How to give fixed IPs to guests (accessible from outside of host)?

Peng Yu pengyu.ut at gmail.com
Wed Mar 12 22:54:45 UTC 2014 

Hi Serge,

I have br0 correctly set up on my host.

ifconfig br0
br0       Link encap:Ethernet  HWaddr c8:1f:66:e2:90:49
          inet addr:175.91.242.203  Bcast:175.91.247.255  Mask:255.255.248.0
          inet6 addr: fe80::ca1f:66ff:fee2:9049/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:2738640 errors:0 dropped:4197 overruns:0 frame:0
          TX packets:211133 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:548029766 (548.0 MB)  TX bytes:149502426 (149.5 MB)

I have read the link that you pointed. But I don't understand why I
need the following steps.

~~~
The final step is to disable netfilter on the bridge:

 # cat >> /etc/sysctl.conf <<EOF
 net.bridge.bridge-nf-call-ip6tables = 0
 net.bridge.bridge-nf-call-iptables = 0
 net.bridge.bridge-nf-call-arptables = 0
 EOF
 # sysctl -p /etc/sysctl.conf

It is recommended to do this for performance and security reasons. See
Fedora bug #512206. Alternatively you can configure iptables to allow
all traffic to be forwarded across the bridge:

# echo "-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT" >
/etc/sysconfig/iptables-forward-bridged
# lokkit --custom-rules=ipv4:filter:/etc/sysconfig/iptables-forward-bridged
# service libvirtd reload
~~~

Here is what I have for the firewall on the host. Is netfilter just
for firewall?

~~~
$ sudo ufw app list
[sudo] password for pengy:
Available applications:
  OpenSSH
$ sudo ufw status
Status: inactive
~~~

Anyway, I used the following command to create a bridge virtual
machine. During the installation of ubuntu on the virtual machine, it
can not recognize network, so I have to manually put the IP address,
network mask, gateway, etc.

sudo virt-install -n web_devel_bridge -r 4096 --disk
path=$PWD/web_devel_bridge.img,bus=virtio,size=8 -c
../ubuntu-13.10-server-amd64.iso --network bridge=br0,model=virtio
--graphics vnc,listen=0.0.0.0 --noautoconsole -v

The rest of the steps are the same (as on
https://help.ubuntu.com/13.10/serverguide/libvirt.html). Then, I can
ssh/ping the specified IP address of the virtual machine from the host
and I can ssh/ping the IP address of the host from the virtual
machine. But I'm not able to ping/ssh the IP address of the machine
outside the host.

Do you think this is a local network setup issue? Or a setup issue on
the host? Thanks.


On Wed, Mar 12, 2014 at 5:43 PM, Serge Hallyn <serge.hallyn at ubuntu.com> wrote:
> Quoting Serge Hallyn (serge.hallyn at ubuntu.com):
>> Quoting Peng Yu (pengyu.ut at gmail.com):
>> > Hi,
>> >
>> > https://help.ubuntu.com/13.10/serverguide/libvirt.html
>> >
>> > I followed the instructions and I'm able to create a host and access
>> > it. But its IP is something like 192.168.x.x, which is not accessible
>> > outside the host. Could anybody let me know how to create a guest with
>> > fixed IPs so that they can be accessed from outside? Thanks.
>>
>> Not really, because it depends on your host and network setup.
>> But, the easiest way in general is to bridge a nic on your host
>> and use that bridge for your VMs.  Then the dhcp server serving
>> your host will handle your VMs and give them public IPs.
>
> In particular, see the Ubuntu section under
>
> http://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29
>
> -serge



-- 
Regards,
Peng

More information about the ubuntu-server mailing list