Hi all, on my desktop system I want to make the VMs available to be seen by the network, which as far as I understand required me to bridge the virtual network to the physical device.
However after this, the physical device is no longer available for use by the host machine. I have asked about this before on discussion.fedoraproject.org but I couldn’t figure out how to make it work.
A new idea I have is to set to another VM or a firewall (Pi-Hole) which is bridged to the physical ethernet connection and somehow route the host VM through this. However after much Googling I cannot seem to figure this out either.
I have several virtual machines running on my server using bridging to the virtual virbr0 device. The host interface on my LAN is at 192.168.2.111 and my virbr0 device is in the subnet 192.168.124.0/24.
I simply added a dedicated route on my gateway router that told it the subnet 192.168.124.0 was to be directed to the 192.168.2.111 address and every other machine on my LAN is able to connect to the VMs at will.
For me virbr0 is on ip 192.168.122.0 with range 192.168.122.2 - 192.168.122.254, Forwarding: NAT
The physical connection ip address is 192.168.0.96. Just in case it adds more info:
ip route
default via 192.168.0.1 dev enp3s0 proto dhcp src 192.168.0.96 metric 100
default via 192.168.0.1 dev wlp5s0 proto dhcp src 192.168.0.138 metric 600
192.168.0.0/24 dev enp3s0 proto kernel scope link src 192.168.0.96 metric 100
192.168.0.0/24 dev wlp5s0 proto kernel scope link src 192.168.0.138 metric 600
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1
[naheemsays@fedora ~]$
I tried:
sudo ip route add 192.168.122.0/24 dev enp3s0
RTNETLINK answers: File exists
In the VM you have to define the networking as bridged via virbr0, then it will automatically be assigned an address in the 192.168.122.0/24 subnet.
Once that is done and you are no longer bridged to the physical interface it should just work for you.
You do not need to add a route on the host (which seems what you tried to do, and send it out via the ethernet), but on the gateway router for your LAN (which will direct contact from the LAN to your VM via the host IP). The output of ip route above shows the host already has the route to the 192.168.122.0 subnet, and that the host address on that subnet is 192.168.122.1.
On the VM, once the change is made and you reboot, you should see with ip addr that it now has an address on that subnet, and ip route should show the default route as going to 192.168.122.1 on the host.
The result should be
LAN → gateway → host ip → (forwarded to) IP of the VM on the 192.168.122.0/24 subnet
Your route add command above tried to send the 192.168.122.0/24 subnet via enp3s0 which is the physical interface facing the LAN while that subnet is already attached to virbr0 and already has a route via virbr0, which explains the ‘File exists’ message.
As I stated earlier, I only had to add the route on my gateway router to direct traffic from the LAN to the host containing the VM.
Do steps 1-5 before you fiddle with routing.
configure the VM to use bridged network via the virbr0 device and not NAT
boot the vm, and use ip addr to see what IP it is assigned (192.168.122.??)
From the VM ping the host at 192.168.122.1
From the VM ping the host at its LAN IP (192.168.0.96)
From the host ping the VM at the address discovered in #2 above. (192.168.122.??)
Only after all the above works, then establish the route on the gateway router, and from another machine ping the VM address. It should work.
Using NAT I experienced that I could get outward connection but for inward connections it did not work since NAT requires the VM establish the connection and does not accept connections that originate externally.
I also see this.
You have 2 different interfaces active on the same subnet at the same time, with routing via both. That config will often cause frustrating and difficult to trace network issues. It is normally suggested that you only ever have one interface active on one subnet at a time to avoid potential network issues. I suggest that you disable either the ethernet or the wifi and only leave one of those active. When you do the routing for the VM on the gateway you can only add one of those IPs anyway.
Thanks for sticking with me as I try to figure this out.
I have done steps 1-5.
For step 6 is it required to be a separate device as gateway? For me my PC is plugged straight into the router and the router doesnt allow configuring anything on there.
This works for bridge the VM connection, but then I cant use it for the host connection - I need a separate connection for that and as this is a desktop machine that is just hosting some VMs its important for it to have connectivity too.
I couldnt figure this out and since I had a spare ethernet card lying around, I decided to add that to my PC and use that for the Bridged VM connection.
Works for me but not perfect for others who may be trying to do the same thing - especially if they have a laptop, but I am closing this for now.
Below the connection i use locally on my computer. I check it with nmcli if they are running.
It should come up automatically if you make it as described in the link above.
If one of them is not green/not active you can start it with:
nmcli c up br0-port or nmcli c up br0
$ nmcli c
NAME UUID TYPE DEVICE
br0 xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx bridge br0
br0-port xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx ethernet enp0s25