83 lines
2.9 KiB
Markdown
83 lines
2.9 KiB
Markdown
---
|
|
title: Network Bridge
|
|
description: Guide to create a network bridge for KVM guests
|
|
published: true
|
|
date: 2022-04-30T20:10:36.036Z
|
|
tags: network, nmcli, networkmanager, kvm, virt-manager
|
|
editor: markdown
|
|
dateCreated: 2022-04-29T14:05:54.201Z
|
|
---
|
|
|
|
The best way to run virtual machines under Linux is the *virt-manager* UI for `qemu`.
|
|
Virt-manager unfortunately insists on creating a NAT network by default - which takes over DNS port 53 and throws the VM onto a different subnet.
|
|
|
|
To recitify this, the best solution is to generate a network bridge.
|
|
|
|
There are several ways to go about it, chiefly with the `ip` command, the `bridgeutils` package, or NetworkManager with `nmcli`.
|
|
|
|
Since `bridgeutils` is a seperate, older utility and the `ip` procedure tends to hamstring the internet connection (probably solveable, but still), I used `nmcli`.
|
|
|
|
> Arch wiki has a [great page](https://wiki.archlinux.org/title/Network_bridge) on bridge networking.
|
|
{.is-info}
|
|
|
|
# Create the bridge
|
|
In essence:
|
|
|
|
1. Create the bridge:
|
|
`nmcli connection add type bridge ifname [bridge name] stp no`
|
|
|
|
2. Add your main internet interface as a slave:
|
|
`nmcli connection add type bridge-slave ifname [internet interface name] master [bridge name]`
|
|
|
|
3. Bring your internet interface down:
|
|
`ncmli connection down [internet interface name]`
|
|
|
|
4. Bring the bridge up:
|
|
`nmcli connection up bridge-[bridge-name]`
|
|
(note how `nmcli` appends `bridge-` before the bridge name).
|
|
|
|
5. Assign an IP address to the bridge using your favourite tool (`ip`, `nmcli`, `nmtui` and the GNOME GUI all work well).
|
|
|
|
# Register the bridge with Virt-Manager
|
|
|
|
For Virt-Manager to see your bridge, you must add it as an xml:
|
|
|
|
1. From the main window, select `Edit` -> `Preferences` -> `Enable XML editing`.
|
|
|
|
2. Hover over a VM -> `Edit` -> `Connection Details` -> `+` -> `XML`
|
|
|
|
3. Paste the following:
|
|
```xml
|
|
<network>
|
|
<name>bridged-network</name>
|
|
<forward mode="bridge" />
|
|
<bridge name="[bridge-name]" />
|
|
</network>
|
|
```
|
|
Note you do not need to add the `bridge-` beforehand.
|
|
|
|
4. You can now use the bridge for virtual machines. Success!
|
|
|
|
# Enable internet access for bridged guests
|
|
If all you want is a VM on your subnet and guest-to-host access, you're all done.
|
|
|
|
> Source: [LinuxConfig.org](https://linuxconfig.org/how-to-use-bridged-networking-with-libvirt-and-kvm)
|
|
{.is-info}
|
|
|
|
However, if you want the guest to have internet access, you must enable it via `sysctl` by disabling the Bridge Netfilter:
|
|
|
|
1. Edit `vim /etc/sysctl.d/99-netfilter-bridge.conf` and write the following:
|
|
```vim
|
|
net.bridge.bridge-nf-call-ip6tables = 0
|
|
net.bridge.bridge-nf-call-iptables = 0
|
|
net.bridge.bridge-nf-call-arptables = 0
|
|
```
|
|
|
|
2. Load the `br_netfilter` module with `modprobe br_netfilter`
|
|
|
|
3. Enable the module at bootime by editing `/etc/modules-load.d/br_netfilter.conf` and adding `br_netfilter`.
|
|
|
|
4. Load the new settings into `sysctl` with `sysctl -p /etc/sysctl.d/99-netfilter-bridge.conf`
|
|
|
|
|
|
Enjoy your networked KVM guests, yo. |