KVM network configuration issue
Michael.Zoet at zoet.de
Thu May 10 18:26:54 UTC 2012
> Hi all.
> I have a KVM guest webserver VWEB which I want to give an external IP.
> I would like to connect a cable between my host's eth3 and my company FW.
> VWEB should use eth3 on the host. And inside VWEB, i want to assign
> the fixed external IP.
> Anyone knows how to do this?
I think this is not possible with KVM because it exclusively uses
bridging for network connections. But I may be wrong with it.
Have you tried to exclusively assign eth3 to the VWEB VM? I tried this
in the past with Xen (works great ;-) ) and with KVM (does not work for
me with Intel quad port cards and at least 10.04 :-( ). I think it is
easier than setting this up with a bridge.
I have a similar setup with only one NIC. Maybe if you can assign eth3
somehow to this setup it might work.
(in my setup the KVM server works as a router/firewall, so it sees all
traffic to the VMs through eth0)
What you may try:
- setup a bridge in /etc/network/interfaces which is in a private
subnet, with a route to the public IP:
iface bridge01 inet static
pre-up brctl addbr $IFACE
post-up route add -host <PUBLIC_IP> $IFACE
post-down brctl delbr $IFACE
- assign bridge01 to your VM VWEB as a NIC
- configure in your VWEB VM the NIC in /etc/network/interfaces:
# The primary network interface of VWEB
iface eth0 inet static
So far you can reach VWEB through the public IP but traffic is routed
through the KVM server. Not what you wanted I know but it works this way
;-). Your KVM server must have IP forwarding enabled. If you use
iptables firewall and your default policy is drop for the FORWARD chain,
you need some firewall rules to pass the network traffic from and to
I am not sure how to setup eth3 in a way that the traffic is only seen
by your VWEB VM. In my opinion it should be enough to assign eth3 to
bridge01 and configure eth3 accordingly. Maybe I am wrong with it and
there is some more config stuff to do.
Perhaps it helps,
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ubuntu-server