On 3/15/12 9:22 AM, Martin Kletzander wrote:
> On 03/14/2012 10:24 PM, Felix Blanke wrote:
>> Hello,
>>
>> this isn't a bug report or an advanced usage question. This is just a
>> question from a noob who is new to kvm and needs some help to setup a
>> network between the host and the guests. If you're willing to spend a
>> little time to help me out please continue reading :)
>
> Even though "mail from mailing list with attachment" scared me a little,
> I might have had similar need as you, so I continue =)
Hello,
I'm glad you had the courage to continue :)
>
>> See the attached image for more information. I have a host running with
>> a public ip adress. I want to setup some vm for different tasks
>> (webserver, mailserver, database, fileserver). I need to setup a network
>> where the host can speak to the guests, the guest can speak to each
>> other and the guests can speak to the host (meaning to the internet).
>> The host also works as a firewall.
>>
>> Some examples:
>>
>> A) A package for the webserver (port 80) needs to be routed fron the
>> host to the vm1.
>>
>> B) The mailserver needs to access the database.
>>
>> C) The mailserver needs to access the internet for sending an email.
>>
>> So every vm needs one interface. I don't know if it would work if I
>> setup one virtual switch for the guest interconnections and use the host
>> as a router to route the different ports to the vm interfaces.
>>
>
> You are very lucky. The default libvirt installation comes with a
> 'default' network. You should be able to see it using "virsh net-list
> --all". To this network, you can attach a card from the guest and it
> provides NAT as well as DHCP (both by default).
> If you modify an interface in the guest so it is a<interface
> type='network'/> and has<source network='default'/>, it is virtually
> plugged to this network and all the interfaces can see each other and
> access the internet.
> Example from my guest configuration:
>
> <interface type='network'>
> <mac address='52:54:00:37:a1:0c'/>
> <source network='default'/>
> <address type='pci' domain='0x0000' bus='0x00' slot='0x07'
function='0x0'/>
> </interface>
>
> The way this is done is using iptables (and ebtables if needed and I'm
> not wrong), so you can then see it in the system. Libvirt applies these
> rules automatically when the network is started (I have it set to
> autostart).There is also some filtering (firewall) available but I have
> no experience with this.
>
> Everything can be done by "virsh edit", "virsh net-edit" etc. For more
> and deeper information about network configuration, have a look at these
> two pages, I hope you find everything you need there:
>
> http://libvirt.org/formatnetwork.html
> http://libvirt.org/formatnwfilter.html
So I could use something like "virt-install ... --network=default"? The
problem with that was I couldn't find a switch to set the lease time to
forever or configure the build in dhcp to map "mac -> ip address". Do
you know a way to configure this?
I will try to setup my network using your description after the weekend.
Thanks for your help so far!
>
> One more thing though, if you are missing this functionality on
> self-compiled libvirt, don't forget the --with-network parameter for
> when configuring the source.
>
Thanks for that hint. I'm using gentoo and allready had the correct use
flag set :)
>> I hope this wasn't so confusing :) What would be the best way to
>> accomplish my goal using virt-install and virsh. Thanks for everyone who
>> is trying to help me out.
>>
>>
>> Kind regards,
>> Felix
>
> Have a nice day
> Martin
