nov 2025 07:16:19 +0100 (CET) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gibson.dropbear.id.au; s=202510; t=1762755377; bh=viseA1lQqz0y9meEATEuFGy3vqyg1KE8/kMbAKRbeSo=; h=Date:From:To:Cc:Subject:References:In-Reply-To:From; b=afryKbMEQPrAOBTCESc9Tc7B7BaMmY2ekowKpDaI1uQJ6cXH5V4WBQwrm3CPfzqwZ bQacJmeyswK8NkeA49jRCJgtum9X9RmzcfCrLZlifxhwAnwcxoNEI7FTNza97zY5SA /lXTnW6d2s9argdc+2DjCGwh8AJGRmCfjBaWQJS3yc3GbdKldM2RTn5bGc6HY7Om0U hRZxIdtaGP6qHDGJzk6gllVbZ/rbC0kxzamtnvxJc/L2V/9Di/iugUyYpQYlqoSYn0 m+6qMyq/mAvh2D1yUFZp8Aqp+NIEWYk7qy2x58LsPOT8Cs1MwRrRFnde34rn2nUev4 h2fSBcrOd8PgQ== Received: by gandalf.ozlabs.org (Postfix, from userid 1007) id 4d4fYs2506z4w9Z; Mon, 10 Nov 2025 17:16:17 +1100 (AEDT) Date: Mon, 10 Nov 2025 17:13:21 +1100 From: David Gibson To: James Sinton Subject: Re: Port Forwarding between host-guest via passt using QEMU-libvirt Message-ID: References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="2mM2pD7yzVstEYML" Content-Disposition: inline In-Reply-To: Message-ID-Hash: KODJPLDVZGDIPV5VRHIZWBQ3IM3XPMD3 X-Message-ID-Hash: KODJPLDVZGDIPV5VRHIZWBQ3IM3XPMD3 X-MailFrom: dgibson@gandalf.ozlabs.org X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header CC: passt-user@passt.top X-Mailman-Version: 3.3.8 Precedence: list List-Id: "For passt users: support, questions and answers" Archived-At: Archived-At: List-Archive: List-Archive: List-Help: List-Owner: List-Post: List-Subscribe: List-Unsubscribe: --2mM2pD7yzVstEYML Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Wed, Nov 05, 2025 at 11:58:52PM -0600, James Sinton wrote: > Hi David, >=20 > Thank you for getting back to me. I have been trying to rehash some of the > Arch documentation (https://wiki.archlinux.org/title/Libvirt), and I work= ed > through parts of this tutorial for WinApps as another resource for > configuring libvirt to run a Windows guest on a Linux host: >=20 > https://github.com/winapps-org/winapps/blob/main/docs/libvirt.md >=20 > I think I found that the services for the libvirt daemon were not enabled. > I also double checked that the user on the host has been added to the > libvirt group. >=20 > One tidbit is that the host is connected to the internet via WiFi (wlp6s0= ), > hence, the motivation to use passt in userspace mode. I'm not really sure why wifi motivates passt particularly, but that's not really relevant either. > A couple of easy bits of information which might help: > 1. What's the passt version? (`passt --version` on the host) >=20 > passt 2025_09_11.6cbcccc Ta. > 2. What's the IP configuration within the Windows guest? >=20 > The windows guest: >=20 > Aggregated link speed (Receive/Transmit): 10/10 (Gbps) > IPv6 address: fdac:14bf:9c6f:942d:d4:e913:5731:9d0a This address doesn't match the host, which is unexpected. That suggests that Windows is using SLAAC prefix discovery, but not using DHCPv6 to get the correct exact address. Since your ssh is specifically using IPv4 addresses, this oddity is unlikely to be related to the problem. > Link-local IPv6 address: fe80::5374:1174:7d88:4c94%12 > IPv6 default gateway: fe80::11a9:af53:4e56:ea79%12 > IPv4 address: 10.0.1.205 > IPv4 DNS servers: 10.0.1.1 (Unencrypted) > 8.8.8.8 (Unencrypted) > Manufacturer: Red Hat, Inc. > Description: Red Hat VirtIO Ethernet Adapter > Driver version: 100.101.104.28500 > Physical address (MAC): 52:54:00:23:01:04 >=20 > Notice that it matches wlp6s0 below due to the userspace mode config. Right, making the guest match the host interface configuration is passt default behaviour. > 3. What's the IP configuration on the host? (`ip addr show` and `ip rou= te > show`) >=20 > FYI, I have some docker containers running on the host as well. virbr0 is > part of the virsh net. But in userspace mode with port forwarding, I > shouldn't need an active bridge network for host-guest communication, > correct? Correct. > $ ip addr show > 1: lo: mtu 65536 qdisc noqueue state UNKNOWN group > default qlen 1000 > link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 > inet 127.0.0.1/8 scope host lo > valid_lft forever preferred_lft forever > inet6 ::1/128 scope host noprefixroute > valid_lft forever preferred_lft forever > 2: enp7s0: mtu 1500 qdisc mq state DO= WN > group default qlen 1000 > link/ether 24:4b:fe:8e:01:eb brd ff:ff:ff:ff:ff:ff > altname enx244bfe8e01eb > 3: wlp6s0: mtu 1500 qdisc noqueue state > UP group default qlen 1000 > link/ether 8c:c6:81:ce:46:0e brd ff:ff:ff:ff:ff:ff > altname wlx8cc681ce460e > inet 10.0.1.205/24 brd 10.0.1.255 scope global noprefixroute wlp6s0 > valid_lft forever preferred_lft forever > inet6 fdac:14bf:9c6f:942d:2d42:74ac:5a3:58cd/64 