Cfxtrjtrk

Question

I just installed KVM on my Ubuntu Server according to this guide : https://help.ubuntu.com/community/KVM/Installation

Then prepared a bridged network as shown in here : https://help.ubuntu.com/community/KVM/Networking

Then, I created a virtual machine with virt-manager. I tried several times but the guest fails to connect to the network! Any help?

ifconfig :

      br0       Link encap:Ethernet  HWaddr d0:27:88:b0:e4:38  

                inet addr:192.168.20.100  Bcast:192.168.20.255  Mask:255.255.255.0

                inet6 addr: fe80::d227:88ff:feb0:e438/64 Scope:Link

                UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

                RX packets:62 errors:0 dropped:0 overruns:0 frame:0

                TX packets:62 errors:0 dropped:0 overruns:0 carrier:0

                collisions:0 txqueuelen:0 

                RX bytes:10493 (10.4 KB)  TX bytes:8433 (8.4 KB)



      eth0      Link encap:Ethernet  HWaddr d0:27:88:b0:e4:38  

                UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

                RX packets:62 errors:0 dropped:0 overruns:0 frame:0

                TX packets:63 errors:0 dropped:0 overruns:0 carrier:0

                collisions:0 txqueuelen:1000 

                RX bytes:11361 (11.3 KB)  TX bytes:8479 (8.4 KB)

                Interrupt:41 



      lo        Link encap:Local Loopback  

                inet addr:127.0.0.1  Mask:255.0.0.0

                inet6 addr: ::1/128 Scope:Host

                UP LOOPBACK RUNNING  MTU:16436  Metric:1

                RX packets:0 errors:0 dropped:0 overruns:0 frame:0

                TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

                collisions:0 txqueuelen:0 

                RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)



      virbr0    Link encap:Ethernet  HWaddr 5a:8c:57:95:af:3b  

                inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0

                UP BROADCAST MULTICAST  MTU:1500  Metric:1

                RX packets:0 errors:0 dropped:0 overruns:0 frame:0

                TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

                collisions:0 txqueuelen:0 

                RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

brctl show :

 bridge name    bridge id      STP enabled    interfaces

 br0       8000.d02788b0e438   no        eth0

 virbr0         8000.000000000000   yes

brctl showmacs br0 :

 port no   mac addr       is local? ageing timer

   1  5c:d9:98:67:b6:28   no          48.33

   1  d0:27:88:b0:e4:38   yes          0.00

   1  e0:2a:82:f9:6c:09   no           0.00

ip route :

 default via 192.168.20.1 dev br0  metric 100 

 192.168.20.0/24 dev br0  proto kernel  scope link  src 192.168.20.100 

 192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1

*In the guest * I was unable to copy paste the info from the guest because can't ssh to it. It didn't get any ip from DHCP. Won't work even after setting it up manually.

May I suggest that you provide the output from the following commands? On the host: ifconfig, brctl show, brctl showmacs br0, and ip route. On the guest: ifconfig, ip route, ping 8.8.8.8, ping <your internet router>, and traceroute 8.8.8.8. I can't say that I have configured kvm in the way you have, but I have gotten bridging to work using the kvm command. I did have to disconnect wireless so my host would connect to the Internet, and, as the directions you quoted say, you need to connect to the Internet with Ethernet. — Sep 14 '12 at 5:16
@JohnSGruber Just added the info you requested. But I was unable to copy paste the info from the guest because can't ssh to it. It didn't get any ip from DHCP. Won't work even after setting it up manually. — Sep 14 '12 at 12:42
Is the MAC address you assigned to the guest in the brctl showmacs br0 list above? — Sep 14 '12 at 14:27
I didn't add the mac manually.. but let me check the mac it got.. — Sep 14 '12 at 14:48

karel 60.5k13131155 · Accepted Answer · 2019-03-15 13:12:50Z

Preliminaries

This following worked for me for Ubuntu 12.04. You should disable your computer's firewall as you test this so it won't interfere.

The /etc/default/qemu-kvm file should be as originally installed.

You will need to have bridge-utils Install bridge-utils qemu-kvm Install qemu-kvm and libvirt-bin Install libvirt-bin installed. Any users using virtual machines should be added to the libvirtd group.

There no longer seems to be any need to add CAP_NET_ADMIN capability.

Network Setup

The default network mode is the User mode, also called SLIRP. It uses a predefined virbr0 bridge which is NAT routed to the guest computer. The NAT routing uses the kernel's ip_forwarding feature and iptables. Bridge mode uses a virtual bridge in the guest to which the (unnumbered) Ethernet interface connects, and on which both the host and the guest have their network interfaces.

