How to give fixed IPs to guests (accessible from outside of host)?

Peng Yu pengyu.ut at
Wed Mar 12 22:54:45 UTC 2014

Hi Serge,

I have br0 correctly set up on my host.

ifconfig br0
br0       Link encap:Ethernet  HWaddr c8:1f:66:e2:90:49
          inet addr:  Bcast:  Mask:
          inet6 addr: fe80::ca1f:66ff:fee2:9049/64 Scope:Link
          RX packets:2738640 errors:0 dropped:4197 overruns:0 frame:0
          TX packets:211133 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:548029766 (548.0 MB)  TX bytes:149502426 (149.5 MB)

I have read the link that you pointed. But I don't understand why I
need the following steps.

The final step is to disable netfilter on the bridge:

 # cat >> /etc/sysctl.conf <<EOF
 net.bridge.bridge-nf-call-ip6tables = 0
 net.bridge.bridge-nf-call-iptables = 0
 net.bridge.bridge-nf-call-arptables = 0
 # sysctl -p /etc/sysctl.conf

It is recommended to do this for performance and security reasons. See
Fedora bug #512206. Alternatively you can configure iptables to allow
all traffic to be forwarded across the bridge:

# echo "-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT" >
# lokkit --custom-rules=ipv4:filter:/etc/sysconfig/iptables-forward-bridged
# service libvirtd reload

Here is what I have for the firewall on the host. Is netfilter just
for firewall?

$ sudo ufw app list
[sudo] password for pengy:
Available applications:
$ sudo ufw status
Status: inactive

Anyway, I used the following command to create a bridge virtual
machine. During the installation of ubuntu on the virtual machine, it
can not recognize network, so I have to manually put the IP address,
network mask, gateway, etc.

sudo virt-install -n web_devel_bridge -r 4096 --disk
path=$PWD/web_devel_bridge.img,bus=virtio,size=8 -c
../ubuntu-13.10-server-amd64.iso --network bridge=br0,model=virtio
--graphics vnc,listen= --noautoconsole -v

The rest of the steps are the same (as on Then, I can
ssh/ping the specified IP address of the virtual machine from the host
and I can ssh/ping the IP address of the host from the virtual
machine. But I'm not able to ping/ssh the IP address of the machine
outside the host.

Do you think this is a local network setup issue? Or a setup issue on
the host? Thanks.

On Wed, Mar 12, 2014 at 5:43 PM, Serge Hallyn <serge.hallyn at> wrote:
> Quoting Serge Hallyn (serge.hallyn at
>> Quoting Peng Yu (pengyu.ut at
>> > Hi,
>> >
>> >
>> >
>> > I followed the instructions and I'm able to create a host and access
>> > it. But its IP is something like 192.168.x.x, which is not accessible
>> > outside the host. Could anybody let me know how to create a guest with
>> > fixed IPs so that they can be accessed from outside? Thanks.
>> Not really, because it depends on your host and network setup.
>> But, the easiest way in general is to bridge a nic on your host
>> and use that bridge for your VMs.  Then the dhcp server serving
>> your host will handle your VMs and give them public IPs.
> In particular, see the Ubuntu section under
> -serge


More information about the ubuntu-server mailing list