| View previous topic :: View next topic |
| Author |
Message |
leyvi
Apprentice
Joined: 08 Sep 2023
Posts: 268
|
 Posted: Mon Mar 24, 2025 5:38 pm Post subject: Networking in VMs? |
 |
|
I have a virtualization setup inspired by MentalOutlaw's:
KVM/QEMU/libvirt/VMM
It works fine. Except for networking, which didn't work out of the box. I found a tutorial on ArchWiki explaining how to set up bridge devices, and while there were no issues following the steps, after adding the resulting bridge device to one of my VMs, it still did not connect to the internet. It did manage to connect to the bridge though, if I understood the output of `ip address` correctly.
Does anyone know how to configure networking for VMs? |
|
| Back to top |
|
 |
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3583
|
| Posted: Mon Mar 24, 2025 6:01 pm Post subject: |
|
|
It can be done in a number of ways, and they are suited for different use cases. You can't really expect much help fixing an undefined setup. A good start would consist of:
* Your objective, a brief description, or a graph showing connections within your intended network
* along with links to the particular guides you followed
* as well as "ip -o a" and "ip -o l" from the host (showing your bridges and enslaved interfaces, skipping anything with a public IP should be fine) and "ip -o a" from guest.
Bear in mind that video tutorials are a quite unfriendly reference, so people who would be able to help you might back off if this all you give them.
_________________
Make Computing Fun Again |
|
| Back to top |
|
|
leyvi
Apprentice
Joined: 08 Sep 2023
Posts: 268
|
| Posted: Mon Mar 24, 2025 9:16 pm Post subject: |
|
|
| szatox wrote: | | Bear in mind that video tutorials are a quite unfriendly reference, so people who would be able to help you might back off if this all you give them. |
Right, sorry. I'll keep that in mind in the future.
| szatox wrote: | | * Your objective, a brief description, or a graph showing connections within your intended network |
All I want is access to my home network (and the internet, by extension) from my VMs.
| szatox wrote: | | * along with links to the particular guides you followed |
Sure, here you are: https://wiki.archlinux.org/title/Network_bridge. I followed all of part 1.1 (including 1.1.1).
Let us assume that I have no existing configuration; in fact, I'm not even sure what kind of virtual network interface I want. I think that a bridge is good, but I really don't know a lot about virtual networking, and this is in spite of searching for information online for hours. |
|
| Back to top |
|
|
pietinger
Moderator
Joined: 17 Oct 2006
Posts: 5535
Location: Bavaria
|
|
| Back to top |
|
|
Hu
Administrator
Joined: 06 Mar 2007
Posts: 23272
|
| Posted: Mon Mar 24, 2025 9:49 pm Post subject: |
|
|
| leyvi wrote: | | All I want is access to my home network (and the internet, by extension) from my VMs. |
It is good that you included the parenthetical note, because my natural reading of "All I want" is that the next thing truly is all, and only what you want, so without the parenthetical note, I would have parsed this as:- I want my virtual machines to access computers on my LAN.
- I want my virtual machines NOT to access the Internet.
I will also note that your request is still a bit ambiguous. If you want the VMs to connect out to the LAN and not receive incoming connections, there are several ways to allow that. If you also want them to receive incoming connections from the LAN, there are different solutions.
A bridge can work, but you could also use a properly configured NAT.
If you want personalized advice, then I suggest following szatox's first bullet point. Give us a list of the involved systems, and for each pairing, whether it should or should not be allowed. For example:
Machines:- 1 host of VMs, named Hyper
- N co-equal VMs collectively called V
- M real systems on the LAN, collectively called R
- 1 Internet
Connections:- Hyper can connect to V.
- V can connect to Hyper.
- V can connect to Internet.
- Internet cannot connect to V.
- V can connect to some members of R.
- V cannot connect to other members of R.
- All members of R can connect to V.
