Networking kvm/qemu stopped working

Ask Fedora
,
1

After having been working for a couple of ages networking suddenly stopped. I spend one afternoon with deepseek to set bridge networking up but after a restart it suddenly decide not to work.

Are these resource still current: https://www.linux-kvm.org/page/Networking, KVM Network Configuration ? As a search is useless as this has apparently been changing so many times I’m just looking for the definitive (2026) guide to setup qemu kvm with a network bridge in which the VMs can access the internet but the host (a laptop with wired ethernet) does not have to have access.

2

Create bridge

sudo nmcli connection add type bridge con-name br0 ifname br0

Add ethernet as slave

sudo nmcli connection add type bridge-slave con-name bridge-port1 ifname enp3s0 master br0

Disable old connection

sudo nmcli connection down "Wired connection 1"
sudo nmcli connection modify "Wired connection 1" connection.autoconnect no

Configure DHCP and disable STP

sudo nmcli connection modify br0 ipv4.method auto
sudo nmcli connection modify br0 bridge.stp no

Bring up bridge

sudo nmcli connection up br0

Configure libvirt

sudo mkdir -p /etc/qemu
echo "allow br0" | sudo tee /etc/qemu/bridge.conf
sudo systemctl restart libvirtd

/usr/local/bin/kvm-bridge-toggle:

#!/bin/bash
case "$1" in
    on)
        echo "Enabling KVM bridge mode..."
        sudo nmcli connection up bridge-eth0
        sudo nmcli connection up kvm-bridge
        echo "Bridge active. Your VMs can now use kvm-br0"
        ;;
    off)
        echo "Disabling KVM bridge mode..."
        sudo nmcli connection down kvm-bridge
        sudo nmcli connection down bridge-eth0
        echo "Bridge disabled. Back to Wi-Fi mode"
        ;;
    status)
        if nmcli connection show --active | grep -q kvm-bridge; then
            echo "KVM bridge is ACTIVE (Ethernet in use)"
        else
            echo "KVM bridge is INACTIVE (Wi-Fi in use)"
        fi
        ;;
    *)
        echo "Usage: $0 {on|off|status}"
        exit 1
        ;;
esac

/etc/docker/daemon.json:

{
  "bridge": "docker0",
  "iptables": true,
  "ip-forward": true,
  "userland-proxy": false,
  "fixed-cidr": "172.17.0.0/16"
}

Verify

ip addr show kvm-br0
# Should now show an IP address

bridge link show
# Should show eth0 as master

Fix Bridge Filtering

# IMPORTANT: Disable netfilter on the bridge
sudo sysctl -w net.bridge.bridge-nf-call-iptables=0
sudo sysctl -w net.bridge.bridge-nf-call-ip6tables=0
sudo sysctl -w net.bridge.bridge-nf-call-arptables=0

# Make permanent
echo "net.bridge.bridge-nf-call-iptables = 0" | sudo tee -a /etc/sysctl.d/99-bridge.conf
echo "net.bridge.bridge-nf-call-ip6tables = 0" | sudo tee -a /etc/sysctl.d/99-bridge.conf
echo "net.bridge.bridge-nf-call-arptables = 0" | sudo tee -a /etc/sysctl.d/99-bridge.conf

# Apply immediately
sudo sysctl --system
1 Like
3

If you want to set up a bridged network you need to create the bridge outside kvm and libvirt. The google search would be for “set up bridge network with NetworkManager”.

libvirt will then recognize the bridge and you can set up a bridged connection instead of the default NAT configuration.

Notice, bridged network doesn’t work with wifi, so I’ve read.

4

If using multiple VMs and each needs the bridged access then you should create a separate bridge device for each of the VMs to avoid issues. Each of the bridge devices should get its own IP for the LAN.

5

One bridge can be used by all VMs in my experience.
Each VMs gets its own MAC address and thus DHCP will hand out a unique IP to each VM.

What issues are you expecting?

2 Likes
6

I guess I was relating that to the way multiple IPs were created on a single interface in the past, before NM and assignable MACs were used.
This old fogie is not 100% used to the way interfaces and bridges work now. Too much newfangled tech for me to stay 100% on top of everything.

I should have known better since my VMs each create a discrete vnet when running and all are linked to the virbr0 device.