Personal tools
You are here: Home Team Members Charles Amey Configuring qemu-kvm for bridged networking
 

Configuring qemu-kvm for bridged networking

by kc8hfi last modified Mar 27, 2012 11:03 AM

We want qemu-kvm to use bridged networking and have a normal user to be able to start up the virtual machines using these bridged interfaces.

Overview

Several steps are involved in making this happen:

  • Set up qemu-kvm for bridging
  • Configuring everything so that a normal user has the proper access
  • Configuring the network interfaces
  • configuring all necessary modules

Doing the Work

  1. Open a terminal and become root
    2. su --login root
  2. We want to use the linux ethernet bridge, so we need to install the bridge-utils package.  Execute the following to install it, and answer yes to install it and any necessary dependencies.  tunctl is needed to setup and maintain persistent tun/tap network inferfaces.  bridge-utils contains the utilities to configure bridging.
    3. yum install bridge-utils tunctl libvirt qemu-kvm
  3. NetworkManager can't deal with bridged interfaces.  We need to turn it off and disable it.  Then enable the regular network service.
    4. systemctl stop NetworkManager.service
  4. Disable NetworkManager.
    5. systemctl disable NetworkManager.service
  5. Enable the network service. 
    chkconfig network on
  6. Add a new bridge.  Substitute br0 with whatever name you want for the bridge.
    7. brctl addbr br0
  7. We need to create a script for the bridge interface.  Inside /etc/sysconfig/network-scripts, create a file called ifcfg-br0.  Change the DEVICE if you aren't going to use br0 for the name of your bridge
    8. # Networking Interface
DEVICE=br0
ONBOOT=yes
BOOTPROTO=dhcp
TYPE=Bridge
USERCTL=yes
NM_CONTROLLED=no
IPV6INIT=no
NAME="bridge"
PEERNTP=yes
  8. You will need to find out the name of your current network interface and the mac address of your network  card.  To get all of this information, execute
    9. ifconfig
    eth0      Link encap:Ethernet  HWaddr 00:12:34:56:78:90
  9. The first item there, eth0 is the device name of your interface. The stuff after the HWaddr is your mac address
  10. In /etc/sysconfig/network-scripts, create another file called ifcfg-<your device>.  Put the mac address in this file.  If your bridge is not called br0, substitute br0 with the correct name.  From the example above, the filename should be called ifcfg-eth0.
    11. DEVICE=<your device>
HWADDR=<your mac address,  ifconfig to get this>
NAME="<your device>"
NM_CONTROLLED=no
ONBOOT=yes
USERCTL=no
BRIDGE=br0
  11. Running programs as root is generally a bad idea, so we need to set things up so that your regular user account can run qemu.  The network bridge and the tap device all need to be up and running before you can run qemu.  Add the following to /etc/rc.d/rc.local to configure the tap interface, and bring it up.  Make sure you put YOUR USERNAME in where it says <your username>.  For example, if your username is fedora, then that line will look like:
    12. username=fedora
    #substitute tap0, br0, username to whatever your information is
    interface="tap0"
    bridge="br0"
    username="<your username>"
    
#add a tap interface owned by your user
    tunctl -u $username -t $interface
    
#add this interface to the bridge
    brctl addif $bridge $interface
    
#bring the interface up
    ifconfig $interface up
  12. Add yourself to the kvm group.  Make sure you put YOUR USERNAME in where it says <your username>.
    13. usermod -a -G kvm <your username>
  13. iptables will prevent the guest OS from getting access to the network.  More information about this issue can be found at https://bugzilla.redhat.com/show_bug.cgi?id=512206 Create a firewall rule to fix this:
    14. echo "-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT" > /etc/sysconfig/iptables-forward-bridged
  14. Load the new rule
    15. lokkit --custom-rules=ipv4:filter:/etc/sysconfig/iptables-forward-bridged
  15. restart the libvirtd daemon
    16. systemctl restart libvirtd.service
  16. Run the rc.local script, to configure the tap interface and add it to the bridge
    17. sh /etc/rc.d/rc.local
  17. For good measure, and to make sure everything works like it should on subsequent reboots, restart your system.
  18. If you do not reboot your box, you'll need to bring up everything
    19. systemctl start network.service
  19. Make sure the bridge is up and has an ip address.  Substitute br0 if you didn't use that name for the bridge
    20. ifconfig br0
  20. Make sure you have a tap0 interface
    21. ifconfig tap0

Troubleshooting

How to test

Start up a virtual machine with a network interface that is part of a bridge

  1. Start up a virtual machine.  
    2. qemu-kvm -hda <path to your image> -net nic -net tap,ifname=tap0,script=no,downscript=no

Disclaimer

We test this stuff on our own machines, really we do. But you may run into problems, if you do, come to #fedora on irc.freenode.net

 

Document Actions
Log in


Forgot your password?
New user?