ubuntu KVM guest with no network connection after configuring network bridge

Question

I am trying to add KVM guest (Ubuntu 18.04) to local network like other real servers in the network. I configured KVM bridge interface in the host system (Ubuntu 18.04) and it works fine with connection. Host system is reachable over the local network to other servers.

netplan config for the host system:

$ cat 01-netcfg.yaml
# This file describes the network interfaces available on your system
# For more information, see netplan(5).
network:
  version: 2
  renderer: networkd
  ethernets:
    eno1:
      dhcp4: false
  bridges:
    br0:
      interfaces: [eno1]
      addresses: [192.168.1.105/24]
      gateway4: 192.168.1.1
      nameservers:
        addresses: [x.x.x.x, x.x.x.x]
      dhcp4: false

ip a output showing bridge interface :

    10697: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether 62:cb:37:3c:c0:70 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.105/24 brd 192.168.1.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 fe80::60cb:37ff:fe3c:c070/64 scope link 
       valid_lft forever preferred_lft forever

I created KVM network interface using the bridge br0

virsh net-edit br0 output:

<network>
  <name>br0</name>
  <uuid>d277e3d1-b34e-4b1f-ae69-6a3c8f75626c</uuid>
  <forward mode='bridge'/>
  <bridge name='br0'/>
</network>

developer@serv31:~$ virsh net-list
 Name                 State      Autostart     Persistent
----------------------------------------------------------
 br0                  active     yes           yes
 default              active     yes           yes

interface info of the KVM guest domain:

    <interface type='network'>
      <mac address='52:54:00:14:dc:af'/>
      <source network='br0'/>
      <model type='rtl8139'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    </interface>

In the guest VM I configured netplan to give it a static IP. It did boot with the configured IP.

$ cat 50-cloud-init.yaml
network:
  version: 2
  ethernets:
    ens3:
      addresses: [192.168.1.50/24]
      gateway4: 192.168.1.1
      nameservers:
        addresses: [x.x.x.x, x.x.x.x]
      dhcp4: false

guest VM ip a output:

$ ip a
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: ens3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 52:54:00:14:dc:af brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.50/24 brd 192.168.1.255 scope global ens3
       valid_lft forever preferred_lft forever
    inet6 fe80::5054:ff:fe14:dcaf/64 scope link 
       valid_lft forever preferred_lft forever

Guest VM is able to reach (ping, telnet) host system, Host system can reach guest VM. But no other server in the network can reach guest VM, and guest VM cannot access internet too. Please help me fixing this. Do let me know if you need more info.

Answer 1

I have just configured this on a new ubuntu 22.04 install, which is the second time I did it, and second time around I mostly understood what I was doing. Here are my notes.

There are multiple ways of doing this. I using nmcli, the command line interface to network manager. It seems easy to understand, and it works. I have a bridged interface running with a virt-manager Windows 10 guest, and a 22.04 Ubuntu guest.

I have two NICs in this machine, to give myself the luxury of dedicating one to this virtual bridge for all my VMs. I don't know how to do this with only one NIC, using some slave virtual NIC for the desktop.

Make a virtual bridge with a dedicated physical nic using network manager cli

(I have the bridge-utils package installed)

1. First, ensure that the network interface you want to add to the bridge (let's say eno2 and that is lower case 0, not zero) is managed by NetworkManager. You can check this by running:

   nmcli device status
   

   If eno2 is not under control of NetworkManager, you can make NetworkManager manage it:

   sudo nmcli device set eno2 managed yes
   

2. Create a new bridge connection (br0):

   sudo nmcli connection add type bridge autoconnect yes con-name br0 ifname br0
   

   This command creates a new bridge named br0 and also creates a corresponding connection br0.

3. Then, add the network interface to the bridge:

   sudo nmcli connection add type bridge-slave autoconnect yes con-name br0-slave ifname eno2 master br0
   

   This command creates a new connection br0-slave that adds eno2 to the bridge br0.

4. You can bring up the bridge connection:

   sudo nmcli connection up br0
   

These settings are persisted (saved) in /etc/NetworkManager/system-connections

Example persisted configurations from an earlier setup, where the Bridge device is br10:

root@indigo:/etc/NetworkManager/system-connections# more br10.nmconnection 
[connection]
id=br10
uuid=a...e
type=bridge
interface-name=br10

[bridge]

[ipv4]
method=auto

[ipv6]
addr-gen-mode=stable-privacy
method=auto

[proxy]

Example persisted configuration: Slave device (bridge-slave-eth2.nmconnection)

root@indigo:/etc/NetworkManager/system-connections# more bridge-slave-eth2.nmconnection

id=bridge-slave-eth2
uuid=d...d
type=ethernet
interface-name=eth2
master=br10
slave-type=bridge

[ethernet]

[bridge-port]

So if you have file which look like that, it worked .

On my current machine:

tim@black:~$ nmcli device status
DEVICE          TYPE      STATE                   CONNECTION         
eno1            ethernet  connected               Wired connection 1 
br0             bridge    connected               br0                
wlp9s0          wifi      connected               rumahtumi          
virbr0          bridge    connected (externally)  virbr0             
eno2            ethernet  connected               br0-slave          
p2p-dev-wlp9s0  wifi-p2p  disconnected            --                 
lo              loopback  unmanaged               --   

So now in virtual-manager, edit the NIC. Make the network source Bridge device and type in the name of the virtual bridge (br0)

Device name virtio The IP address will say unknown and that is ok.

When I start the virtual machine, say Ubuntu, it takes a few seconds after logging in for the network connection to activate, but it does, and it gets an IP address from my LAN's DHCP server and all is good.

Back on the host, the NIC shows in network connections, as br0-slave.

Answer 2

sudo iptables -t nat -A POSTROUTING -o br0 -j MASQUERADE
sudo iptables -A FORWARD -i br0 -o virbr0 -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i virbr0 -o br0 -j ACCEPT
sudo iptables -I FORWARD 1 -i br0 -o br0 -j ACCEPT

above rules fixed the problem.