Hi, I have only one ethernet port in a remote server. (eth0) I have a public address with x.x.x.164 netmask 255.255.255.240 gw x.x.x.161 and want to use in my guest OS the next available ip address (x.x.x.165 netmask 255.255.255.240 gw x.x.x.161) Is this posible with brctl to achieve this? I did a file called ifcfg-xenbr0 with: DEVICE=xenbr0 TYPE=Bridge BOOTPROTO=dhcp ONBOOT=yes then reboot, after that i use: # brctl addif xenbr0 eth0 I was connected to my remote server but problems begin when I assigned the x.x.x.165 ip addres to the guest OS with virt-manager to begin installation. I lost the remote connection. Maybe I miss something like this? : iptables -I FORWARD -m physdev ?physdev-is-bridged -j ACCEPT to avoid loosing the connection ? i'm still receiving ping from x.x.x.165 but x.x.x.164 :(
James B. Byrne
2010-Jun-25 20:49 UTC
[CentOS] [CentOS-virt] KVM with bridge in one interface
I am having a couple of iptables issues with this type of setup myself. The RH manual says to insert a rule into the FORWARD chain like this: -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT However, for the host does this not mean that every packet is accepted. As far as I can discern from the documentation, when one sets up a physically bridged network on a kvm host then every packet arrives across the bridge interface and, insofar as the host is concerned, anything that it does not orginate itself is forwarded. I may be wrong on this, but the behaviour of my ssh filters since putting that command in the FORWARD chain indicates that something along those lines is occurring. The i/f eth0 seems to have no relevence to iptables rules for the host instance. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
I am having a couple of iptables issues with this type of setup myself. The RH manual says to insert a rule into the FORWARD chain like this: -A FORWARD -m physdev --physdev-is-bridged -j ACCEPT However, for the host does this not mean that every packet is accepted. As far as I can discern from the documentation, when one sets up a physically bridged network on a kvm host then every packet arrives across the bridge interface and, insofar as the host is concerned, anything that it does not orginate itself is forwarded. I may be wrong on this, but the behaviour of my ssh filters since putting that command in the FORWARD chain indicates that something along those lines is occurring. The i/f eth0 seems to have no relevence to iptables rules for the host instance. -- *** E-Mail is NOT a SECURE channel *** James B. Byrne mailto:ByrneJB at Harte-Lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3
On Fri, Jun 25, 2010 at 3:26 AM, Armando Montiel <armando.montiel at gmail.com> wrote:> Hi, > > I have only one ethernet port in a remote server. (eth0) > > I have a public address with x.x.x.164 netmask 255.255.255.240 gw x.x.x.161I am assuming the above is assigned to the physical device eth0, right?>From your netmask information the following is your IP params for your subnet.Network range - x.x.x.160 - x.x.x.175 Usable range - x.x.x.161 - x.x.x.174> > and want to use in my guest OS the next available ip address (x.x.x.165 netmask 255.255.255.240 gw x.x.x.161) > > Is this posible with brctl to achieve this? > > I did a file called ifcfg-xenbr0 with: > > > DEVICE=xenbr0 > > TYPE=Bridge > > BOOTPROTO=dhcp > > ONBOOT=yes > > then reboot, after that i use: > > # brctl addif xenbr0 eth0 > > I was connected to my remote server but problems begin when I assigned the x.x.x.165 ip addres to the guest OS with > > virt-manager to begin installation. I lost the remote connection. Maybe I miss something like this? : > > iptables -I FORWARD -m physdev ?physdev-is-bridged -j ACCEPTYou have not disclosed how you are connecting to the "host" OS a priori your VM installation. Do you mean the above rule should be on the "host" OS? I don't think so unless you have enabled firewall on the host. I would suggest to disable the firewall until you are done with the VM setup.> > to avoid loosing the connection ? > > i'm still receiving ping from x.x.x.165 but x.x.x.164>From the above it appears you are doing Xen virtualization. I haveno experience with Xen but do with the Linux KVM and I do think that the basic networking fundamentals would be uniform, irrespective of the virt platform. (1) With Bridge, you cannot assign an IP to the physical interface, in your case eth0. (2) The IP number is assigned to the bridge instead, in your case x.x.x.164 would be assigned to the bridge. (3) My KVM setups need "tap" (tunctl) interfaces to be bound to the bridge interface. (4) The VM guest sees a regular NIC (as emulated by the host VM environment), which is bound to the "tap" interfaces on the host OS. The bridge being bound to the tap becomes the ethernet viaduct between the guest VM and the rest of the world. Therefore, I believe you need to move your host IP to the bridge, define a tap which is bound to the bridge and then present the tap to the VM in whichever way it is supposed to be for your virt. platform. HTH -- Arun Khan