The following diagrams may make the differences clearer:

Network diagrams

You can see how the default User network is defined with:

virsh net-dumpxml default

I can set up the bridged mode with the following approaches:

In /etc/network/interfaces (from the bridging part of the post you mention in your question):



auto lo

iface lo inet loopback

#auto eth0

#iface eth0 inet dhcp

auto eth0

iface eth0 inet manual

auto br0

iface br0 inet dhcp

    bridge_ports eth0

    bridge_stp off

    bridge_fd 0

    bridge_maxwait 0

Reboot; and make sure that wireless networking isn't active. Check the default IP route with ip route. It must be using the br0 interface.

N.B. If your Ethernet isn't hooked up when this change is made you need to have your Ethernet cable plugged in and getting a carrier or the boot will hang for two minutes and you won't have network capability That's because the eth0 interface, by being in this file, must come up before the boot can proceed normally.

N.B. Generally you can't use a wireless network instead of eth0 because of their inability to use multiple MAC addresses (I infer that they need a second one for the bridge).

As an alternative you can disable the use of Ethernet and make sure that it does not have an IP address, and that there isn't a default route set up with ip route. Then:

 sudo ifconfig eth0 0.0.0.0 up

 sudo brctl addbr br0

 sudo brctl addif br0 eth0

 sudo ifconfig br0 up

 sudo dhclient br0 &

You could also supply a static IP address here, as well as defining the default route and DNS address. For this example dhclient does this.

Here's my route table:

$ip route list

default via 192.168.1.1 dev br0  metric 100 

169.254.0.0/16 dev br0  scope link  metric 1000 

192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.45 

192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1

Using kvm

I can then boot a bridged kvm machine with:

 $ sudo kvm -name Quantal -m 1024 -hda foo.qcow2 --soundhw ac97 -device virtio-net,netdev=tunnel -netdev tap,id=tunnel,ifname=vnet0

The -netdev tap parameter makes sudo a requirement. As the VM is started qemu-kvm runs the following commands:

ifconfig vnet0 0.0.0.0 up

brctl addif brctl addif br0 vnet0

This is done by /etc/qemu-ifup

The VM's vnet0 interface is added to the br0 bridge because the default route above uses that bridge interface. If it weren't there the tap interface instead would be added to the virbr0 interface. Since that's not connected to the Internet, NAT would be used to connect the guest to the host and the Internet, in my experiments. You can direct the vnet0 to a particular bridge in /etc/default/qemu-kvm. Using virt-manager below you can explicitly direct which bridge to connect to.

Because of the above commands issued by qemu-kvm, and the -netdev tap,id=tunnel,ifname=vnet0 parameter, the vm virtual machine is connected to the vnet0 tunnel, and the tunnel is connected to the br0 bridge.

I can now directly ssh into this guest VM from another computer on my network.

My host ifconfig (note the vnet0 interface that appears on my network when the VM is running):

$ifconfig

br0       Link encap:Ethernet  HWaddr 00:1e:33:88:07:e5  

          inet addr:192.168.1.45  Bcast:255.255.255.255  Mask:255.255.255.0

          inet6 addr: fe80::21e:33ff:fe88:7e5/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:6526 errors:0 dropped:0 overruns:0 frame:0

          TX packets:7543 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:2712940 (2.7 MB)  TX bytes:1071835 (1.0 MB)



eth0      Link encap:Ethernet  HWaddr 00:1e:33:88:07:e5  

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:7181 errors:0 dropped:0 overruns:0 frame:0

          TX packets:7740 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:2974585 (2.9 MB)  TX bytes:1096580 (1.0 MB)

          Interrupt:43 Base address:0x6000 



lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:10 errors:0 dropped:0 overruns:0 frame:0

          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:664 (664.0 B)  TX bytes:664 (664.0 B)



vnet0      Link encap:Ethernet  HWaddr ca:0c:73:c3:bc:45  

          inet6 addr: fe80::c80c:73ff:fec3:bc45/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:226 errors:0 dropped:0 overruns:0 frame:0

          TX packets:429 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:500 

          RX bytes:26919 (26.9 KB)  TX bytes:58929 (58.9 KB)



virbr0    Link encap:Ethernet  HWaddr d6:18:22:db:ff:93  

          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0

          UP BROADCAST MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

My bridge configuration while running the VM:

$brctl show

bridge name bridge id       STP enabled interfaces

br0             8000.001e338807e5       no              eth0

                                                        vnet0

virbr0          8000.000000000000       yes

Note that both the virtual machine's vnet0 interface and the eth0 interface are connected to the br0 bridge.