Tweak my example as needed for how you want this to work. |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3583
|
| Posted: Mon Mar 24, 2025 9:57 pm Post subject: |
|
|
Damn, using ip directly is probably not what you want here.
What do you use for configuring your host's network?
It looks like you should use this tool to create a bridge and give it all configuration your physical interface has (probably nothing, for autoconfiguration), and add that physical interface to your bridge as a slave (with autoconfiguration disabled; it shouldn't have its own IP address).
And then, when you create a VM, you can connect it to that bridge too, instead of using libvirt-defined networks.
This way host and VM will be seen as 2 machines behind a switch; they will each get an IP from your network's DHCP server, wil lbe able to talk to each other and other machines on the network etc.
Basically, it is simple, and in most cases should just work.
Another simple option is using NAT. It is simple, because you just add a network inside virt-manager, but it is fugly and won't let you access your vms from your lan, so unless you e.g. multihome, just go with the first option.
_________________
Make Computing Fun Again |
|
| Back to top |
|
|
leyvi
Apprentice
Joined: 08 Sep 2023
Posts: 268
|
| Posted: Tue Mar 25, 2025 10:30 am Post subject: |
|
|
| Hu wrote: | | If you want personalized advice, then I suggest following szatox's first bullet point. Give us a list of the involved systems, and for each pairing, whether it should or should not be allowed. |
OK:
Basically, I want a way to connect any VM on my real machine to my home network, as if it had an Ethernet connection to the network switch on my floor.
I have several VMs:- Windows 10, which I occasionally mess around with.
- Debian, which I use to test my code to see if it runs on other machines.
- Arch; I'm trying to create a hardened Arch installation on a USB stick that I can keep in my pocket and use to do a wide variety of tasks, from remotely accessing my Gentoo machine at home to fixing broken OSs on my friend's machines (they break their computers all the time, and turn to me for help). The VM uses USB-passthrough to access the drive, and it is a work in progress.
I would like them all to be able to connect to my home network, as if they were regular machines.
Does this answer your question? |
|
| Back to top |
|
|
leyvi
Apprentice
Joined: 08 Sep 2023
Posts: 268
|
| Posted: Tue Mar 25, 2025 10:33 am Post subject: |
|
|
| szatox wrote: | | What do you use for configuring your host's network? |
I use dhcpcd to manage networking. |
|
| Back to top |
|
|
leyvi
Apprentice
Joined: 08 Sep 2023
Posts: 268
|
| Posted: Tue Mar 25, 2025 10:40 am Post subject: |
|
|
| szatox wrote: | | Damn, using ip directly is probably not what you want here. |
Yeah 
I really hate configuring networks, it's probably my least favorite part of Gentoo. I hate it so much, I generated my entire networking configuration with ChatGPT. This sounds like a terrible idea; in fact it is. I would not do it again. But I inspected the configuration closely, and everything seemed fine. Everything works exactly the way I want it to. I have not touched it since. |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 55096
Location: 56N 3W
|
| Posted: Tue Mar 25, 2025 4:03 pm Post subject: |
|
|
leyvi,
The hard part of this is to bring up your real network interface without it getting any configuration.
Then you donate it to your bridge.
Your bridge gets it's setup however your NIC used to.
Now your host 'just works' the way it always did, except that its working interface is the bridge.
When you configure a VM, connect its network to the bridge.
Configure it like the the host. Probably dhcpcd.
Exact steps vary depending on your chosen network setup tool.
ChatGPT is not one of them. :)
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
leyvi
Apprentice
Joined: 08 Sep 2023
Posts: 268
|
| Posted: Tue Mar 25, 2025 5:08 pm Post subject: |
|
|
| NeddySeagoon wrote: | The hard part of this is to bring up your real network interface without it getting any configuration.
Then you donate it to your bridge.
Your bridge gets it's setup however your NIC used to.
