Bridge Network KB ID 0001891
Problem
Not sure why KVM does not come preconfigured for this out of the box, and it took me a very long time to work out how to do this. But if you want your KVM VMs to behave as if they are on your production LAN (rather than the default of setting up DHCP and NAT). The default is fine but if you want to access your VMs from outside the host you need to setup bridged networking.
In my example I want my VMs to get an IP address from my DHCP server.
Solution : Bridge Network
Currently you probably have an IP address on the host itself (192.168.100.20) the process is to create a network bridge, Move the IP address from your network interface so that it is now ON THE BRIDGE, add the network interface to the bridge, then finally move the VMs onto the bridge.
The following commands with display your current virtual networks, and current bridges, then we will create a new bridge (br0), and finally make sure that new switch is listed.
[box]
virsh net-list --all brctl show sudo brctl addbr br0 brctl show
[/box]
We need to change the IP address location so edit your current netplan.
[box]
ls /etc/netplan
TAKE NOTE OF THE NAME
sudoedit /etc/netplan/{name-of-netplan-file}.yaml
[/box]
Example (Note: you will need to enter YOUR details and your interface mat have a different name e.g. eth0)
[box]
network: version: 2 renderer: networkd ethernets: ens33: dhcp4: false dhcp6: false bridges: br0: interfaces: [ens33] addresses: [192.168.100.20/24] routes: - to: default via: 192.168.100.1 metric: 100 on-link: true mtu: 1500 nameservers: addresses: [192.168.100.10,192.168.100.3] parameters: stp: true forward-delay: 4 dhcp4: no dhcp6: no
[/box]
Save and exit the file.
Now we need to exempt traffic going through the bridge from being sent though the netfilter (i.e. for iptables inspection).
[box]
sudoedit /etc/sysctl.d/bridge.conf
[/box]
Paste in the following text, then save and exit.
[box]
net.bridge.bridge-nf-call-ip6tables=0 net.bridge.bridge-nf-call-iptables=0 net.bridge.bridge-nf-call-arptables=0
[/box]
Those settings would be lost in a reboot, to make them permanent.
[box]
sudoedit /etc/udev/rules.d/99-bridge.rules
[/box]
Paste in the following, then save and exit.
[box]
ACTION=="add", SUBSYSTEM=="module", KERNEL=="br_netfilter", \ RUN+="/sbin/sysctl -p /etc/sysctl.d/bridge.conf"
[/box]
Now we will delete and undefine the built in default network.
[box]
virsh net-list --all virsh net-destroy default virsh net-undefine default virsh net-list --all
[/box]
Now before we apply the netplan we created earlier take a look, our IP address is currently on interface ens33 when we have finished it will move to the br0 network.
[box]
ip addr sudo netplan apply
[/box]
Now check again, and ensure the bridge now has the IP address.
[box]
ip addr
[/box]
We are now going to define the bridge, sudoedit won’t work in the home directory so I’m using vi instead.
[box]
vi host-bridge.xml
[/box]
Text
Paste in the following, then save and exit (Esc > wq!)
[box]
<network> <name>host-bridge</name> <forward mode="bridge"/> <bridge name="br0"/> </network>
[/box]
From the file we just created, we will define the new bridge network, start the network, then set it to autostart with the host, then finally we make sure its defined and listed.
[box]
virsh net-define host-bridge.xml virsh net-start host-bridge virsh net-autostart host-bridge virsh net-list --all
[/box]
Connecting VMs to the Bridge Network
List the registered VMs, then edit the VM you want to change.
[box]
virsh list all
virsh edit {VM-Machine-Name}
[/box]
Locate the source network= section and change it from default .
To host-bridge then save and exit the file.
I manage my VMs with Cockpit, and they were working fine, but they were asking to be restarted. I did that with mixed results. (some worked others didn’t).
I had 100% success by removing the old network connections, and adding a new one like so, this was for an Ubuntu guest VM (Note: if it’s a Windows VM, use a e1000e model card instead).