On 06/28/10 16:26, SuNeEl wrote:
> I have been trying desperately to achieve virtual networking with kvm, but =
> some how I failed each time.. rather lot of unclear tutorial using differen=
> t methods achieving common goals made me confuse like bridging, vmnet, tun,=
> etc etc routing ,iptable forward everything in a one pipe ... but before I=
> give up i just thrown this question before you guys
>
>
> Host-----------------guest1------------------guest2------------guest3
> 192.168.1.1 192.168.1.3 192.168.1.4 192.168.1.5
> eth0
>
> I wanted to use host eth0 to ssh on all guest + dont want to lose connectiv=
> ity to host as well.
>
> tell me if this is a dream in one shoot so I give up looking more positi=
> veness in virtual networking
I use both direct connect and host-only networking setups. In both cases
qemu is configured to use tap devices (-net tap).
VM's directly connected to LAN:
.------. .------. .------.
| VM 1 | | VM 2 | ... | VM N |
'------' '------' '------'
| | |
.------. .------. .------.
| tap | | tap | ... | tap |
'------' '------' '------'
| | |
'--------------------------
|
.-------.
| br0 |
'-------'
|
.-------.
| eth0 |
'-------'
| LAN
<-------------------------------------->
Host-side configuration:
/etc/sysconfig/network-scripts/ifcfg-eth0:
DEVICE=eth0
ONBOOT=yes
BRIDGE=mainbr0
/etc/sysconfig/network-scripts/ifcfg-mainbr0
DEVICE=mainbr0
ONBOOT=yes
BOOTPROTO=dhcp
In this case the VMs show up on the LAN just like any other node.
I also have the option to connect VM's to a host-only network:
.------. .------. .------.
| VM 1 | | VM 2 | ... | VM N |
'------' '------' '------'
| | |
.------. .------. .------.
| tap | | tap | ... | tap |
'------' '------' '------'
| | |
'--------------------------
|
.-------. .----------.
| br1 |<---| iptables |
'-------' '----------'
|
|
v
.-------.
| eth0 |
'-------'
LAN |
<-------------------------------------->
For br1, I chose to manually create it at boot time using an rc-script:
brctl addbr hostbr1
ifconfig hostbr1 <ip> netmask <mask> up
VM access to off-box resources is handled through iptables:
iptables -t nat -A PREROUTING -i hostbr1 -j ACCEPT
Direct access to a VM is handled by port redirection:
iptables -t nat -A PREROUTING -p tcp --dport <host-port> \
-j DNAT --to-destination <VM>:22
iptables -t nat -A PREROUTING -p tcp --dport 2022 \
-j DNAT --to-destination 169.254.1.2:22
e., ssh -p 2022 user@host is redirected to port 22 for the VM with the
IP 169.254.1.2.
Which networking setup (or both in some cases) I use for specific VM
depends on the purpose of the VM.
David
--
To unsubscribe from this list: send the line "unsubscribe kvm" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
