virt-manager AKA Virtual Machine Manager is a very nice front end for KVM with many features.
In this post I will cover how to get bridged networking configured for virt-manager. Hopefully this process will be “automagic” in the future, but for now it remains manual.
This how-to assumes you have installed kvm and virt-manager already and that you are somewhat familiar with creating guests and adding hardware in virt-manager.
As an overview we must manually configure a bridge and adjust a few system settings. The exact steps vary if you are using a Fedora/Centos/RHEL or Debian/Ubuntu as a host OS.
You will loose network connectivity as you configure your bridge, so be prepared (you may wish to print our directions first).
Fedora/Centos/RHEL
1. Become root.
su -
2. Install tunctl (Fedora / Centos) or uml-utilities (Debian / Ubuntu).
yum install tunctl
sudo apt-get install uml-utilities
3. Disable NetworkManager. NetworkManager may interfere with your bridge (see the Ubuntu section below for additional comment).
Here I will use dhcp to obtain an ip address, you may configure the bridge with a static ip if you wish.
chkconfig NetworkManager off
chkconfig network on
service NetworkManager stop
service network start
4. Modify your network scripts. In Fedora these are located in the /etc/sysconfig/network-scripts directory.
Using any editor, edit your /etc/sysconfig/network-scripts/ifcfg-eth0 similar to this :
DEVICE=eth0
HWADDR=00:17:CC:EA:CB:A5
ONBOOT=yes
BRIDGE=br0
Note: You should NOT change your HWADDR (this is your NIC MAC).
Using any editor, edit your /etc/sysconfig/network-scripts/ifcfg-br0 similar to this :
DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes
DELAY=0
5. Bring the network back up.
service network restart
6. Add a few rules to iptables.
One line :
echo “-I FORWARD -m physdev --physdev-is-bridged -j ACCEPT” > /etc/sysconfig/iptables-forward-bridged
lokkit --custom-rules=ipv4:filter:/etc/sysconfig/iptables-forward-bridged
service libvirtd reload
7. You can Review your interfaces and bridge with
sudo ifconfig
sudo brctl show
Debian/Ubuntu
1. Install needed utilities :
apt-get -y install bridge-utils uml-utilities
2. Stop & remove NetworkManager. NetworkManager does NOT recognize bridges and so may bring eth0 up automatically removing it from the bridge in the process.
I know it sounds drastic to remove NetworkManager, but we are manually configuring our network, so NetworkManager is not needed. If you change your mind later and no longer wish to use a bridge, it is easy to re-install NetworkManager.
apt-get remove --purge network-manager network-manager-gnome
Note: If you prefer to disable NetworkManager, see the first comment to this post (Thank you Ante).
3. After removing NetworkManager, edit /etc/resolv.conf and add in your nameserver.
nameserver 192.168.0.1
You will need to use your nameserver (usually the ip of your router).
4. Bring down network.
sudo /etc/init.d/networking stop
Edit /etc/network/interfaces. With the exception of the lo interface, the file should be blank.
Edit the file to look like this :
auto lo
iface lo inet loopback
auto br0
iface br0 inet static
address 192.168.0.10
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.1
bridge_ports eth0
bridge_stp off
bridge_maxwait 5
5. Bring network back up.
sudo /etc/init.d/networking start
6. Review your interfaces and bridge with
sudo ifconfig
sudo brctl show
Using the bridge
Using the bridge is the same on Fedora and Ubuntu. Once you have manually created the bridge and brought the network back up, the option to use a bridged network card is now available in virt-manager (you may need to add a new interface to the guest) . The only caveat is virt-manager must be run as root. In Fedora you will be asked the root password when you start virt-manager. In Ubuntu use gksu
gksu virt-manager
Membership in the the libvirtd group (Ubuntu) alone, without running virt-manager as root, will not allow access to a bridged (virtual) interface in virt-manager.
In my next post I will show how to use a bridged network card without virt-manager using wrapper scripts for KVM.
No need to remove/uninstall/whatever with NetworkManager. Just setup eth0:
iface eth0 inet manual
Thank you for the information, I am sure that will help if people do not wish to remove NetworkManager.
Pingback: Shadows of epiphany » Blog Archive » virt-manager bridged networking « Networking
Pingback: Shadows of epiphany » Blog Archive » KVM network scripts
> Membership in the the libvirtd group (Ubuntu) alone, without running virt-manager as root, will not allow access to a bridged (virtual) interface in virt-manager.
This is not true (at least, on Ubuntu, today). virt-manager will work when the user is in the libvirtd group. Regardless of this, under Ubuntu you won’t be able to create a domain connected to a bridge if you are connected remotely with virt-manager, since libvirtd doesn’t allow the network interfaces to be listed – see bug https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/520386
What a helpful post!Thanks for your post.
In the newly ubuntu release (or the newly libvirt version),the normal user account will be added to the libvirtd group automaticly, so you won’t need to run virt-manager as root.