virt-manager AKA Virtual Machine Manager is a very nice front end for KVM with many features.

In this post I will cover how to get bridged networking configured for virt-manager. Hopefully this process will be “automagic” in the future, but for now it remains manual.

This how-to assumes you have installed kvm and virt-manager already and that you are somewhat familiar with creating guests and adding hardware in virt-manager..

As an overview we must manually configure a bridge and adjust a few system settings. The exact steps vary if you are using a Fedora/Centos/RHEL or Debian/Ubuntu as a host OS.

You will loose network connectivity as you configure your bridge, so be prepared (you may wish to print our directions first).

Fedora/Centos/RHEL

1. Become root.

su -

2. Install tunctl (Fedora / Centos) or uml-utilities (Debian / Ubuntu).

yum install tunctl

sudo apt-get install uml-utilities

3. Disable NetworkManager. NetworkManager may interfere with your bridge (see the Ubuntu section below for additional comment).

Here I will use dhcp to obtain an ip address, you may configure the bridge with a static ip if you wish.

chkconfig NetworkManager off
chkconfig network on
service NetworkManager stop
service network start

4. Modify your network scripts. In Fedora these are located in the /etc/sysconfig/network-scripts directory.

Using any editor, edit your /etc/sysconfig/network-scripts/ifcfg-eth0 similar to this :

DEVICE=eth0
HWADDR=00:17:CC:EA:CB:A5
ONBOOT=yes
BRIDGE=br0

Note: You should NOT change your HWADDR (this is your NIC MAC).

Using any editor, edit your /etc/sysconfig/network-scripts/ifcfg-br0 similar to this :

DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
ONBOOT=yes
DELAY=0

5. Bring the network back up.

service network restart

6. Add a few rules to iptables.

One line :

echo “-I FORWARD -m physdev –physdev-is-bridged -j ACCEPT” > /etc/sysconfig/iptables-forward-bridged

Two – - in front of ” –custom-rules ” (wordpress renders them a single – )

lokkit –custom-rules=ipv4:filter:/etc/sysconfig/iptables-forward-bridged
service libvirtd reload

7. You can review your interfaces and bridge with

sudo ifconfig
sudo brctl show

Debian/Ubuntu

1. Install needed utilities :

apt-get -y install bridge-utils uml-utilities

2. Stop & remove NetworkManager. NetworkManager does NOT recognize bridges and so may bring eth0 up automatically removing it from the bridge in the process.

I know it sounds drastic to remove NetworkManager, but we are manually configuring our network, so NetworkManager is not needed. If you change your mind later and no longer wish to use a bridge, it is easy to re-install NetworkManager.

apt-get remove –purge network-manager network-manager-gnome

Note: If you prefer to disable NetworkManager, see the first comment to this post (Thank you Ante).

3. After removing NetworkManager, etit /etc/resolv.conf and add in your nameserver.

nameserver 192.168.0.1

You will need to use your nameserver (usually the ip of your router).

4. Bring down network.

sudo /etc/init.d/networking stop

Edit /etc/network/interfaces. With the exception of the lo interface, the file should be blank.

Edit the file to look like this :

auto lo
iface lo inet loopback

auto br0
iface br0 inet static
address 192.168.0.10
netmask 255.255.255.0
broadcast 192.168.0.255
gateway 192.168.0.1
bridge_ports eth0
bridge_stp off
bridge_maxwait 5

5. Bring network back up.

sudo /etc/init.d/networking start

6. You can review your interfaces and bridge with

sudo ifconfig
sudo brctl show

Using the bridge

Using the bridge is the same on Fedora and Ubuntu. Once you have manually created the bridge and brought the network back up, the option to use a bridged network card is now available in virt-manager (you may need to add a new interface to the guest) . The only caveat is virt-manager must be run as root. In Fedora you will be asked the root password when you start virt-manager. In Ubuntu use gksu

gksu virt-manager

Membership in the the libvirtd group (Ubuntu) alone, without running virt-manager as root, will not allow access to a bridged (virtual) interface in virt-manager.

In my next post I will show how to use a bridged network card without virt-manager using wrapper scripts for KVM.