In the default KVM configuration, all connections to the VM go through the KVM host via a NAT mechanism.
With this setting, a VM can access outside but not the opposite which is a very limited configuration.
It’s better to set up a bridged configuration. Furthermore, this configuration only requires one network card.
Install the bridge-utils package:
# yum install -y bridge-utils
Create the file /etc/sysconfig/network-scripts/ifcfg-br0 file and add the following lines (here 192.168.1.5 is the host KVM IP address, 192.168.1.1 is the gateway IP address, the KVM host is the DNS server):
DEVICE="br0" BOOTPROTO="static" IPADDR=192.168.1.5 NETMASK=255.255.255.0 GATEWAY=192.168.1.1 DNS1=192.168.1.5 IPV6INIT="yes" IPV6_AUTOCONF="yes" NM_CONTROLLED="no" ONBOOT="yes" TYPE="Bridge" DELAY="0"
Note: parameters are case sensitive: specify “Bridge” and not “bridge“.
Edit the /etc/sysconfig/network-scripts/ifcfg-eth0 and put the following lines:
DEVICE=eth0 ONBOOT=yes BRIDGE=br0 TYPE=Ethernet BOOTPROTO=static NM_CONTROLLED=no
If a file called /etc/sysconfig/network-scripts/ifcfg-Auto_eth0 exists, remove it:
# rm /etc/sysconfig/network-scripts/ifcfg-Auto_eth0
Stop the NetworkManager:
# service NetworkManager stop
Disable the NetworkManager at boot:
# chkconfig NetworkManager off
Restart the network configuration:
# service network restart
Activate the network service at boot:
# chkconfig network on
Activate the NTP service at boot:
# chkconfig ntpd on
Start the NTP service:
# service ntpd start
To allow connections between VM and outside, edit the /etc/sysconfig/iptables and add the following lines before the last 3 lines:
-A INPUT -i virbr0 -j ACCEPT -A INPUT -i br0 -j ACCEPT -A INPUT -m state --state NEW -m tcp -p tcp --dport 5900:5905 -j ACCEPT -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
Restart the firewall configuration:
# service iptables restart
You can find additional information on the Libvirt website or on the IBM website.
Leave a Reply
You must be logged in to post a comment.