Network info shows `host_internet: false` & `supervisor_internet: false`

I am aware that this problem is common and that there have been made plenty of posts around this topic, but unfortunately I have not been able to resolve the issue on my end.

For context, I run Home Assistant using Virtual Machine Manager on Ubuntu on a mini-PC. The network source of the virtual machine is NAT. I run the add-on Nginx Proxy Manager (not to be confused with NGINX Home Assistant SSL proxy) in combination with DuckDNS to make my instance externally available.

ha network info shows the following output:

docker:
  address: 172.30.32.0/23
  dns: 172.30.32.3
  gateway: 172.30.32.1
  interface: hassio
host_internet: false
interfaces:
- connected: true
  enabled: true
  interface: enp0s3
  ipv4:
    address:
    - 192.168.122.29/24
    gateway: 192.168.122.1
    method: static
    nameservers:
    - 8.8.8.8
    ready: true
  ipv6:
    address:
    - fe80::8b7b:39e5:ae72:6fc8/64
    gateway: null
    method: auto
    nameservers: []
    ready: false
  primary: true
  type: ethernet
  vlan: null
  wifi: null
supervisor_internet: false

Make particular note of supervisor_internet: false and host_internet: false. I have tried several different http configurations in configuration.yaml, but to no availability. At the moment it is:

http:
  use_x_forwarded_for: true
  trusted_proxies:
    - 172.30.33.4

homeassistant:
  external_url: https://REDACTED.duckdns.org:443
  internal_url: http://192.168.122.29:8123

Additionally I changed the IPv4 DNS to 8.8.8.8 in Settings → System → Network → IPv4.

I hope someone is able to help me out here.

Thijmen.

EDIT: to add some more context, I have also added the following iptables rules:

sudo iptables -I FORWARD -o virbr0 -d  192.168.122.29 -j ACCEPT &&
sudo iptables -t nat -I PREROUTING -p tcp --dport 80 -j DNAT --to 192.168.122.29:80 &&
sudo iptables -t nat -I PREROUTING -p tcp --dport 443 -j DNAT --to 192.168.122.29:443 &&
sudo iptables -t nat -I PREROUTING -p tcp --dport 1883 -j DNAT --to 192.168.122.29:1883 &&
sudo iptables -t nat -I PREROUTING -p tcp --dport 1884 -j DNAT --to 192.168.122.29:1884 &&
sudo iptables -t nat -I PREROUTING -p tcp --dport 8883 -j DNAT --to 192.168.122.29:8883 &&
sudo iptables -t nat -I PREROUTING -p tcp --dport 8884 -j DNAT --to 192.168.122.29:8884 &&
sudo iptables -t nat -I PREROUTING -p tcp --dport 81 -j DNAT --to 192.168.122.29:81 &&
sudo iptables -t nat -I PREROUTING -p tcp --dport 445 -j DNAT --to 192.168.122.29:445 &&
sudo iptables -t nat -I PREROUTING -p tcp --dport 8123 -j DNAT --to 192.168.122.29:8123

Running ifconfig on my mini-PC:

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.178.22  netmask 255.255.255.0  broadcast 192.168.178.255
        inet6 fe80::6188:a20e:de5f:7078  prefixlen 64  scopeid 0x20<link>
        ether 40:8d:5c:33:bd:e2  txqueuelen 1000  (Ethernet)
        RX packets 303428  bytes 75646398 (75.6 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 380877  bytes 99827121 (99.8 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 562481  bytes 117523784 (117.5 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 562481  bytes 117523784 (117.5 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

virbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.122.1  netmask 255.255.255.0  broadcast 192.168.122.255
        ether 52:54:00:bd:9c:86  txqueuelen 1000  (Ethernet)
        RX packets 54105  bytes 18674964 (18.6 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 49560  bytes 9703399 (9.7 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet6 fe80::fc54:ff:fee5:3125  prefixlen 64  scopeid 0x20<link>
        ether fe:54:00:e5:31:25  txqueuelen 1000  (Ethernet)
        RX packets 40312  bytes 12119992 (12.1 MB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 52635  bytes 9349166 (9.3 MB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

Running ifconfig in the HA CLI:

eth0      Link encap:Ethernet  HWaddr 02:42:AC:1E:21:02
          inet addr:172.30.33.2  Bcast:172.30.33.255  Mask:255.255.254.0
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:962 errors:0 dropped:0 overruns:0 frame:0
          TX packets:656 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:129298 (126.2 KiB)  TX bytes:87518 (85.4 KiB)

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:4 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:268 (268.0 B)  TX bytes:268 (268.0 B)

I think it might have something to do with vibr0 not having access to the internet.

I have managed to fix the host_internet & supervisor_internet is false issue by removing all of the before mentioned iptable rules. Consequently the VM that runs HA is now not accessible on my local network. Does anyone know how I can either put the VM on my local network or how I can pass requests to the NUC to my VM (for a given subset of ports like 8123, 80, etc.).

Managed to resolve the issue. Knew it had something to do with my iptables configuration, though for the life of me I couldn’t figure out what was going wrong. Everything worked except for the supervisor and host internet… but I got there in the end!

The following iptables configuration resolved all problems:

sudo iptables -t nat -I PREROUTING -p tcp -d 192.168.178.22 --dport 8123 -j DNAT --to-destination 192.168.122.29:8123 &&
sudo iptables -t nat -I PREROUTING -p tcp -d 192.168.178.22 --dport 80 -j DNAT --to-destination 192.168.122.29:8123 &&
sudo iptables -t nat -I PREROUTING -p tcp -d 192.168.178.22 --dport 443 -j DNAT --to-destination 192.168.122.29:443 &&
sudo iptables -t nat -I PREROUTING -p tcp -d 192.168.178.22 --dport 1883 -j DNAT --to-destination 192.168.122.29:1883 &&
sudo iptables -t nat -I PREROUTING -p tcp -d 192.168.178.22 --dport 1884 -j DNAT --to-destination 192.168.122.29:1884 &&
sudo iptables -t nat -I PREROUTING -p tcp -d 192.168.178.22 --dport 8883 -j DNAT --to-destination 192.168.122.29:8883 &&
sudo iptables -t nat -I PREROUTING -p tcp -d 192.168.178.22 --dport 8884 -j DNAT --to-destination 192.168.122.29:8884 &&
sudo iptables -t nat -I PREROUTING -p tcp -d 192.168.178.22 --dport 81 -j DNAT --to-destination 192.168.122.29:81 &&
sudo iptables -t nat -I PREROUTING -p tcp -d 192.168.178.22 --dport 445 -j DNAT --to-destination 192.168.122.29:445 &&
sudo iptables -t nat -I PREROUTING -p tcp -d 192.168.178.22 --dport 4357 -j DNAT --to-destination 192.168.122.29:4357
sudo iptables -I FORWARD -m state -d 192.168.122.0/24 --state NEW,RELATED,ESTABLISHED -j ACCEPT

As a bonus, here some stuff to keep in mind if you have a similar problem:

1. If you work with iptables, make sure you understand how they work. This is a good start.
2. The iptables you append do not automatically persist on boot. For this, use iptables-save. Make sure to read the manual, because contrary what you would expect from the name the command does not actually save your iptables configuration. It merely prints to your terminal. If you want to save your configuration, use sudo /sbin/iptables-save > /etc/iptables/rules.v4.
3. libvirt adds iptables entries when the process start. Make sure to add your rules after the process has started to avoid weird conflicts.

Hey! I know this is way later, I think I ran wire gaurd which might cause the some issues.
How do I know what rules should I add or remove? And was your issue that it won’t access the internet, but works locally?