And the MAC's on the br0 interface:

$brctl showmacs br0

port no mac addr        is local?   ageing timer

  1 00:05:5d:cf:64:61   no         2.54

  1 00:19:d2:42:5d:3f   no        36.76

  1 00:19:df:da:af:7c   no         2.86

  1 00:1e:33:88:07:e5   yes        0.00

  1 00:60:0f:e4:17:d6   no         0.79

  2 52:54:00:12:34:56   no         0.80

  1 58:6d:8f:17:5b:c0   no         5.91

  1 c8:aa:21:be:8d:16   no       167.69

  2 ca:0c:73:c3:bc:45   yes        0.00

Note that the br0 interface connects my host computer to the same bridge being used by the guest.

You can check that you are bridged rather than NAT routed to your own network by using traceroute 8.8.8.8. If the first node is your network's router rather than the guest's ip address your network should be working correctly.

See this documentation.

virt-manager

Be sure that you have installed virt-manager and hal. The hal package is a suggested dependency for virt-manager and is used to determine the network configuration of your system when creating or editing guests.

While having the br0 bridge defined as above I created a virtual machine with virt-manager as follows:

enter image description here

I was able to go directly to the rest of my home network and to the Internet from this guest. I was also able to ssh into it from the other (non-host, non-guest) Ubuntu computer on my home network.

Here's the very long kvm command run by virt-manager (for comparison with EApubs or anyone else having trouble with this):

/usr/bin/kvm -S -M pc-1.0 -enable-kvm -m 1024 -smp 1,sockets=1,cores=1,threads=1 -name precise -uuid f057a729-eda6-4b85-84dc-f100c9ae3789 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/precise.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -drive file=/media/natty/home/gruber/ubuntu-kvm/tmpW8gSGB.qcow2,if=none,id=drive-ide0-0-0,format=qcow2 -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -netdev tap,fd=18,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:0e:da:9b,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -usb -vnc 127.0.0.1:0 -vga cirrus -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5

Here's the network portion of the virtual machine description in /etc/libvirt/qemu/quantal.xml

    <interface type='bridge'>

      <mac address='52:54:00:b0:8e:aa'/>

      <source bridge='br0'/>

      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>

    </interface>

According to this link, for performance and reliability, it may be best to set the network device model to virtio, you can do this by in the virt-viewer by pressing the i button, going to the NIC setting, and setting the "Device model" to virtio. You could also add this to the XML above by adding the line:

      <model type='virtio'/>

In Summary

All this took on 12.04 was:

Installing virt-manager, bridge-utils, qemu-kvm, and related packages

Make sure each user wishing to use kvm are in the libvirtd group.

Defining /etc/network/interfaces as above (which match the quoted article)

Reboot, making sure Ethernet is plugged in and wireless (if any) is off.

Either run kvm against an image directly with, e.g. -device e1000,netdev=tunnel -netdev tap,id=tunnel,ifname=vnet0, or create a virtual machine with virt-manager, specifying network Bridge br0 under the Step 4->Advanced Options panel.

No further changes were needed to networking, capabilities, templates, or configurations.

To expose a service in your new guest to the Internet you should:

Prepare and configure any firewall service you will need.

Either assign a static address in your guest configuration or in your DHCP service.

If you are using a NAT router open a port for the service you are implementing directing it to the guest's IP address.

Remember to test and re-enable the firewall service for your host computer. It may need any entry to forward traffic to the guest.

See https://help.ubuntu.com/community/KVM/Installation, https://help.ubuntu.com/community/KVM/Networking, and https://help.ubuntu.com/12.04/serverguide/libvirt.html.

Hi, I don't have a wireless card on that machine. only Ethernet :) — Sep 15 '12 at 1:58
I understand you don't have wireless--but others reading this question might. I've posted a virt-manager section since that's what you used. Did you specify Bridged to br0 in step 4 Advanced Options when creating the virtual machine? Do the networking parameters in the kvm command launched by virt-manager match mine? (You can see it by running ps aux | grep kvm). — Sep 15 '12 at 3:47
Hi when creating a virtual machine using the virt manager, in advanced options, I don't see eth0 and br0. — Sep 15 '12 at 4:07
Well that's probably the problem--it's key to getting it to work under virt-manager. Are you running on the machine that will host it (and with br0 defined in brctl show as you have it in your question?) What version of Ubuntu are you running? Maybe that's the difference. What version of virt-manager? (Mine is 0.9.1-1ubuntu5.1). — Sep 15 '12 at 4:13
Im running Ubuntu 12.04 and virt-manager 0.9.1-1ubuntu5.1. Actually, I don't have virt-manager installed in the host. I have it in a remote machine and I use it to connect to the host. Is that the problem im having? — Sep 15 '12 at 4:23

Jeremy SpilmanJeremy Spilman 6111 · Accepted Answer · 2013-06-13 05:59:19Z

If the behavior you are seeing is host can access the guest, and guest can access the host, but the guest can't access other machines on the network or visa versa... probably the host's firewall is blocking access.

