---
title: Network Bridge
description: Guide to create a network bridge for KVM guests
published: true
date: 2022-04-30T20:10:36.036Z
tags: network, nmcli, networkmanager, kvm, virt-manager
editor: markdown
dateCreated: 2022-04-29T14:05:54.201Z
---

The best way to run virtual machines under Linux is the *virt-manager* UI for `qemu`.
Virt-manager unfortunately insists on creating a NAT network by default - which takes over DNS port 53 and throws the VM onto a different subnet.

To recitify this, the best solution is to generate a network bridge.

There are several ways to go about it, chiefly with the `ip` command, the `bridgeutils` package, or NetworkManager with `nmcli`.

Since `bridgeutils` is a seperate, older utility and the `ip` procedure tends to hamstring the internet connection (probably solveable, but still), I used `nmcli`.

> Arch wiki has a [great page](https://wiki.archlinux.org/title/Network_bridge) on bridge networking.
{.is-info}

# Create the bridge
In essence:

1. Create the bridge:
`nmcli connection add type bridge ifname [bridge name] stp no`

2. Add your main internet interface as a slave:
`nmcli connection add type bridge-slave ifname [internet interface name] master [bridge name]`

3. Bring your internet interface down:
`ncmli connection down [internet interface name]`

4. Bring the bridge up:
`nmcli connection up bridge-[bridge-name]`
(note how `nmcli` appends `bridge-` before the bridge name).

5. Assign an IP address to the bridge using your favourite tool (`ip`, `nmcli`, `nmtui` and the GNOME GUI all work well).

# Register the bridge with Virt-Manager

For Virt-Manager to see your bridge, you must add it as an xml:

1. From the main window, select `Edit` -> `Preferences` -> `Enable XML editing`.

2. Hover over a VM -> `Edit` -> `Connection Details` -> `+` -> `XML`

3. Paste the following:
```xml
<network>
    <name>bridged-network</name>
    <forward mode="bridge" />
    <bridge name="[bridge-name]" />
</network>
```
Note you do not need to add the `bridge-` beforehand.

4. You can now use the bridge for virtual machines. Success!

# Enable internet access for bridged guests
If all you want is a VM on your subnet and guest-to-host access, you're all done.

> Source: [LinuxConfig.org](https://linuxconfig.org/how-to-use-bridged-networking-with-libvirt-and-kvm)
{.is-info}

However, if you want the guest to have internet access, you must enable it via `sysctl` by disabling the Bridge Netfilter:

1. Edit `vim /etc/sysctl.d/99-netfilter-bridge.conf` and write the following:
```vim
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0  
```

2. Load the `br_netfilter` module with `modprobe br_netfilter`

3. Enable the module at bootime by editing `/etc/modules-load.d/br_netfilter.conf` and adding `br_netfilter`.

4. Load the new settings into `sysctl` with `sysctl -p /etc/sysctl.d/99-netfilter-bridge.conf`


Enjoy your networked KVM guests, yo.