On 03/14/2012 10:24 PM, Felix Blanke wrote: > Hello, > > this isn't a bug report or an advanced usage question. This is just a > question from a noob who is new to kvm and needs some help to setup a > network between the host and the guests. If you're willing to spend a > little time to help me out please continue reading :) Even though "mail from mailing list with attachment" scared me a little, I might have had similar need as you, so I continue =) > See the attached image for more information. I have a host running with > a public ip adress. I want to setup some vm for different tasks > (webserver, mailserver, database, fileserver). I need to setup a network > where the host can speak to the guests, the guest can speak to each > other and the guests can speak to the host (meaning to the internet). > The host also works as a firewall. > > Some examples: > > A) A package for the webserver (port 80) needs to be routed fron the > host to the vm1. > > B) The mailserver needs to access the database. > > C) The mailserver needs to access the internet for sending an email. > > So every vm needs one interface. I don't know if it would work if I > setup one virtual switch for the guest interconnections and use the host > as a router to route the different ports to the vm interfaces. > You are very lucky. The default libvirt installation comes with a 'default' network. You should be able to see it using "virsh net-list --all". To this network, you can attach a card from the guest and it provides NAT as well as DHCP (both by default). If you modify an interface in the guest so it is a <interface type='network'/> and has <source network='default'/>, it is virtually plugged to this network and all the interfaces can see each other and access the internet. Example from my guest configuration: <interface type='network'> <mac address='52:54:00:37:a1:0c'/> <source network='default'/> <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/> </interface> The way this is done is using iptables (and ebtables if needed and I'm not wrong), so you can then see it in the system. Libvirt applies these rules automatically when the network is started (I have it set to autostart).There is also some filtering (firewall) available but I have no experience with this. Everything can be done by "virsh edit", "virsh net-edit" etc. For more and deeper information about network configuration, have a look at these two pages, I hope you find everything you need there: http://libvirt.org/formatnetwork.html http://libvirt.org/formatnwfilter.html One more thing though, if you are missing this functionality on self-compiled libvirt, don't forget the --with-network parameter for when configuring the source. > I hope this wasn't so confusing :) What would be the best way to > accomplish my goal using virt-install and virsh. Thanks for everyone who > is trying to help me out. > > > Kind regards, > Felix Have a nice day Martin