See: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/573461

Specifically, this section:
"The final step is to disable netfilter on the bridge:

# cat >> /etc/sysctl.conf <<EOF

net.bridge.bridge-nf-call-ip6tables = 0

net.bridge.bridge-nf-call-iptables = 0

net.bridge.bridge-nf-call-arptables = 0

EOF

AvioAvio 2,26051636 · Accepted Answer · 2012-09-14 09:32:01Z

These are the two scripts I use to create a bridge for qemu-kvm.

First, let the host become a IP router.

Script ip-router.sh:

#!/bin/bash



internetinterface="eth0"



username=`whoami`



if [ "x$username" != "xroot" ] ; then



    echo    

    echo "You must be root in order to run this script..."

    echo    



    exit    



fi  



if [ "x$1" != "x" ] ; then

    internetinterface="$1"

fi  



if [ "x$1" == "xdel" ] || [ "x$2" == "xdel" ] ; then

    disable="1"

else

    disable="0"

fi  



if [ "$disable" == "0" ] ; then

    echo "Enabling IP forward and setting up masquerade NAT on interface $internetinterface"



    echo 1 > /proc/sys/net/ipv4/ip_forward



    iptables -t nat -A POSTROUTING -o $internetinterface -j MASQUERADE

else

    echo "Disable IP forward and setting down masquerade NAT on interface $internetinterface"



    echo 0 > /proc/sys/net/ipv4/ip_forward



    iptables -t nat -D POSTROUTING -o $internetinterface -j MASQUERADE

fi

Then, create the tun-tap interface and bridge it with your default interface (usually the one with an Internet connection).

Script create-qemu-bridged-tuntap.sh:

#!/bin/bash



bridgename=br0

tapinterface=tap0

outinterface=eth1



if [ "x$1" != "x" ] ; then

    outinterface="$1"

fi  



ifaces=`awk -F: '{print $1}' /proc/net/dev | tail -n +3`

iffound="0"



for i in $ifaces

do  

    if [ "$outinterface" == "$i" ] ; then

            iffound="1"

    fi  

done



if [ "$iffound" == "0" ] ; then

    echo

    echo "Can't find the output interface."

    echo

    exit 1

fi  



outifaceip=`ifconfig | grep -A1 $outinterface | tail -1 | awk -F: '{print $2}' | awk '{print $1}'`

outifaceiptokens=`echo $outifaceip | awk -F . '{print NF}'`



if [ "$outifaceiptokens" != "4" ] ;  then

    echo

    echo "The selected output interface $outinterface doesn't seem to have a valid IP address."

    echo

    exit 1

fi  



hostaddress="192.168.1.1"

guestaddress="192.168.1.95"



sudo tunctl -t $tapinterface



sudo brctl addbr $bridgename

sudo brctl addif $bridgename $tapinterface



sudo ip link set $bridgename up

sudo ip addr add $hostaddress/24 dev $bridgename



sudo route add -host $guestaddress dev $bridgename

sudo parprouted eth1 $bridgename



sudo ~/scripts/ip-router.sh $outinterface

I use these scripts daily, so they should work well also for you. You'll have to install some package in order to have all of this working. Using:

dlocate `which COMMAND`

you can see which package is required to have COMMAND. For example to see which package is required to have brctl, simply run:

dlocate `which brctl`

and you'll have:

bridge-utils: /sbin/brctl

Using the same approach for all the commands in these scripts, you should (at least) run this aptitude command line:

sudo aptitude install dlocate iproute parprouted iptables uml-utilities bridge-utils net-tools

Finally, you can launch the main script (as a normal user):

#> create-qemu-bridged-tuntap.sh eth0

Set 'tap0' persistent and owned by uid 0

Enabling IP forward and setting up masquerade NAT on interface eth0

Running ip addr you should see a br0 interface with IP address 192.168.1.1, as specified inside the create-qemu-bridged-tuntap.sh script:

#> ip addr

8: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 

    link/ether 36:76:ee:d6:63:b2 brd ff:ff:ff:ff:ff:ff

    inet 192.168.1.1/24 scope global br0

This is the host address as seen by the guest. Conversely, the guest will have as IP address 192.168.1.95 (again, this can be easily changed inside the main script).

Now, using virt-manager, you just have to setup your guest nic to use br0 as physical interface.

virt-manager-br0-nic

Inside the guest, you just have to give to eth0 an IP address of 192.168.1.95 and everything should run fine.

