How to bridge with KVM / Qemu / Virt-manager?

Red Squirrel · 12-22-2014, 04:28 PM

Every time I try to change the network settings, it just reverts back to default of NAT and says "some changes require a guest shutdown to take effect" even if the guest is already shut down.

I hate the idea that such mundane settings even require to restart the guest (every other vm solution I've used allows to do these things on the fly) but guess there's not much I can do. This is a remote dedicated server that runs CentOS as the base OS for the webserver and I just want to be able to run a few windows VMs on it so going something better like ESXi is not really an option.

Is there a way I can get this network stuff to work? I just want to bridge to the main network interface so I can then set a static IP in the range assigned by my server provider.

I found this tutorial, but there's got to be a better way. I can't take down or mess with eth0, this is a production server!

http://www.techotopia.com/index.php/...idge_Interface

Not to mention if I do that remotely I risk completely locking myself out. There has got to be a better way.

Red Squirrel · 12-22-2014, 04:48 PM

On second thought, I kind of would like to just make eth0.x interfaces on the host, then forward specific ports to VMs, is this possible to do? This would allow me to manage stuff like IP blocks/allow lists right from IP tables and not even have to worry about individual firewalls in VMs. Since NAT is default config this may even be easier to do than trying to do bridge mode. Is this possible, if yes how do I go about setting this up?

John VV · 12-22-2014, 07:38 PM

yes / no

my kvm install on OpenSUSE has similar issues

comcast switches the mac on the xfinity box all the time

so about every other time i run the KVM i have to delete the device and make a new nic "virb0"

Red Squirrel · 12-22-2014, 09:25 PM

Why would a mac change cause you to have to remake the interface? I don't think I will be faced with that issue though, this is a dedicated server provider so I doubt they'll just start changing the mac on me.

At this point, I just want to make it work in a way where I don't have to screw around with the eth0 interface. It's just too risky. The tutorials I read seem to always point towards having to edit that. I'm guessing that is for situations where the eth0 is not actually used to access the server, but in this case it is. I cannot lose access to the actual host since it's about a thousand km away, there's simply no way of getting console access so I cannot risk any situation where I need to make a major change to it and have to restart networking. In fact, restarting networking in general is not exactly a proper approach. There's got to be a better way of doing it. I can't be having to screw around with the core networking each time I want to add a VM.

Slax-Dude · 12-23-2014, 10:06 AM

Quote:

Originally Posted by Red Squirrel

I hate the idea that such mundane settings even require to restart the guest (every other vm solution I've used allows to do these things on the fly) but guess there's not much I can do. This is a remote dedicated server that runs CentOS as the base OS for the webserver and I just want to be able to run a few windows VMs on it so going something better like ESXi is not really an option.

Like I told you before, that is a problem with your server configuration, not KVM/qemu/virt-manager.

On my test box, I made a bridge interface (vnet0) and added eth0 to it.

Code:

brctl addbr vnet0
ifconfig eth0 down
ifconfig eth0 0.0.0.0 promisc up
brctl addif vnet0 eth0

As you can see, the bridge has the same MAC address as eth0:

Code:

eth0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500
        inet6 fe80::21f:c6ff:fe50:74db  prefixlen 64  scopeid 0x20<link>
        ether 00:1f:c6:50:74:db  txqueuelen 1000  (Ethernet)
        RX packets 513448176  bytes 71561894336 (66.6 GiB)
        RX errors 660070  dropped 289263577  overruns 0  frame 660068
        TX packets 26643504  bytes 6295981728 (5.8 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 5  collisions 0

vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.1.106  netmask 255.255.255.0  broadcast 192.168.1.255
        inet6 fe80::21f:c6ff:fe50:74db  prefixlen 64  scopeid 0x20<link>
        ether 00:1f:c6:50:74:db  txqueuelen 0  (Ethernet)
        RX packets 228455779  bytes 92926769846 (86.5 GiB)
        RX errors 0  dropped 1915689  overruns 0  frame 0
        TX packets 49837120  bytes 6533306316 (6.0 GiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

...so you can configure it as you would eth0 (use dhcp or fixed ip).

You can, however, use any interface you want for the bridge.

On virtual-manager I chose "bridge" as an interface type and "vnet0" as the source interface.
The xml file looks something like this:

Code:

    <interface type='bridge'>
      <mac address='52:54:00:59:7a:94'/>
      <source bridge='vnet0'/>
      <model type='virtio'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>

Red Squirrel · 12-23-2014, 12:11 PM

This is a completely different server, when you say "my" configuration... what do I have to do? Everything is default. I did not configure anything, I just installed kvm, qemu, virt-manager and then ran virt-manager and created a new VM. When I try to change the network it just does not do anything. At some point I got some kind of error about operation not supported, I guess the options did stick after a while. If I try to use bridged now I get this:

This is what my ifconfig looks like now, is this right?

Code:

eth0      Link encap:Ethernet  HWaddr 00:25:90:7C:72:F8  
          inet addr:192.99.10.155  Bcast:192.99.10.255  Mask:255.255.255.0
          inet6 addr: fe80::225:90ff:fe7c:72f8/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:532989380 errors:3 dropped:6 overruns:0 frame:3
          TX packets:410264156 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000 
          RX bytes:403694718811 (375.9 GiB)  TX bytes:367745590398 (342.4 GiB)
          Interrupt:16 Memory:fbce0000-fbd00000 

eth0:1    Link encap:Ethernet  HWaddr 00:25:90:7C:72:F8  
          inet addr:192.95.14.96  Bcast:192.95.14.96  Mask:255.255.255.255
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          Interrupt:16 Memory:fbce0000-fbd00000 

lo        Link encap:Local Loopback  
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:25196571 errors:0 dropped:0 overruns:0 frame:0
          TX packets:25196571 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:3851319016 (3.5 GiB)  TX bytes:3851319016 (3.5 GiB)

virbr0    Link encap:Ethernet  HWaddr 52:54:00:51:77:B0  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 b)  TX bytes:0 (0.0 b)

So if I do it your way I don't have to mess with eth0 then? All the tutorials I read seem to indicate either changing the config of eth0 directly, or having to do ifdown and ifup.

Just getting a blue screen of death though so network config working or not, don't think this VM solution will work for Windows anyway.

Slax-Dude · 12-27-2014, 07:44 AM

Quote:

Originally Posted by Red Squirrel

So if I do it your way I don't have to mess with eth0 then?

Just replace eth0 with eth0:1 and try the code on my previous post. That will ceate a bridge device with eth0:1

Quote:

Originally Posted by Red Squirrel

don't think this VM solution will work for Windows anyway.

A good artist does not blame his tools...
Like I, and others, told you before: qemu works fine with windows.
I have several windows 2008 and windows xp VMs running at work and a few win8/7/xp at home.
All run at near native speed.

If you are having performance issues, that is due to your particular setup.
Since you are running this on a hosted server, ask your provider for help.
Sharing the hardware specs would also help us spot potential problems.