KVM NATed guest debian

KVM NAT on debian wheezy

Check the default host-guest network configuration
# cat /etc/libvirt/qemu/networks/default.xml 
<network>
  <name>default
  <bridge name="virbr0" />
  <forward/>
  <ip address="192.168.122.1" netmask="255.255.255.0">
    <dhcp>
      <range start="192.168.122.2" end="192.168.122.254" />
    </dhcp>
  </ip>
</network>


Check virtual networks status
# virsh net-list --all
Name                 State      Autostart
-----------------------------------------
default              inactive   no        



Set the default virtual network to Autostart
# virsh net-autostart default


Start the default virtual network
# virsh net-start default


Check virtual network status again
# virsh net-list --all
Name                 State      Autostart
-----------------------------------------
default              active     yes       

# ifconfig virbr0
virbr0    Link encap:Ethernet  HWaddr 22:ca:fc:33:e4:67  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

# brctl show
bridge name bridge id  STP enabled interfaces
virbr0  8000.000000000000 yes  



Check if IP forwarding is enabled
# cat /proc/sys/net/ipv4/ip_forward 
1
If not enable it permanently in /etc/sysctl.conf

Install guest, eg:
# virt-install --connect qemu:///system -n vm3.onemore -r 1024 -vcpus=1 --disk path=/home/vm/vm3.onemore.qcow2,size=2 -c /iso/debian-7.2.0-amd64-netinst.iso --vnc --noautoconsole --description vm3_onemore --network=network:default --hvm
more at debian KVM notes

Set iptables masquerade
you don't have to :)
# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24    

libvirt does it for you

Configure addressing etc in the virtual network
you don 't have to
tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      21648/dnsmasq   
udp        0      0 192.168.122.1:53        0.0.0.0:*                           21648/dnsmasq   
udp        0      0 0.0.0.0:67              0.0.0.0:*                           21648/dnsmasq   
libvirt does it for you



KVM NAT