Slackware13:~> ifconfig 

eth0      Link encap:Ethernet  HWaddr 52:54:00:F7:6A:78  

          inet addr:192.168.1.95  Bcast:192.168.1.255  Mask:255.255.255.0

Although you are using a bridge to do it, it appears to me that you are creating a NAT forwarding facility. Nevertheless, if you can port forward certain host ports maybe it will do what EApubs wants. Very interesting and very useful answer irregardless. — Sep 14 '12 at 14:24
Thank you, it works flawlessly for my purposes. But, as a matter of fact, I don't need a remote access to my VM and I thought that EApubs was simply trying to have an Internet access on its VM. — Sep 14 '12 at 14:59
@Avio No my friend, I need remote access to my machine. If I set NAT and create the VM, it works. — Sep 14 '12 at 15:02
There is a clue in here to a problem I had where IP forwarding was off, that is cat /proc/sys/net/ipv4/ip_forward gave 0. Enabling it and persisting it cleared up the issue for me, instructions in this post. — Oct 29 '15 at 18:59

karel 60.5k13131155 · Accepted Answer · 2019-03-15 13:12:50Z

Preliminaries

This following worked for me for Ubuntu 12.04. You should disable your computer's firewall as you test this so it won't interfere.

The /etc/default/qemu-kvm file should be as originally installed.

You will need to have bridge-utils Install bridge-utils qemu-kvm Install qemu-kvm and libvirt-bin Install libvirt-bin installed. Any users using virtual machines should be added to the libvirtd group.

There no longer seems to be any need to add CAP_NET_ADMIN capability.

Network Setup

The default network mode is the User mode, also called SLIRP. It uses a predefined virbr0 bridge which is NAT routed to the guest computer. The NAT routing uses the kernel's ip_forwarding feature and iptables. Bridge mode uses a virtual bridge in the guest to which the (unnumbered) Ethernet interface connects, and on which both the host and the guest have their network interfaces.

The following diagrams may make the differences clearer:

Network diagrams

You can see how the default User network is defined with:

virsh net-dumpxml default

I can set up the bridged mode with the following approaches:

In /etc/network/interfaces (from the bridging part of the post you mention in your question):



auto lo

iface lo inet loopback

#auto eth0

#iface eth0 inet dhcp

auto eth0

iface eth0 inet manual

auto br0

iface br0 inet dhcp

    bridge_ports eth0

    bridge_stp off

    bridge_fd 0

    bridge_maxwait 0

Reboot; and make sure that wireless networking isn't active. Check the default IP route with ip route. It must be using the br0 interface.

N.B. If your Ethernet isn't hooked up when this change is made you need to have your Ethernet cable plugged in and getting a carrier or the boot will hang for two minutes and you won't have network capability That's because the eth0 interface, by being in this file, must come up before the boot can proceed normally.

N.B. Generally you can't use a wireless network instead of eth0 because of their inability to use multiple MAC addresses (I infer that they need a second one for the bridge).

As an alternative you can disable the use of Ethernet and make sure that it does not have an IP address, and that there isn't a default route set up with ip route. Then:

 sudo ifconfig eth0 0.0.0.0 up

 sudo brctl addbr br0

 sudo brctl addif br0 eth0

 sudo ifconfig br0 up

 sudo dhclient br0 &

You could also supply a static IP address here, as well as defining the default route and DNS address. For this example dhclient does this.

Here's my route table:

$ip route list

default via 192.168.1.1 dev br0  metric 100 

169.254.0.0/16 dev br0  scope link  metric 1000 

192.168.1.0/24 dev br0  proto kernel  scope link  src 192.168.1.45 

192.168.122.0/24 dev virbr0  proto kernel  scope link  src 192.168.122.1

Using kvm

I can then boot a bridged kvm machine with:

 $ sudo kvm -name Quantal -m 1024 -hda foo.qcow2 --soundhw ac97 -device virtio-net,netdev=tunnel -netdev tap,id=tunnel,ifname=vnet0

The -netdev tap parameter makes sudo a requirement. As the VM is started qemu-kvm runs the following commands:

ifconfig vnet0 0.0.0.0 up

brctl addif brctl addif br0 vnet0

This is done by /etc/qemu-ifup

The VM's vnet0 interface is added to the br0 bridge because the default route above uses that bridge interface. If it weren't there the tap interface instead would be added to the virbr0 interface. Since that's not connected to the Internet, NAT would be used to connect the guest to the host and the Internet, in my experiments. You can direct the vnet0 to a particular bridge in /etc/default/qemu-kvm. Using virt-manager below you can explicitly direct which bridge to connect to.

Because of the above commands issued by qemu-kvm, and the -netdev tap,id=tunnel,ifname=vnet0 parameter, the vm virtual machine is connected to the vnet0 tunnel, and the tunnel is connected to the br0 bridge.

I can now directly ssh into this guest VM from another computer on my network.