Now your host 'just works' the way it always did, except that its working interface is the bridge. |
Alright, does anyone here know how to do this? Maybe by modifying my configuration for dhcpcd? I'll read up on the documentation again, but maybe someone knows off the top of their head...
| NeddySeagoon wrote: | Exact steps vary depending on your chosen network setup tool.
ChatGPT is not one of them.  |
¯\_(ツ)_/¯
This is the only thing on my system I used ChatGPT for. I hate using it, but for me, the alternative was worse... |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 55096
Location: 56N 3W
|
| Posted: Tue Mar 25, 2025 6:05 pm Post subject: |
|
|
leyvi,
| Quote: | | This is the only thing on my system I used ChatGPT for. I hate using it, but for me, the alternative was worse... |
You mean asking here or in #gentoo on Libera IRC? :)
I don't have a working setup to quote from as the motherboard died a horrible death.
From https://wiki.gentoo.org/wiki/Netifrc#Network_bridge.2C_multiple_interfaces.2C_IPv6
| Code: | config_enp7s0="null"
bridge_br0="enp7s0"
config_br0="Whatever you used for enp7s0" |
Start br0, not enp7s0 at boot.
That's the host bit done.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
leyvi
Apprentice
Joined: 08 Sep 2023
Posts: 268
|
| Posted: Tue Mar 25, 2025 6:44 pm Post subject: |
|
|
| NeddySeagoon wrote: | | You mean asking here or in #gentoo on Libera IRC? |
Not at all! This was before I had discovered the forums, and I had no clue what IRC was back then... I was 15/16 at the time. I wish I knew what either of those were back then. |
|
| Back to top |
|
|
leyvi
Apprentice
Joined: 08 Sep 2023
Posts: 268
|
| Posted: Tue Mar 25, 2025 6:48 pm Post subject: |
|
|
Huh...
I checked out the wiki page NeddySeagoon sent, netirfc doesn't look so bad... maybe I should switch from dhcpcd? Or maybe to some other system? What do you guys recommend? There seems to be a lot of different networking solutions... |
|
| Back to top |
|
|
NeddySeagoon
Administrator
Joined: 05 Jul 2003
Posts: 55096
Location: 56N 3W
|
| Posted: Tue Mar 25, 2025 7:57 pm Post subject: |
|
|
leyvi,
I was teasing :)
I use netirfc. It will use dhcpcd if you tell it to.
My network is a mess. The IPv4 is mostly static and IPv6 support, mostly automatic.
I don't know how you use dhcpcd alone to manage your network, I've never looked into it.
_________________
Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
| Back to top |
|
|
leyvi
Apprentice
Joined: 08 Sep 2023
Posts: 268
|
| Posted: Tue Mar 25, 2025 8:10 pm Post subject: |
|
|
| NeddySeagoon wrote: | | I was teasing |
I know
| NeddySeagoon wrote: | | The IPv4 is mostly static and IPv6 support, mostly automatic. |
Same on my network. Static IPv4 is easy, since you can just configure your router for that. IPv6 is much harder; I have static IPv6 suffixes configured, but for fully static addresses, I'd need a static prefix, which is a hassle to get, and the ISPs where I live charge a subscription for it for whatever reason (IPv4 I understand, there are only ~4,000,000,000 of those. I have no clue why they charge for IPv6 though).
| NeddySeagoon wrote: | | I don't know how you use dhcpcd alone to manage your network, I've never looked into it. |
Honestly, neither do I |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3583
|
| Posted: Tue Mar 25, 2025 8:17 pm Post subject: |
|
|
> There seems to be a lot of different networking solutions
Yes, there is a lot of network use cases.
For static configuration, netifrc does a really good job, and is capable of running as simple or as complex setups as you want.
For mobile clients, there's networkmanager. It won't let you do anything fancy, but the 3 things people use 99% of time are fast and easy to use.
So, basically, use netifrc on a server, networkmanager on a laptop, anything (including dhcpc/dhcpcd) is fine on a tower PC, and if you travel with a mobile server, you're gonna hate your life no matter what.
