From mboxrd@z Thu Jan 1 00:00:00 1970 From: "David S. Ahern" Subject: Re: kvm networking part last Date: Mon, 28 Jun 2010 17:06:38 -0600 Message-ID: <4C292AFE.1040005@cisco.com> References: <796407.69741.qm@web95604.mail.in.yahoo.com> Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Cc: kvm@vger.kernel.org To: SuNeEl Return-path: Received: from sj-iport-3.cisco.com ([171.71.176.72]:44275 "EHLO sj-iport-3.cisco.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751239Ab0F1XFF (ORCPT ); Mon, 28 Jun 2010 19:05:05 -0400 In-Reply-To: <796407.69741.qm@web95604.mail.in.yahoo.com> Sender: kvm-owner@vger.kernel.org List-ID: On 06/28/10 16:26, SuNeEl wrote: > I have been trying desperately to achieve virtual networking with kvm, but = > some how I failed each time.. rather lot of unclear tutorial using differen= > t methods achieving common goals made me confuse like bridging, vmnet, tun,= > etc etc routing ,iptable forward everything in a one pipe ... but before I= > give up i just thrown this question before you guys > > > Host-----------------guest1------------------guest2------------guest3 > 192.168.1.1 192.168.1.3 192.168.1.4 192.168.1.5 > eth0 > > I wanted to use host eth0 to ssh on all guest + dont want to lose connectiv= > ity to host as well. > > tell me if this is a dream in one shoot so I give up looking more positi= > veness in virtual networking I use both direct connect and host-only networking setups. In both cases qemu is configured to use tap devices (-net tap). VM's directly connected to LAN: .------. .------. .------. | VM 1 | | VM 2 | ... | VM N | '------' '------' '------' | | | .------. .------. .------. | tap | | tap | ... | tap | '------' '------' '------' | | | '-------------------------- | .-------. | br0 | '-------' | .-------. | eth0 | '-------' | LAN <--------------------------------------> Host-side configuration: /etc/sysconfig/network-scripts/ifcfg-eth0: DEVICE=eth0 ONBOOT=yes BRIDGE=mainbr0 /etc/sysconfig/network-scripts/ifcfg-mainbr0 DEVICE=mainbr0 ONBOOT=yes BOOTPROTO=dhcp In this case the VMs show up on the LAN just like any other node. I also have the option to connect VM's to a host-only network: .------. .------. .------. | VM 1 | | VM 2 | ... | VM N | '------' '------' '------' | | | .------. .------. .------. | tap | | tap | ... | tap | '------' '------' '------' | | | '-------------------------- | .-------. .----------. | br1 |<---| iptables | '-------' '----------' | | v .-------. | eth0 | '-------' LAN | <--------------------------------------> For br1, I chose to manually create it at boot time using an rc-script: brctl addbr hostbr1 ifconfig hostbr1 netmask up VM access to off-box resources is handled through iptables: iptables -t nat -A PREROUTING -i hostbr1 -j ACCEPT Direct access to a VM is handled by port redirection: iptables -t nat -A PREROUTING -p tcp --dport \ -j DNAT --to-destination :22 iptables -t nat -A PREROUTING -p tcp --dport 2022 \ -j DNAT --to-destination 169.254.1.2:22 e., ssh -p 2022 user@host is redirected to port 22 for the VM with the IP 169.254.1.2. Which networking setup (or both in some cases) I use for specific VM depends on the purpose of the VM. David