My host ifconfig (note the vnet0 interface that appears on my network when the VM is running):

$ifconfig

br0       Link encap:Ethernet  HWaddr 00:1e:33:88:07:e5  

          inet addr:192.168.1.45  Bcast:255.255.255.255  Mask:255.255.255.0

          inet6 addr: fe80::21e:33ff:fe88:7e5/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:6526 errors:0 dropped:0 overruns:0 frame:0

          TX packets:7543 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:2712940 (2.7 MB)  TX bytes:1071835 (1.0 MB)



eth0      Link encap:Ethernet  HWaddr 00:1e:33:88:07:e5  

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:7181 errors:0 dropped:0 overruns:0 frame:0

          TX packets:7740 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:1000 

          RX bytes:2974585 (2.9 MB)  TX bytes:1096580 (1.0 MB)

          Interrupt:43 Base address:0x6000 



lo        Link encap:Local Loopback  

          inet addr:127.0.0.1  Mask:255.0.0.0

          inet6 addr: ::1/128 Scope:Host

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:10 errors:0 dropped:0 overruns:0 frame:0

          TX packets:10 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:664 (664.0 B)  TX bytes:664 (664.0 B)



vnet0      Link encap:Ethernet  HWaddr ca:0c:73:c3:bc:45  

          inet6 addr: fe80::c80c:73ff:fec3:bc45/64 Scope:Link

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:226 errors:0 dropped:0 overruns:0 frame:0

          TX packets:429 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:500 

          RX bytes:26919 (26.9 KB)  TX bytes:58929 (58.9 KB)



virbr0    Link encap:Ethernet  HWaddr d6:18:22:db:ff:93  

          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0

          UP BROADCAST MULTICAST  MTU:1500  Metric:1

          RX packets:0 errors:0 dropped:0 overruns:0 frame:0

          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0

          collisions:0 txqueuelen:0 

          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

My bridge configuration while running the VM:

$brctl show

bridge name bridge id       STP enabled interfaces

br0             8000.001e338807e5       no              eth0

                                                        vnet0

virbr0          8000.000000000000       yes

Note that both the virtual machine's vnet0 interface and the eth0 interface are connected to the br0 bridge.

And the MAC's on the br0 interface:

$brctl showmacs br0

port no mac addr        is local?   ageing timer

  1 00:05:5d:cf:64:61   no         2.54

  1 00:19:d2:42:5d:3f   no        36.76

  1 00:19:df:da:af:7c   no         2.86

  1 00:1e:33:88:07:e5   yes        0.00

  1 00:60:0f:e4:17:d6   no         0.79

  2 52:54:00:12:34:56   no         0.80

  1 58:6d:8f:17:5b:c0   no         5.91

  1 c8:aa:21:be:8d:16   no       167.69

  2 ca:0c:73:c3:bc:45   yes        0.00

Note that the br0 interface connects my host computer to the same bridge being used by the guest.

You can check that you are bridged rather than NAT routed to your own network by using traceroute 8.8.8.8. If the first node is your network's router rather than the guest's ip address your network should be working correctly.

See this documentation.

virt-manager

Be sure that you have installed virt-manager and hal. The hal package is a suggested dependency for virt-manager and is used to determine the network configuration of your system when creating or editing guests.

While having the br0 bridge defined as above I created a virtual machine with virt-manager as follows:

enter image description here

I was able to go directly to the rest of my home network and to the Internet from this guest. I was also able to ssh into it from the other (non-host, non-guest) Ubuntu computer on my home network.

Here's the very long kvm command run by virt-manager (for comparison with EApubs or anyone else having trouble with this):

/usr/bin/kvm -S -M pc-1.0 -enable-kvm -m 1024 -smp 1,sockets=1,cores=1,threads=1 -name precise -uuid f057a729-eda6-4b85-84dc-f100c9ae3789 -nodefconfig -nodefaults -chardev socket,id=charmonitor,path=/var/lib/libvirt/qemu/precise.monitor,server,nowait -mon chardev=charmonitor,id=monitor,mode=control -rtc base=utc -no-shutdown -drive file=/media/natty/home/gruber/ubuntu-kvm/tmpW8gSGB.qcow2,if=none,id=drive-ide0-0-0,format=qcow2 -device ide-drive,bus=ide.0,unit=0,drive=drive-ide0-0-0,id=ide0-0-0,bootindex=1 -netdev tap,fd=18,id=hostnet0 -device rtl8139,netdev=hostnet0,id=net0,mac=52:54:00:0e:da:9b,bus=pci.0,addr=0x3 -chardev pty,id=charserial0 -device isa-serial,chardev=charserial0,id=serial0 -usb -vnc 127.0.0.1:0 -vga cirrus -device intel-hda,id=sound0,bus=pci.0,addr=0x4 -device hda-duplex,id=sound0-codec0,bus=sound0.0,cad=0 -device virtio-balloon-pci,id=balloon0,bus=pci.0,addr=0x5

