Kvm Bridge Network Problem

Discussion:

(too old to reply)

Stephen P. Molnar

2024-05-04 20:30:02 UTC

I am running Bookworm on my main platform. After quite a bit of googling
and many errors and much head scratching I have managed to follow the
instructions in:

https://www.cyberciti.biz/faq/how-to-add-network-bridge-with-nmcli-networkmanager-on-linux/
.

I have currently implicated this on a Windows 10 client. However, there
still remains a problem. After the first restart of the Windows client
the internet was accessible. However, a problem arose after I
successfully installed br0 (copy attached). I was able to use the LAN
printer and the 40" TV , but could not access the Host.

I'm sure that I have missed something, but I don't know what.

Guidance to a solution to the problem would be appreciated.

Thanks in advance,

--
Stephen P. Molnar, Ph.D.
https://insilicochemistry.net
(614)312-7528 (c)
Skype: smolnar1

Geert Stappers

2024-05-05 06:10:01 UTC

Permalink

I am running Bookworm on my main platform. After quite a bit of googling and
many errors and much head scratching I have managed to follow the
https://www.cyberciti.biz/faq/how-to-add-network-bridge-with-nmcli-networkmanager-on-linux/
.
I have currently implicated this on a Windows 10 client. However, there
still remains a problem. After the first restart of the Windows client the
internet was accessible. However, a problem arose after I successfully
installed br0 (copy attached). I was able to use the LAN printer and the 40"
TV , but could not access the Host.

Ah, the VM guest can not access the host.
(I changed 'Subject: Re: Kvm Bridge Network Problem'
into 'Subject: Re: Kvm Bridge Network Problem, VM accessing the host')

I'm sure that I have missed something, but I don't know what.

Network switches only forward packets.

Guidance to a solution to the problem would be appreciated.

I have been where O.P. is, the challenge^Wproblem is real.

# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
source /etc/network/interfaces.d/*
# The loopback network interface
auto lo
iface lo inet loopback
# Specify that the physical interface that should be connected to the bridge
# should be configured manually, to avoid conflicts with NetworkManager
iface enp2s0 inet manual
#Primary network interface with bridge
auto br0
iface br0 inet static
address 162.237.98.238
broadcast 162.237.98.255
netmask 255.255.255.0
gateway 162.237.98.1
bridge_ports enp2s0
bridge_stp off
bridge_waitport 0
bridge fd 0

That brigde configuration looks good, even might be good.

The thing is that host and VM are at the same interface of the network
switch. And network switches only forward packets. It is a "physical
law" in computer networking. Hopefully brings this email thread
the jargon name of the "problem".

If direct connection between host and the VM guest is important,
then add such connection and take the costs it brings.

Groeten
Geert Stappers

--
Silence is hard to parse

Gareth Evans

2024-05-05 07:00:01 UTC

Permalink

Post by Stephen P. Molnar
...
I have managed to follow the
https://www.cyberciti.biz/faq/how-to-add-network-bridge-with-nmcli-networkmanager-on-linux/
...
I was able to use the LAN
printer and the 40" TV , but could not access the Host.

Hi Stephen,

That might suggest NAT is still operative for the VM.

Did you do the "optional" part of the tutorial in your link too, re KVM network config?

What is the output of

# nmcli con show

# nmcli device

# virsh net-list --all

# virsh net-dumpxml yourNetworkName

I don't have a network cable to hand to test this at the moment (wifi NIC bridging is complex if possible with KVM [1] and apples and oranges and all that) but will do later if your problem is not solved.

I think the presence of enp2s0 in /e/n/i (which your attachment seems to be) prevents NM from managing it, but if I'm wrong about that, could it be getting an address (static or otherwise) from NM?

Gareth

[1] https://hacktivate.it/posts/kvm-bridge-wireless/

Gareth Evans

2024-05-05 07:40:01 UTC

Permalink

Post by Gareth Evans
That might suggest NAT is still operative for the VM.

Ah, I hadn't seen Geert's reply, which I think is closer to the mark :)

This gives a routing-based approach:

https://www.linux-kvm.org/page/Networking

This creates an isolated network between host and guest, which without routing presumably is additional to the default network, and the (Ubuntu-based) netplan stuff needs substituting with /e/n/i adjustments:

https://www.nodinrogers.com/post/2022-01-06-enabling-kvm-host-to-vm-communcation/

All of which I have yet to test but have been meaning to look into this again.

HTH

Gareth Evans

2024-05-07 01:00:01 UTC

Permalink

On host:

$ ip a|grep wl
3: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
inet 192.168.1.100/24 ...

Using:

virt-manager > Edit > Connection Details > Virtual Networks > Add network

Mode: Routed
Network: 192.168.200.0/24
Accept default DHCP range
Forward to: physical device
Device: wlp1s0 [this is my physical wifi card]

Then:

$ sudo sysctl -w net.ipv4.ip_forward=1

Then check:

$ ip link
<snip>
6: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
link/ether 52:54:00:54:ed:48 brd ff:ff:ff:ff:ff:ff
7: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr0 state UNKNOWN mode DEFAULT group default qlen 1000
link/ether fe:54:00:9b:a7:8e brd ff:ff:ff:ff:ff:ff

Start VM, check DHCP address assigned

On VM guest:

$ ip a|grep enp
2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
inet 192.168.200.151/24 ...

At this point (with firewalls temporarily off) I was able to ssh to and from host and VM guest using their respective IP addresses.

After adding a static route on my wireless router:

192.168.200.0/24 via 192.168.1.100 (to paraphrase the web form)

I installed apache2 on the VM guest and was able to access

http://192.168.200.151

from my phone over wifi, and websites on the host from the VM guest.

Firewalld actived on host with ssh and https services allowed - ssh and web browsing worked as before.

No nf/iptables jiggery-pokery, but static route on router required.

Perhaps not the most efficient solution, but I try to avoid too many firewall rules because they make my head spin :)

Don't think I've omitted any steps.

Does that help?

Best wishes,
Gareth

Gareth Evans

2024-05-07 01:20:02 UTC

Permalink

On Tue 07/05/2024 at 01:51, Gareth Evans <***@fastmail.fm> wrote:

I did miss a step.

Post by Gareth Evans
Start VM, check DHCP address assigned

should be

Post by Gareth Evans
Edit the VM NIC settings and choose your routed network connection from the "Network Source" dropdown. Apply changes.
Start VM, check DHCP address assigned

I actually deleted other vibrX devices and networks before starting, but I don't think that matters.

G

Geert Stappers

2024-05-07 20:30:01 UTC

Permalink

Post by Gareth Evans
I did miss a step.

Post by Gareth Evans
Start VM, check DHCP address assigned

should be

Post by Gareth Evans
Edit the VM NIC settings and choose your routed network connection from the "Network Source" dropdown. Apply changes.
Start VM, check DHCP address assigned

I actually deleted other vibrX devices and networks before starting, but I don't think that matters.
G

For the sake of the archive: Place _all_ steps in one email.
Preferable in reply to the original posting.

Groeten
Geert Stappers

--
Silence is hard to parse