121 lines
4.5 KiB
Markdown
121 lines
4.5 KiB
Markdown
---
|
|
layout: post
|
|
author: Sam Hadow
|
|
tags: virtualization networking sysadmin
|
|
---
|
|
|
|
On my computer I use archlinux with NetworkManager and QEMU/KVM with virt-manager for virtual machines. In this blog post I'll show you the steps to set up a bridge for the virtual machine. With a bridge on the host instead of the virtual connection NATed to a device, each virtual machine will have its own IP address on the network the host is connected to.
|
|
|
|
## Purpose
|
|
The advantage of having a bridge for the virtual machines is the router sees each virtual machine as a separate machine. Each virtual machine is visible on the LAN and has an independent IP address. It also has the advantage of not requiring any additional configuration on the host firewall, when using a NAT network attached to a device forward rules are required to make it work.
|
|
For example for NATed connections I have the following additional rules in my nftables configuration:
|
|
*note: I purposefully ommited the rest of the configuration and only left the rules for the NAT connection.*
|
|
```bash
|
|
define qemu_bridge_if = "virbr0"
|
|
table inet filter {
|
|
chain input {
|
|
# -------------------------------- qemu
|
|
iifname $qemu_bridge_if accept comment "accept from VM"
|
|
|
|
}
|
|
|
|
chain forward {
|
|
# -------------------------------- qemu
|
|
iifname $qemu_bridge_if accept comment "accept VM interface as input"
|
|
oifname $qemu_bridge_if accept comment "accept VM interface as output"
|
|
}
|
|
chain output {
|
|
}
|
|
}
|
|
|
|
```
|
|
|
|
## Steps
|
|
|
|
### 1. Identify physical NIC:
|
|
|
|
First we have to identify the NIC (Network Interface Card) used by the host to connect to the internet.
|
|
|
|
To do this we can use the command `ip a` and look for the line with the IP address we have on the LAN:
|
|
|
|
Example output:
|
|
*note: I purposefully ommited the other interfaces and anonymized the output*
|
|
```bash
|
|
3: enp4s0f0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
|
|
link/ether aa:bb:cc:dd:ee:ff brd ff:ff:ff:ff:ff:ff
|
|
altname enxAABBCCDDEEFF
|
|
inet 10.0.0.42/24 brd 10.0.0.255 scope global dynamic noprefixroute enp4s0f0
|
|
valid_lft 3600sec preferred_lft 3600sec
|
|
inet6 fd00:dead:beef::1234/64 scope global noprefixroute
|
|
valid_lft forever preferred_lft forever
|
|
inet6 fe80::abcd:ef12:3456:789a/64 scope link noprefixroute
|
|
valid_lft forever preferred_lft forever
|
|
```
|
|
The interesting information for us here is the interface name: `enp4s0f0`
|
|
|
|
### 2. Create the bridge
|
|
|
|
Once we have identified the interface we can proceeed with the bridge creation.
|
|
|
|
First creating the bridge:
|
|
*note: here it's named br0, but name it how you prefer*
|
|
```bash
|
|
sudo nmcli connection add type bridge ifname br0 con-name br0
|
|
```
|
|
Then attach the bridge to the interface:
|
|
```bash
|
|
sudo nmcli connection add type ethernet ifname enp4s0f0 master br0 con-name br0-enp4s0f0
|
|
```
|
|
Then move the IP configuration to the bridge:
|
|
```bash
|
|
sudo nmcli connection modify br0 ipv4.method auto ipv6.method auto
|
|
sudo nmcli connection modify br0-enp4s0f0 ipv4.method disabled ipv6.method ignore
|
|
```
|
|
|
|
|
|
With
|
|
```bash
|
|
$ nmcli connection show
|
|
```
|
|
You should see something like:
|
|
```bash
|
|
NAME UUID TYPE DEVICE
|
|
Wired connection 1 a1b2c3d4-e5f6-4a7b-8c9d-0e1f2a3b4c5d ethernet enp4s0f0
|
|
br0 f0e9d8c7-b6a5-4987-9abc-1234567890a9 bridge br0
|
|
```
|
|
You can disable the old connection:
|
|
```bash
|
|
sudo nmcli connection down "Wired connection 1"
|
|
```
|
|
And optionally delete it:
|
|
```bash
|
|
sudo nmcli connection delete "Wired connection 1"
|
|
```
|
|
|
|
After that bring up the bridge:
|
|
```bash
|
|
sudo nmcli connection up br0
|
|
```
|
|
|
|
|
|
Then with
|
|
```bash
|
|
ip a show br0 | grep "inet "
|
|
```
|
|
You should see something like:
|
|
```bash
|
|
inet 10.0.0.125/24 brd 10.0.0.255 scope global dynamic noprefixroute br0
|
|
```
|
|
And `enp4s0f0` should no longer have an IP address.
|
|
|
|
#### note:
|
|
If you have an IP address reservation in your router using the MAC address from your NIC, you should now replace it with the MAC address from br0. The virtual machines will still appear as different machines and get their IP address with the DHCP.
|
|
|
|
### 3. Creating virtual machines
|
|
|
|
Then with virt-manager when creating virtual machines, skip the network configuration and don't add a virtual network, instead in the virtual machine informations, add new hardware, go to network and select bridged device (here the device name will be `br0`).
|
|
|
|
|
|
|
|
|