> I don't know how you use dhcpcd alone to manage your network, I've never looked into it.
I think building bridges is out of scope for this project. It doesn't even connect to wifi, does it? You have to configure wpa_supplicant separately.
_________________
Make Computing Fun Again |
|
| Back to top |
|
|
leyvi
Apprentice
Joined: 08 Sep 2023
Posts: 268
|
| Posted: Tue Mar 25, 2025 8:56 pm Post subject: |
|
|
| szatox wrote: | | I think building bridges is out of scope for this project. It doesn't even connect to wifi, does it? You have to configure wpa_supplicant separately. |
I think dhcpcd can handle bridges, maybe not though. You're right: it doesn't do wireless. I don't even have the wireless drivers in my kernel (I just use Ethernet). I can try netirfc. I use static addresses anyway. |
|
| Back to top |
|
|
Chiitoo
Administrator
Joined: 28 Feb 2010
Posts: 2768
Location: Here and Away Again
|
| Posted: Wed Mar 26, 2025 6:28 am Post subject: |
|
|
I may be missing something, but if the virtual machines only need to be able to connect to the internet, building bridges might indeed unnecessary.
By default, QEMU uses "User Networking" (SLIRP) [1], which should "just work" if your host has network connectivity (I'd need to read up on 'libvirt' a bit to remember if that requires something extra).
Having written that, I'd look more into why it doesn't work, before going for the more complicated solutions.
Using my own set-up as an example, I give my machines with OpenRC a static IP address via '/etc/conf.d/net' to connect to my 4G router/modem ('dhcpcd' would work too), and for the QEMU machines I do the same (if it's non-Gentoo, they use whatever they come with default, similar to Windows machines, which use the default 'dhcp' setting), and indeed, it just works.
The QEMU launch options I use have nothing related to networking for these machines.
1. https://wiki.qemu.org/Documentation/Networking
_________________
Kindest of regardses. |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3583
|
| Posted: Wed Mar 26, 2025 11:55 am Post subject: |
|
|
Virt-manager doesn;t offer user networking anymore,probably because it's so slow. It's redundant too, since you can just NAT it in the system instead of inside qemu. I gives the same effect but faster (and uglier).
_________________
Make Computing Fun Again |
|
| Back to top |
|
|
leyvi
Apprentice
Joined: 08 Sep 2023
Posts: 268
|
| Posted: Wed Mar 26, 2025 12:22 pm Post subject: |
|
|
| Chiitoo wrote: | I may be missing something, but if the virtual machines only need to be able to connect to the internet, building bridges might indeed unnecessary.
By default, QEMU uses "User Networking" (SLIRP) [1], which should "just work" if your host has network connectivity (I'd need to read up on 'libvirt' a bit to remember if that requires something extra).
Having written that, I'd look more into why it doesn't work, before going for the more complicated solutions.
Using my own set-up as an example, I give my machines with OpenRC a static IP address via '/etc/conf.d/net' to connect to my 4G router/modem ('dhcpcd' would work too), and for the QEMU machines I do the same (if it's non-Gentoo, they use whatever they come with default, similar to Windows machines, which use the default 'dhcp' setting), and indeed, it just works.
The QEMU launch options I use have nothing related to networking for these machines. |
Interesting. Sadly not what happened on my machine.
I switched to netifrc by the way. Now a new problem has come up: IPv6 doesn't work: | $ rc-service net.eno1 restart: | libvirtd | * Stopping libvirtd ... [ ok ]
net.eno1 | * Bringing down interface eno1
net.eno1 |Error: ipv6: Router advertisement is disabled on device.