Here's the network portion of the virtual machine description in /etc/libvirt/qemu/quantal.xml

    <interface type='bridge'>

      <mac address='52:54:00:b0:8e:aa'/>

      <source bridge='br0'/>

      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>

    </interface>

According to this link, for performance and reliability, it may be best to set the network device model to virtio, you can do this by in the virt-viewer by pressing the i button, going to the NIC setting, and setting the "Device model" to virtio. You could also add this to the XML above by adding the line:

      <model type='virtio'/>

In Summary

All this took on 12.04 was:

Installing virt-manager, bridge-utils, qemu-kvm, and related packages

Make sure each user wishing to use kvm are in the libvirtd group.

Defining /etc/network/interfaces as above (which match the quoted article)

Reboot, making sure Ethernet is plugged in and wireless (if any) is off.

Either run kvm against an image directly with, e.g. -device e1000,netdev=tunnel -netdev tap,id=tunnel,ifname=vnet0, or create a virtual machine with virt-manager, specifying network Bridge br0 under the Step 4->Advanced Options panel.

No further changes were needed to networking, capabilities, templates, or configurations.

To expose a service in your new guest to the Internet you should:

Prepare and configure any firewall service you will need.

Either assign a static address in your guest configuration or in your DHCP service.

If you are using a NAT router open a port for the service you are implementing directing it to the guest's IP address.

Remember to test and re-enable the firewall service for your host computer. It may need any entry to forward traffic to the guest.

See https://help.ubuntu.com/community/KVM/Installation, https://help.ubuntu.com/community/KVM/Networking, and https://help.ubuntu.com/12.04/serverguide/libvirt.html.

Hi, I don't have a wireless card on that machine. only Ethernet :) — Sep 15 '12 at 1:58
I understand you don't have wireless--but others reading this question might. I've posted a virt-manager section since that's what you used. Did you specify Bridged to br0 in step 4 Advanced Options when creating the virtual machine? Do the networking parameters in the kvm command launched by virt-manager match mine? (You can see it by running ps aux | grep kvm). — Sep 15 '12 at 3:47
Hi when creating a virtual machine using the virt manager, in advanced options, I don't see eth0 and br0. — Sep 15 '12 at 4:07
Well that's probably the problem--it's key to getting it to work under virt-manager. Are you running on the machine that will host it (and with br0 defined in brctl show as you have it in your question?) What version of Ubuntu are you running? Maybe that's the difference. What version of virt-manager? (Mine is 0.9.1-1ubuntu5.1). — Sep 15 '12 at 4:13
Im running Ubuntu 12.04 and virt-manager 0.9.1-1ubuntu5.1. Actually, I don't have virt-manager installed in the host. I have it in a remote machine and I use it to connect to the host. Is that the problem im having? — Sep 15 '12 at 4:23

Jeremy SpilmanJeremy Spilman 6111 · Accepted Answer · 2013-06-13 05:59:19Z

If the behavior you are seeing is host can access the guest, and guest can access the host, but the guest can't access other machines on the network or visa versa... probably the host's firewall is blocking access.

See: https://bugs.launchpad.net/ubuntu/+source/ufw/+bug/573461

Specifically, this section:
"The final step is to disable netfilter on the bridge:

# cat >> /etc/sysctl.conf <<EOF

net.bridge.bridge-nf-call-ip6tables = 0

net.bridge.bridge-nf-call-iptables = 0

net.bridge.bridge-nf-call-arptables = 0

EOF

AvioAvio 2,26051636 · Accepted Answer · 2012-09-14 09:32:01Z

These are the two scripts I use to create a bridge for qemu-kvm.

First, let the host become a IP router.

Script ip-router.sh:

#!/bin/bash



internetinterface="eth0"



username=`whoami`



if [ "x$username" != "xroot" ] ; then



    echo    

    echo "You must be root in order to run this script..."

    echo    



    exit    



fi  



if [ "x$1" != "x" ] ; then

    internetinterface="$1"

fi  



if [ "x$1" == "xdel" ] || [ "x$2" == "xdel" ] ; then

    disable="1"

else

    disable="0"

fi  



if [ "$disable" == "0" ] ; then

    echo "Enabling IP forward and setting up masquerade NAT on interface $internetinterface"



    echo 1 > /proc/sys/net/ipv4/ip_forward



    iptables -t nat -A POSTROUTING -o $internetinterface -j MASQUERADE

else

    echo "Disable IP forward and setting down masquerade NAT on interface $internetinterface"



    echo 0 > /proc/sys/net/ipv4/ip_forward



    iptables -t nat -D POSTROUTING -o $internetinterface -j MASQUERADE

fi

Then, create the tun-tap interface and bridge it with your default interface (usually the one with an Internet connection).

