1. Forum
  2. Usenet
  3. LINUX.DEBIAN.USER

  • Kvm Bridge Network Problem

    From Stephen P. Molnar@21:1/5 to All on Sat May 4 22:30:02 2024
    This is a multi-part message in MIME format.
    I am running Bookworm on my main platform. After quite a bit of googling
    and many errors and much head scratching I have managed to follow the instructions in:

    https://www.cyberciti.biz/faq/how-to-add-network-bridge-with-nmcli-networkmanager-on-linux/
    .

    I have currently implicated this on a Windows 10 client. However, there
    still remains a problem. After the first restart of the Windows client
    the internet was accessible. However, a problem arose after I
    successfully installed br0 (copy attached). I was able to use the LAN
    printer and the 40" TV , but could not access the Host.

    I'm sure that I have missed something, but I don't know what.

    Guidance to a solution to the problem would be appreciated.

    Thanks in advance,

    --
    Stephen P. Molnar, Ph.D.
    https://insilicochemistry.net
    (614)312-7528 (c)
    Skype: smolnar1


    IyBUaGlzIGZpbGUgZGVzY3JpYmVzIHRoZSBuZXR3b3JrIGludGVyZmFjZXMgYXZhaWxhYmxl IG9uIHlvdXIgc3lzdGVtCiMgYW5kIGhvdyB0byBhY3RpdmF0ZSB0aGVtLiBGb3IgbW9yZSBp bmZvcm1hdGlvbiwgc2VlIGludGVyZmFjZXMoNSkuCgpzb3VyY2UgL2V0Yy9uZXR3b3JrL2lu dGVyZmFjZXMuZC8qCgojIFRoZSBsb29wYmFjayBuZXR3b3JrIGludGVyZmFjZQphdXRvIGxv CmlmYWNlIGxvIGluZXQgbG9vcGJhY2sKCiMgU3BlY2lmeSB0aGF0IHRoZSBwaHlzaWNhbCBp bnRlcmZhY2UgdGhhdCBzaG91bGQgYmUgY29ubmVjdGVkIHRvIHRoZSBicmlkZ2UKIyBzaG91 bGQgYmUgY29uZmlndXJlZCBtYW51YWxseSwgdG8gYXZvaWQgY29uZmxpY3RzIHdpdGggTmV0 d29ya01hbmFnZXIKaWZhY2UgZW5wMnMwIGluZXQgbWFudWFsCgojUHJpbWFyeSBuZXR3b3Jr IGludGVyZmFjZSB3aXRoIGJyaWRnZQphdXRvIGJyMAppZmFjZSBicjAgaW5ldCBzdGF0aWMK ICAgIGFkZHJlc3MgMTYyLjIzNy45OC4yMzgKICAgIGJyb2FkY2FzdCAxNjIuMjM3Ljk4LjI1 NQogICAgbmV0bWFzayAyNTUuMjU1LjI1NS4wCiAgICBnYXRld2F5IDE2Mi4yMzcuOTguMQog ICAgYnJpZGdlX3BvcnRzIGVucDJzMAogICAgYnJpZGdlX3N0cCBvZmYKICAgIGJyaWRnZV93 YWl0cG9ydCAwCiAgICBicmlkZ2UgZmQgMAo=

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Geert Stappers@21:1/5 to Stephen P. Molnar on Sun May 5 08:10:01 2024
    On Sat, May 04, 2024 at 04:26:07PM -0400, Stephen P. Molnar wrote:
    I am running Bookworm on my main platform. After quite a bit of googling and many errors and much head scratching I have managed to follow the instructions in:

    https://www.cyberciti.biz/faq/how-to-add-network-bridge-with-nmcli-networkmanager-on-linux/
    .

    I have currently implicated this on a Windows 10 client. However, there
    still remains a problem. After the first restart of the Windows client the internet was accessible. However, a problem arose after I successfully installed br0 (copy attached). I was able to use the LAN printer and the 40" TV , but could not access the Host.

    Ah, the VM guest can not access the host.
    (I changed 'Subject: Re: Kvm Bridge Network Problem'
    into 'Subject: Re: Kvm Bridge Network Problem, VM accessing the host')


    I'm sure that I have missed something, but I don't know what.

    Network switches only forward packets.


    Guidance to a solution to the problem would be appreciated.

    I have been where O.P. is, the challenge^Wproblem is real.


    # This file describes the network interfaces available on your system
    # and how to activate them. For more information, see interfaces(5).

    source /etc/network/interfaces.d/*

    # The loopback network interface
    auto lo
    iface lo inet loopback

    # Specify that the physical interface that should be connected to the bridge # should be configured manually, to avoid conflicts with NetworkManager
    iface enp2s0 inet manual

    #Primary network interface with bridge
    auto br0
    iface br0 inet static
    address 162.237.98.238
    broadcast 162.237.98.255
    netmask 255.255.255.0
    gateway 162.237.98.1
    bridge_ports enp2s0
    bridge_stp off
    bridge_waitport 0
    bridge fd 0


    That brigde configuration looks good, even might be good.

    The thing is that host and VM are at the same interface of the network
    switch. And network switches only forward packets. It is a "physical
    law" in computer networking. Hopefully brings this email thread
    the jargon name of the "problem".


