KVM & bridging

pattonb

greetings, I have become confused or deluded. Nonetheless, what I am trying to accomplish is a simple
kvm virtualized setup, The Host has a static routable IP, and all traffic to be forwarded to a firewall/router, then nat'ed to
2 or 3 vms. The vms need to be reachable from the Internet (outside). I thought I could set this up on a local lan, and simulate a 'real production' type of deployment. I have used 192.168.23.5/24 as the static ip. This is how far I have been able to get. the hostname's reflect the function of the box. I think I may have read to many guides/tutorials, that cover too many years. I am also trying to do this with cli only, as generally when I do things this way, I develop a better understanding of the pieces and how they interact. I am struggling on completing the bridge part. I thought I could just apply the static ip (192.168.23.5) to the interface of the firewall/router and connect it to the bridge. However I ahve not had any success in doing that and turn to this group for guidance.

and the info from the host ( I have removed any reference to other nic's that won't be used on the host)
root@host:~# ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eno1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
link/ether 78:2b:cb:1e:fc:c8 brd ff:ff:ff:ff:ff:ff
7: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN group default qlen 1000
link/ether fe:54:00:42:e4:ff brd ff:ff:ff:ff:ff:ff
8: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 78:2b:cb:1e:fc:c8 brd ff:ff:ff:ff:ff:ff
inet 192.168.23.5/24 brd 192.168.23.255 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::7a2b:cbff:fe1e:fcc8/64 scope link
valid_lft forever preferred_lft forever

and the firewall/router

any/all advice is appreciated.

black3dynamite

How about using this setup instead?

Internet > Firewall/router > KVM host > VM1 and VM2

And then use port forward to access your VMs?

travisdh1

@pattonb Well, first of all, you need 2 adapters assigned to a firewall/router. If you don't have a 2nd IP available, you'll need to assign the public IP to the firewall/router vm, or just accept that your virtual host will have to hand the firewall/routing for the network.

It's generally not required to setup a bridge when using a single network adapter (physical or virtual adapters). Setting up a virtual adapter should be quite easy: https://linuxconfig.org/how-to-configure-virtual-network-interface-on-redhat-7-linux

travisdh1

@black3dynamite said in KVM & bridging:

How about using this setup instead?

Internet > Firewall/router > KVM host > VM1 and VM2

And then use port forward to access your VMs?

I'm guessing, @pattonb will have to answer for sure, that it's a server he's renting or doesn't have physical access to for whatever reason. I've done the same sort of setup with my rental server I use as a home lab box, but I have 5 IP addresses, which makes it a little easier to get setup initially.

JaredBusch

Define “bridged”