Script create-qemu-bridged-tuntap.sh:

#!/bin/bash



bridgename=br0

tapinterface=tap0

outinterface=eth1



if [ "x$1" != "x" ] ; then

    outinterface="$1"

fi  



ifaces=`awk -F: '{print $1}' /proc/net/dev | tail -n +3`

iffound="0"



for i in $ifaces

do  

    if [ "$outinterface" == "$i" ] ; then

            iffound="1"

    fi  

done



if [ "$iffound" == "0" ] ; then

    echo

    echo "Can't find the output interface."

    echo

    exit 1

fi  



outifaceip=`ifconfig | grep -A1 $outinterface | tail -1 | awk -F: '{print $2}' | awk '{print $1}'`

outifaceiptokens=`echo $outifaceip | awk -F . '{print NF}'`



if [ "$outifaceiptokens" != "4" ] ;  then

    echo

    echo "The selected output interface $outinterface doesn't seem to have a valid IP address."

    echo

    exit 1

fi  



hostaddress="192.168.1.1"

guestaddress="192.168.1.95"



sudo tunctl -t $tapinterface



sudo brctl addbr $bridgename

sudo brctl addif $bridgename $tapinterface



sudo ip link set $bridgename up

sudo ip addr add $hostaddress/24 dev $bridgename



sudo route add -host $guestaddress dev $bridgename

sudo parprouted eth1 $bridgename



sudo ~/scripts/ip-router.sh $outinterface

I use these scripts daily, so they should work well also for you. You'll have to install some package in order to have all of this working. Using:

dlocate `which COMMAND`

you can see which package is required to have COMMAND. For example to see which package is required to have brctl, simply run:

dlocate `which brctl`

and you'll have:

bridge-utils: /sbin/brctl

Using the same approach for all the commands in these scripts, you should (at least) run this aptitude command line:

sudo aptitude install dlocate iproute parprouted iptables uml-utilities bridge-utils net-tools

Finally, you can launch the main script (as a normal user):

#> create-qemu-bridged-tuntap.sh eth0

Set 'tap0' persistent and owned by uid 0

Enabling IP forward and setting up masquerade NAT on interface eth0

Running ip addr you should see a br0 interface with IP address 192.168.1.1, as specified inside the create-qemu-bridged-tuntap.sh script:

#> ip addr

8: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN 

    link/ether 36:76:ee:d6:63:b2 brd ff:ff:ff:ff:ff:ff

    inet 192.168.1.1/24 scope global br0

This is the host address as seen by the guest. Conversely, the guest will have as IP address 192.168.1.95 (again, this can be easily changed inside the main script).

Now, using virt-manager, you just have to setup your guest nic to use br0 as physical interface.

virt-manager-br0-nic

Inside the guest, you just have to give to eth0 an IP address of 192.168.1.95 and everything should run fine.

Slackware13:~> ifconfig 

eth0      Link encap:Ethernet  HWaddr 52:54:00:F7:6A:78  

          inet addr:192.168.1.95  Bcast:192.168.1.255  Mask:255.255.255.0

Although you are using a bridge to do it, it appears to me that you are creating a NAT forwarding facility. Nevertheless, if you can port forward certain host ports maybe it will do what EApubs wants. Very interesting and very useful answer irregardless. — Sep 14 '12 at 14:24
Thank you, it works flawlessly for my purposes. But, as a matter of fact, I don't need a remote access to my VM and I thought that EApubs was simply trying to have an Internet access on its VM. — Sep 14 '12 at 14:59
@Avio No my friend, I need remote access to my machine. If I set NAT and create the VM, it works. — Sep 14 '12 at 15:02
There is a clue in here to a problem I had where IP forwarding was off, that is cat /proc/sys/net/ipv4/ip_forward gave 0. Enabling it and persisting it cleared up the issue for me, instructions in this post. — Oct 29 '15 at 18:59

搜尋此網誌

Cfxtrjtrk

KVM Bridged Network Not Working

3 Answers
3

Your Answer

Post as a guest

3 Answers
3

3 Answers
3

Post as a guest

Popular posts from this blog

How did Captain America manage to do this?

迪纳利

南乌拉尔铁路局

KVM Bridged Network Not Working

3 Answers 3

Your Answer

Sign up or log in

Post as a guest

Post as a guest

3 Answers 3

3 Answers 3

Sign up or log in

Post as a guest

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Sign up or log in

Post as a guest

Popular posts from this blog

How did Captain America manage to do this?

迪纳利

南乌拉尔铁路局

3 Answers
3

3 Answers
3

3 Answers
3