Presentation
In the default KVM configuration, all connections to the VM go through the KVM host via a NAT mechanism (Network Address Translation).
With this setting, a VM can access outside but not the opposite which is a very limited configuration.
It’s better to set up a bridged configuration. Furthermore, this configuration doesn’t require any additional network card.
Before going any further, you can decide to restore the old naming convention for your network interface card (for example eth0 instead of enp2s0).
Bridge configuration
Install the bridge-utils package (if not already there):
# yum install -y bridge-utils
Stop the Firewalld service:
# systemctl disable firewalld # systemctl stop firewalld
Note: Firewalld needs NetworkManager to define which network interface a packet is coming from. As we are going to stop NetworkManager, Firewalld should be stopped too.
Stop the NetworkManager service:
# systemctl mask NetworkManager # systemctl mask NetworkManager-dispatcher # systemctl stop NetworkManager
Note: As NetworkManager is a dbus-activated service, disabling it is not enough to be sure that it will not restart any more. Masking needs to be done before stopping, otherwise you won’t be sure it is really stopped. NetworkManager-dispatcher is a service run by NetworkManager to start or stop services according to network interfaces going up or down.
Start the network service:
# systemctl start network # chkconfig network on
Note: At this point you may need to rename IPADDR0 in IPADDR, NETMASK0 in NETMASK and GATEWAY0 in GATEWAY in the /etc/sysconfig/network-scripts/ifcfg-eth0 file (if your interface is called eth0), otherwise you won’t get any default gateway (Test done with CentOS 7.4).
Create a bridge called br0 (here the physical interface is eth0):
# virsh iface-bridge eth0 br0
Alternatively, you can manually create the bridge as follows:
Rename the ifcfg-eth0 configuration file in ifcfg-br0:
# cd /etc/sysconfig/network-scripts # mv ifcfg-eth0 ifcfg-br0
Edit the ifcfg-br0 file:
DEVICE=br0 ONBOOT=yes TYPE=Bridge BOOTPROTO=none IPADDR=192.168.1.5 NETMASK=255.255.255.0 GATEWAY=192.168.1.1 IPV6INIT=yes IPV6_AUTOCONF=yes DHCPV6=no STP=on DELAY=0 DNS1=192.168.1.1 DOMAIN=example.com
Create the new ifcfg-eth0 file:
DEVICE=eth0 ONBOOT=yes BRIDGE=br0 HWADDR="XX:XX:XX:XX:XX:XX"
Now, you need to reboot to get your bridge working.
Additional resources
You can find additional information on the Libvirt website.
Fedora Magazine published an article about Building a network bridge with Fedora.
Hello CertDepot,
First I want to say that this is the most helpful site I ever seen regarding RHEL certifications and I am grateful that it exists !
I want to share my experience with this topic.
During my attempts to setup a lab I had issues setting up the networking for the KVM host. Maybe because I installed the system with GUI (“Server with GUI” option from the installer) I had to disable the NetworkManager service and work with the network service which did the magic for me. Find below how I did the setup:
# systemctl stop NetworkManager.service
# systemctl disable NetworkManager.service
and the setup for the network interfaces:
[root@hvhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=”br0″
BOOTPROTO=”static”
IPADDR=192.168.1.50
NETMASK=255.255.255.0
GATEWAY=192.168.1.1
DNS1=192.168.1.1
IPV6INIT=”yes”
IPV6_AUTOCONF=”yes”
ONBOOT=”yes”
TYPE=”Bridge”
DELAY=”0″
[root@hvhost ~]#
[root@hvhost ~]# cat /etc/sysconfig/network-scripts/ifcfg-eth0
TYPE=Ethernet
NAME=eth0
UUID=xxxxxx-e062-4e99-xxxx-39ca3e89c54d
ONBOOT=yes
HWADDR=XX:XX:XX:XX:XX:XX
BRIDGE=br0
[root@hvhost ~]#
Hello, I tried to make the bridge in CentOS but here’s the problem:
[root@localhost night]# systemctl disable NetworkManager
[root@localhost night]# systemctl stop NetworkManager
[root@localhost night]#
[root@localhost night]# systemctl stop NetworkManager
[root@localhost night]# systemctl start network
Job for network.service failed. See ‘systemctl status network.service’ and ‘journalctl -xn’ for details.
