April 14, 2014

How To Configure KVM Virtual Machine Network

Background

Here I will configure a KVM host with virtual machines to be accessible from a local network.

This can be achieved in two ways by configure on KVM host machine:

  • A network bridge
  • Configure iptables as a router, which will forward traffic to virtual machines.

The easiest way is to use a network bridge, since then both desktop and virtual machines will be on the same subnet.

Prerequisite

Here we will configure the KVM host machine network configuration, manually, so we start by disable the NetworkManager

service NetworkManager stop
chkconfig NetworkManager off

KVM Host Network Bridge Configuration

/etc/sysconfig/network-scripts/ifcfg-eth0

DEVICE=eth0
TYPE=Ethernet
HWADDR=64:70:02:11:d9:83
NM_CONTROLLED=no
ONBOOT=yes
BRIDGE=br0

Above we have disabled NetworkManager (NM_CONTROLLED=no) and is using a Bridge.

/etc/sysconfig/network-scripts/ifcfg-br0

DEVICE=br0
TYPE=Bridge
ONBOOT=yes
DELAY=0
IPV6INIT=no
BOOTPROTO=none
IPADDR=192.168.1.10
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1

Above have we configured a static IP (BOOTPROTO=none) and assigned IP, Gateway and DNS.

KVM Host iptables

Since we are not using the second alternative with routing, the KVM host machines iptables configuration is the same as default.

$ cat /etc/sysconfig/iptables

# Firewall configuration written by system-config-firewall
# Manual customization of this file is not recommended.
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT

After editing/creating files you might need to restore SELinux security contexts.

restorecon -RFv /etc/sysconfig/network-scripts/*

And finally restart network on KVM host

service network restart

Virtual Macines Network Configuration

The last part is to configure the virtual machine network. This is easiest achieved with the virt-manager.

For an existing virtual machine.

And for a new.

Inside the Virtual Machine

Inside the virtual machine you can configure either a static IP or a dynamic one. The easiest way is to use the tool system-config-network-tui.

Test

And finally test to ping the virtual machine (virtual1) from the desktop.

Reference

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)