scope global dynamic > noprefixroute > valid_lft 1726sec preferred_lft 1726sec > inet6 fe80::11a9:af53:4e56:ea79/64 scope link noprefixroute > valid_lft forever preferred_lft forever Nothing too odd here that I can spot. [snip] > $ ip route show > default via 10.0.1.1 dev wlp6s0 proto static metric 600 > 10.0.1.0/24 dev wlp6s0 proto kernel scope link src 10.0.1.205 metric 600 > 172.16.0.0/16 dev br-00cee4dd5f5b proto kernel scope link src 172.16.0.1 > 172.17.0.0/16 dev docker0 proto kernel scope link src 172.17.0.1 linkdown > 172.18.0.0/16 dev br-3d69e1e5d7f4 proto kernel scope link src 172.18.0.1 > 172.19.0.0/16 dev br-48249c6f88eb proto kernel scope link src 172.19.0.1 > 192.168.100.0/24 dev virbr0 proto kernel scope link src 192.168.100.1 > linkdown Nor here. > 4. What's the output from `ssh -v` >=20 > $ ssh -vp 8022 127.0.0.1 > debug1: OpenSSH_10.0p2, OpenSSL 3.5.3 16 Sep 2025 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Reading configuration data > /etc/ssh/ssh_config.d/20-systemd-ssh-proxy.conf > debug1: Reading configuration data > /etc/ssh/ssh_config.d/30-libvirt-ssh-proxy.conf > debug1: Connecting to 127.0.0.1 [127.0.0.1] port 8022. > debug1: Connection established. > debug1: identity file > . . . > debug1: identity file > debug1: Local version string SSH-2.0-OpenSSH_10.0 > kex_exchange_identification: read: Connection reset by peer > Connection reset by 127.0.0.1 port 8022 That's consistent with passt accepting the connection, not managing to contact the guest and so resetting. That's what I expected, but it's useful to confirm. Unfortunately, I have no guesses based on the above information; we're going to need debug logs and/or packet captures. More information on that in reply to Stefano's follow up. > On Wed, Nov 5, 2025 at 7:11=E2=80=AFPM David Gibson > wrote: >=20 > > On Sun, Oct 26, 2025 at 02:47:19PM -0500, James Sinton wrote: > > > Hi All, > > > > > > I'm having trouble getting host-to-guest port forwarding to work via > > passt > > > for a userspace connection: > > > > > > Please see my post on Superuser for more details: > > > > > > https://superuser.com/q/1927306/3115375?sem=3D2 > > > > Sorry it's taken me a while to look at this. > > > > It looks like passt is accepting the ssh connection, but unable to > > itself connect to the guest. Unfortunately there aren't really any > > clues as to why, so far. > > > > A couple of easy bits of information which might help: > > 1. What's the passt version? (`passt --version` on the host) > > 2. What's the IP configuration within the Windows guest? > > 3. What's the IP configuration on the host? (`ip addr show` and `ip > > route show`) > > 4. What's the output from `ssh -v` > > > > That information might supply some clues, but it's pretty likely we'll > > need debugging or packet capture output from passt to work this out. > > Unfortunately, that's a bit trickier than it should be because libvirt > > doesn't (yet) have the ability to pass the necessary options to passt. > > Let's start with the information above, then we can work out the steps > > to get more detailed debugging information if we need it. > > > > -- > > David Gibson (he or they) | I'll have my music baroque, and my co= de > > david AT gibson.dropbear.id.au | minimalist, thank you, not the other = way > > | around. > > http://www.ozlabs.org/~dgibson > > > _______________________________________________ > user mailing list -- passt-user@passt.top > To unsubscribe send an email to passt-user-leave@passt.top --=20 David Gibson (he or they) | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you, not the other way | around. http://www.ozlabs.org/~dgibson --2mM2pD7yzVstEYML Content-Type: application/pgp-signature; name=signature.asc -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEO+dNsU4E3yXUXRK2zQJF27ox2GcFAmkRgoAACgkQzQJF27ox 2GcnJg/8CZV5Vb6WHBAnOk1b7lYaZoi3KRgHeLt/0pNSVJdKJrpzfgKi3jgz/OqI vOeL782xR6gkQUC5pp2jDgBDFfa8SlzwERaovLfj6xUgJy3YdaWkbR0kWUwOFrzN feIKry0srHPqGTZidpfjqXzN4tkKTRXOA2ODA8IME5LLlLB0Di0IrmNtabttosgI zzeghs2NHnsL4LpMP5U+bKZNldoQjrP8/Qds2hwi0edhaKhYKChQGF8hrX4KKce1 79L/Y7CRuSa4e93YuOJ9uWdj/LMrRYjdr5AdFZKenBoba0bv25UXet8O21HnyaWk P/IjJc6H7ccbFrQ7AH/QX113lXbXk8QBizPYfjPnxBYwonaZs0eTzsQJZxeyYZ9n SSu+12yM/bOb2JCUxqYfC7kIWwVb7Gf+2/rMRlb0HX8X7mvvrHs+X0JvDdbBP6++ FLK7ijUEyb1fVfO0FEY4dpstmWj+5+CuKneehK1/92BHCWLQGP5/HX5EC+3HI3fe HfdUL0IhUwSVF570bfZTLyPJSyg3lkUjrwMUKlsBm2TSyn86XlCMpPfrhw1fsMhH vQhyu60EqfF/Rv8QGExBgJ4wGt8zjBZggNRExqhJc1EKaNkxFTOD1wLslpSLrbCn n4zX7HgdXsNaO1+UWc+RiDmX0EapktaDBHLXrVkx5V98e91xuX4= =mAdT -----END PGP SIGNATURE----- --2mM2pD7yzVstEYML--