[root@localhost night]# systemctl status network.service
network.service – LSB: Bring up/down networking
Loaded: loaded (/etc/rc.d/init.d/network)
Active: failed (Result: exit-code) since Sun 2015-03-01 17:15:05 EET; 17s ago
Process: 4155 ExecStart=/etc/rc.d/init.d/network start (code=exited, status=1/FAILURE)
Mar 01 17:15:05 localhost.localdomain network[4155]: RTNETLINK answers: File exists
Mar 01 17:15:05 localhost.localdomain network[4155]: RTNETLINK answers: File exists
Mar 01 17:15:05 localhost.localdomain network[4155]: RTNETLINK answers: File exists
Mar 01 17:15:05 localhost.localdomain network[4155]: RTNETLINK answers: File exists
Mar 01 17:15:05 localhost.localdomain network[4155]: RTNETLINK answers: File exists
Mar 01 17:15:05 localhost.localdomain network[4155]: RTNETLINK answers: File exists
Mar 01 17:15:05 localhost.localdomain network[4155]: RTNETLINK answers: File exists
Mar 01 17:15:05 localhost.localdomain systemd[1]: network.service: control process exi…=1
Mar 01 17:15:05 localhost.localdomain systemd[1]: Failed to start LSB: Bring up/down n…g.
Mar 01 17:15:05 localhost.localdomain systemd[1]: Unit network.service entered failed …e.
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost night]# chkconfig network on
[root@localhost night]# virsh iface-bridge eth0 br0
error: An error occurred, but the cause is unknown
I tried to restore the old naming convention the network interface card but same happens.
I suspect the virsh iface-bridge command to trigger problems.
Hello,
In this step you mention to disable nm+firewalld,
However in the subsequent step (setup local repo), you mention how to allow http traffic through the firewall. Should either of these two services be renabled, or was it an error on the other page?
Thanks,
Travis
It was an error. Right now, NetworkManager and Firewalld don’t work very well with KVM virtualization. I fixed this error thanks to you. Thank you.
Awesome, thanks!
why you are running
“chkconfig network on”
after starting network with systemd? Shouldn’t it be rather “systemctl enable network”?
Try to execute the systemctl enable network command and you will see that this command doesn’t work. There is certainly a more “Systemd” way to do it but I don’t know it!
Hello guys, I am going to buy below laptop. Can I setup my rhce and KVM labs using this laptop? Please share your advice. Thank you!
==============================================
Toshiba Satellite S70-BBT2N23 Laptop @ $740.99
==============================================
– 4th Generation Intel® Core™ i7-4720HQ Processor (6M Cache, up to 3.60 GHz)
– Windows 8.1
– 12GB DDR3L 1600MHz (8GB + 4GB)
– 500GB HDD (5400rpm, Serial ATA)
– 17.3″ HD+ TruBrite® LED Backlit display (1600×900)
– DVD SuperMulti (+/-R double layer) drive
– Premium Raised Tile Keyboard (black)
– Wi-Fi® Wireless networking (802.11b/g/n)+ Bluetooth 4.0
– McAfee Live Safe™ (30-day trial)
– 1 Year Standard Limited Warranty (1 Year on Battery)
Except if you encounter driver problems when installing RHEL 7 or CentOS 7 which may trigger Wifi/Ethernet difficulties, the technical specifications of the laptop are fine: the CPU is pretty powerful and has all the virtualization capabilities (VT-x and VT-d), KVM with 500GB of disk space and 12GB of memory is more than necessary.
Thank CertDepot Admin!
You are wellcome!
After starting the network service you indicate we should update “/etc/sysconfig/network-config/ifcfg-eth0” is this a typo? I expect the ifcfg-eth0 file to be in “/etc/sysconfig/network-scripts”, I am not familiar with the “network-config” directory. (I am using Centos 7.0-1406)
Yes, it was a typo. It’s now fixed. Thanks.