[libvirt-users] Setup a network

Felix Blanke felixblanke at gmail.com
Thu Mar 15 09:13:27 UTC 2012 

On 3/15/12 9:22 AM, Martin Kletzander wrote:
 > On 03/14/2012 10:24 PM, Felix Blanke wrote:
 >> Hello,
 >>
 >> this isn't a bug report or an advanced usage question. This is just a
 >> question from a noob who is new to kvm and needs some help to setup a
 >> network between the host and the guests. If you're willing to spend a
 >> little time to help me out please continue reading :)
 >
 > Even though "mail from mailing list with attachment" scared me a little,
 > I might have had similar need as you, so I continue =)

Hello,

I'm glad you had the courage to continue :)

 >
 >> See the attached image for more information. I have a host running with
 >> a public ip adress. I want to setup some vm for different tasks
 >> (webserver, mailserver, database, fileserver). I need to setup a network
 >> where the host can speak to the guests, the guest can speak to each
 >> other and the guests can speak to the host (meaning to the internet).
 >> The host also works as a firewall.
 >>
 >> Some examples:
 >>
 >> A) A package for the webserver (port 80) needs to be routed fron the
 >> host to the vm1.
 >>
 >> B) The mailserver needs to access the database.
 >>
 >> C) The mailserver needs to access the internet for sending an email.
 >>
 >> So every vm needs one interface. I don't know if it would work if I
 >> setup one virtual switch for the guest interconnections and use the host
 >> as a router to route the different ports to the vm interfaces.
 >>
 >
 > You are very lucky. The default libvirt installation comes with a
 > 'default' network. You should be able to see it using "virsh net-list
 > --all". To this network, you can attach a card from the guest and it
 > provides NAT as well as DHCP (both by default).
 > If you modify an interface in the guest so it is a<interface
 > type='network'/>  and has<source network='default'/>, it is virtually
 > plugged to this network and all the interfaces can see each other and
 > access the internet.
 > Example from my guest configuration:
 >
 > <interface type='network'>
 >   <mac address='52:54:00:37:a1:0c'/>
 >   <source network='default'/>
 >   <address type='pci' domain='0x0000' bus='0x00' slot='0x07' 
function='0x0'/>
 > </interface>
 >
 > The way this is done is using iptables (and ebtables if needed and I'm
 > not wrong), so you can then see it in the system. Libvirt applies these
 > rules automatically when the network is started (I have it set to
 > autostart).There is also some filtering (firewall) available but I have
 > no experience with this.
 >
 > Everything can be done by "virsh edit", "virsh net-edit" etc. For more
 > and deeper information about network configuration, have a look at these
 > two pages, I hope you find everything you need there:
 >
 > http://libvirt.org/formatnetwork.html
 > http://libvirt.org/formatnwfilter.html

So I could use something like "virt-install ... --network=default"? The 
problem with that was I couldn't find a switch to set the lease time to 
forever or configure the build in dhcp to map "mac -> ip address". Do 
you know a way to configure this?

I will try to setup my network using your description after the weekend. 
Thanks for your help so far!

 >
 > One more thing though, if you are missing this functionality on
 > self-compiled libvirt, don't forget the --with-network parameter for
 > when configuring the source.
 >

Thanks for that hint. I'm using gentoo and allready had the correct use 
flag set :)

 >> I hope this wasn't so confusing :) What would be the best way to
 >> accomplish my goal using virt-install and virsh. Thanks for everyone who
 >> is trying to help me out.
 >>
 >>
 >> Kind regards,
 >> Felix
 >
 > Have a nice day
 > Martin

More information about the libvirt-users mailing list