    If direct connection between host and the VM guest is important,
    then add such connection and take the costs it brings.


    Groeten
    Geert Stappers
    --
    Silence is hard to parse

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Gareth Evans@21:1/5 to Stephen P. Molnar on Sun May 5 09:00:01 2024
    On Sat 04/05/2024 at 21:26, Stephen P. Molnar <s.molnar@sbcglobal.net> wrote:
    ...
    I have managed to follow the
    instructions in:

    https://www.cyberciti.biz/faq/how-to-add-network-bridge-with-nmcli-networkmanager-on-linux/
    ...
    I was able to use the LAN
    printer and the 40" TV , but could not access the Host.

    Hi Stephen,

    That might suggest NAT is still operative for the VM.

    Did you do the "optional" part of the tutorial in your link too, re KVM network config?

    What is the output of

    # nmcli con show

    # nmcli device

    # virsh net-list --all

    # virsh net-dumpxml yourNetworkName

    I don't have a network cable to hand to test this at the moment (wifi NIC bridging is complex if possible with KVM [1] and apples and oranges and all that) but will do later if your problem is not solved.

    I think the presence of enp2s0 in /e/n/i (which your attachment seems to be) prevents NM from managing it, but if I'm wrong about that, could it be getting an address (static or otherwise) from NM?

    Gareth

    [1] https://hacktivate.it/posts/kvm-bridge-wireless/

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Gareth Evans@21:1/5 to Gareth Evans on Sun May 5 09:40:01 2024
    On Sun 05/05/2024 at 07:53, Gareth Evans <donotspam@fastmail.fm> wrote:

    That might suggest NAT is still operative for the VM.

    Ah, I hadn't seen Geert's reply, which I think is closer to the mark :)

    This gives a routing-based approach:

    https://www.linux-kvm.org/page/Networking

    This creates an isolated network between host and guest, which without routing presumably is additional to the default network, and the (Ubuntu-based) netplan stuff needs substituting with /e/n/i adjustments:

    https://www.nodinrogers.com/post/2022-01-06-enabling-kvm-host-to-vm-communcation/

    All of which I have yet to test but have been meaning to look into this again.

    HTH

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Gareth Evans@21:1/5 to All on Tue May 7 03:00:01 2024
    On host:

    $ ip a|grep wl
    3: wlp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    inet 192.168.1.100/24 ...

    Using:

    virt-manager > Edit > Connection Details > Virtual Networks > Add network

    Mode: Routed
    Network: 192.168.200.0/24
    Accept default DHCP range
    Forward to: physical device
    Device: wlp1s0 [this is my physical wifi card]

    Then:

    $ sudo sysctl -w net.ipv4.ip_forward=1

    Then check:

    $ ip link
    <snip>
    6: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default qlen 1000
    link/ether 52:54:00:54:ed:48 brd ff:ff:ff:ff:ff:ff
    7: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr0 state UNKNOWN mode DEFAULT group default qlen 1000
    link/ether fe:54:00:9b:a7:8e brd ff:ff:ff:ff:ff:ff

    Start VM, check DHCP address assigned

    On VM guest:

    $ ip a|grep enp
    2: enp1s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    inet 192.168.200.151/24 ...

    At this point (with firewalls temporarily off) I was able to ssh to and from host and VM guest using their respective IP addresses.

    After adding a static route on my wireless router:

    192.168.200.0/24 via 192.168.1.100 (to paraphrase the web form)

    I installed apache2 on the VM guest and was able to access

    http://192.168.200.151

    from my phone over wifi, and websites on the host from the VM guest.

    Firewalld actived on host with ssh and https services allowed - ssh and web browsing worked as before.

    No nf/iptables jiggery-pokery, but static route on router required.

    Perhaps not the most efficient solution, but I try to avoid too many firewall rules because they make my head spin :)

    Don't think I've omitted any steps.

    Does that help?

    Best wishes,
    Gareth

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Gareth Evans@21:1/5 to Gareth Evans on Tue May 7 03:20:02 2024
    On Tue 07/05/2024 at 01:51, Gareth Evans <donotspam@fastmail.fm> wrote:

    I did miss a step.

    Start VM, check DHCP address assigned

    should be

    Edit the VM NIC settings and choose your routed network connection from the "Network Source" dropdown. Apply changes.

    Start VM, check DHCP address assigned

    I actually deleted other vibrX devices and networks before starting, but I don't think that matters.

    G

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)
  • From Geert Stappers@21:1/5 to Gareth Evans on Tue May 7 22:30:01 2024
    On Tue, May 07, 2024 at 02:17:05AM +0100, Gareth Evans wrote:
    On Tue 07/05/2024 at 01:51, Gareth Evans wrote:

    I did miss a step.

    Start VM, check DHCP address assigned

    should be

    Edit the VM NIC settings and choose your routed network connection from the "Network Source" dropdown. Apply changes.

    Start VM, check DHCP address assigned

    I actually deleted other vibrX devices and networks before starting, but I don't think that matters.

    G

    For the sake of the archive: Place _all_ steps in one email.
    Preferable in reply to the original posting.


    Groeten
    Geert Stappers
    --
    Silence is hard to parse

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)