net.eno1 | * Bringing up interface eno1
net.eno1 | * 10.0.0.54/24 ... [ ok ]
net.eno1 | * Adding routes
net.eno1 | * default via 10.0.0.138 ... [ ok ]
libvirtd | * Starting libvirtd ... [ ok ] |
| /etc/conf.d/net: | config_eno1="10.0.0.54/24"
routes_eno1="default via 10.0.0.138"
firewalld_zone_eno1="home" |
I realize that I don't have an IPv6 configuration in here, but adding any sort of IPv6 configuration results in an error, and the service failing. I use RADVD, RDNSS, and SLAAC on my network, so I tried setting a ULA prefix and using netifrc's `ip6token_eno1` variable, which resulted in an error. I tried adding an IPv6 address to `config_eno1`; error. I tried adding routes through the link-local IPv6 address of my router, and through its local address (something you can do with a ULA prefix). All resulted in errors. I tried various combinations, too. How do I make IPv6 work again? Keep in mind, I'd like a static suffix, made from my MAC address.
(btw the errors were really non-descriptive. litterally just "ERROR") |
|
| Back to top |
|
|
grknight
Retired Dev
Joined: 20 Feb 2015
Posts: 2078
|
| Posted: Wed Mar 26, 2025 12:40 pm Post subject: |
|
|
| leyvi wrote: | I switched to netifrc by the way. Now a new problem has come up: IPv6 doesn't work: | $ rc-service net.eno1 restart: | net.eno1 |Error: ipv6: Router advertisement is disabled on device.
|
|
This is a kernel message caused when IPv6 forwarding is on and IPv6 RA is not in hybrid mode: | /usr/src/linux/include/net/ipv6.h: | static inline bool ipv6_accept_ra(struct inet6_dev *idev)
{
/* If forwarding is enabled, RA are not accepted unless the special
* hybrid mode (accept_ra=2) is enabled.
*/
return idev->cnf.forwarding ? idev->cnf.accept_ra == 2 :
idev->cnf.accept_ra;
} |
Edit: | /usr/src/linux/Documentation/networking/ip-sysctl.rst: | accept_ra - INTEGER
Accept Router Advertisements; autoconfigure using them.
It also determines whether or not to transmit Router
Solicitations. If and only if the functional setting is to
accept Router Advertisements, Router Solicitations will be
transmitted.
Possible values are:
== ===========================================================
0 Do not accept Router Advertisements.
1 Accept Router Advertisements if forwarding is disabled.
2 Overrule forwarding behaviour. Accept Router Advertisements
even if forwarding is enabled.
== ===========================================================
Functional default:
- enabled if local forwarding is disabled.
- disabled if local forwarding is enabled. |
|
|
| Back to top |
|
|
leyvi
Apprentice
Joined: 08 Sep 2023
Posts: 268
|
| Posted: Wed Mar 26, 2025 4:10 pm Post subject: |
|
|
Interesting, thanks.
Any idea how I could enable IPv6 RA hybrid mode (or disable IPv6 forwarding, if that's an option)? |
|
| Back to top |
|
|
grknight
Retired Dev
Joined: 20 Feb 2015
Posts: 2078
|
| Posted: Wed Mar 26, 2025 4:44 pm Post subject: |
|
|
| leyvi wrote: | Interesting, thanks.
Any idea how I could enable IPv6 RA hybrid mode (or disable IPv6 forwarding, if that's an option)? |
To configure on startup: | /etc/sysctl.d/ipv6.conf: | | net.ipv6.conf.eno1.accept_ra=2 |
To configure at runtime run: sysctl net.ipv6.conf.eno1.accept_ra=2
This is dependent on the system. In your case, eno1 is complaining.
net.ipv6.conf.default.accept_ra or net.ipv6.conf.all.accept_ra are also possible if every interface is desired. The former being for those that are not yet populated (or perhaps not yet configured). The latter for all existing interfaces, but not new interfaces. |
|
| Back to top |
|
|
leyvi
Apprentice
Joined: 08 Sep 2023
Posts: 268
|
| Posted: Wed Mar 26, 2025 4:59 pm Post subject: |
|
|
| Thanks, would this have any negative consequences? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
