I have on the host machine two network interfaces. One is lan and the other is a wlan. For libvirt I have created a nat network which is bound to the wlan. From the guest I can access other machines in the network host wlan is connected to. Also DNS lookup works. The problem is that there's no connection to the internet at all, e.g. pinging something gives "Destination network unreachable". This only happens when both network connection on the host are active. Running qemu/libvirt on OpenSuse Tumbleweed.
This only happens when both network connection on the host are active.
I'm not a networking expert by any means but this seems like a pretty strong hint that it's a routing issue.
Check the routing tables on the host? I'd bet that the internet is only reachable on the LAN interface (again, not an expert but one of them has to take priority, right?). I'm guessing that disconnecting the LAN interface changes the routing to go through the WLAN interface instead.
Your routing table on the host changes when you have both networks active because the OS is preferring the NIC I'm guessing. You're using a static config for only one interface here.
Either switch to a static setup for NIC and Wlan, or create two interfaces for the VM that cover both host interfaces. A simpler setup would be host networking (macvtap) vs a bridged nat with only one path.
This sounds reasonable. Curiously now that I tried again with both host lan & wlan active there was no problem. I have a hunch the routing depends on which interface networkmanger starts first.
$route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default 192.168.102.1 0.0.0.0 UG 600 0 0 wlp19s0f4u1u1
default RT-AC86U-6D60 0.0.0.0 UG 20100 0 0 enp15s0
192.168.2.0 0.0.0.0 255.255.255.0 U 100 0 0 enp15s0
192.168.100.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr1
192.168.102.0 0.0.0.0 255.255.255.0 U 600 0 0 wlp19s0f4u1u1
192.168.122.0 0.0.0.0 255.255.255.0 U 0 0 0 virbr0_
This is not great practice. You should get a dedicated Ethernet card for wlan and then block list the device on the host. The way your doing it is a little more complicated and is a security risk if the VM stops running for some reason.
I'm guessing either firewall rules or routing rules are messing up the VM's internet connection. I don't think there's anything wrong with the VM itself.
If your PC is trying to route every connection to the internet over the ethernet port but your VM is exclusive to the Wi-Fi, this could be a problem. This depends on your host network setup, as Linux is quite capable of having multiple routes to the same origin.
There's one other theoretical issue I can think of, which is the MTU being too high on the VM side. If the host has an MTU of 1450 and the VM takes an MTU of 1500, packets will be fragmented and many internet services/boxes will not do IP reassembly (as it makes defence against DDoS and other cyber attacks more difficult). In theory MTU path discovery should detect and fix this, but sometimes I find it necessary to manually lower the MTU, especially when things like VPN tunnels are involved.