aLog.IPduh: KVM NATed guest debian

KVM NAT on debian wheezy

Check the default host-guest network configuration

# cat /etc/libvirt/qemu/networks/default.xml 
<network>
  <name>default
  <bridge name="virbr0" />
  <forward/>
  <ip address="192.168.122.1" netmask="255.255.255.0">
    <dhcp>
      <range start="192.168.122.2" end="192.168.122.254" />
    </dhcp>
  </ip>
</network>

Check virtual networks status

# virsh net-list --all
Name                 State      Autostart
-----------------------------------------
default              inactive   no

Set the default virtual network to Autostart

# virsh net-autostart default

Start the default virtual network

# virsh net-start default

Check virtual network status again

# virsh net-list --all
Name                 State      Autostart
-----------------------------------------
default              active     yes

# ifconfig virbr0
virbr0    Link encap:Ethernet  HWaddr 22:ca:fc:33:e4:67  
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

# brctl show
bridge name bridge id  STP enabled interfaces
virbr0  8000.000000000000 yes

Check if IP forwarding is enabled

# cat /proc/sys/net/ipv4/ip_forward 
1

If not enable it permanently in /etc/sysctl.conf

Install guest, eg:

# virt-install --connect qemu:///system -n vm3.onemore -r 1024 -vcpus=1 --disk path=/home/vm/vm3.onemore.qcow2,size=2 -c /iso/debian-7.2.0-amd64-netinst.iso --vnc --noautoconsole --description vm3_onemore --network=network:default --hvm

more at debian KVM notes

Set iptables masquerade
you don't have to :)

# iptables -L -t nat
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
MASQUERADE  tcp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  udp  --  192.168.122.0/24    !192.168.122.0/24     masq ports: 1024-65535
MASQUERADE  all  --  192.168.122.0/24    !192.168.122.0/24

libvirt does it for you

Configure addressing etc in the virtual network
you don 't have to

tcp        0      0 192.168.122.1:53        0.0.0.0:*               LISTEN      21648/dnsmasq   
udp        0      0 192.168.122.1:53        0.0.0.0:*                           21648/dnsmasq   
udp        0      0 0.0.0.0:67              0.0.0.0:*                           21648/dnsmasq

libvirt does it for you

KVM NAT

▼ aLog.IPduh

Pages

KVM NATed guest debian

▲

Search aLog

Box Office

pop

Pick

SEARCH THE INTERNETZ

Partial Arc