Virtualization Networking

Home » CentOS » Virtualization Networking
CentOS 36 Comments

Hello,

I’m a little confused on which networking option I need to choose when setting up a VM.

I set up two VMs this past weekend both with NAT. Both able to were access the internet.

The first one, I created in my / file system but didn’t really have the space so I deleted it.

The second one, I created in /home/kvm, but deleted it as well when I
couldn’t access it FROM the internet. I had a full backup scheduled for that night and deleted it as well.

I have one of those free domains/DNS from no-ip.com, CentOS7vm.ddns.net I plan to use as the host name.

I want to be able to access this VM from the internet.

So, how much in the network setup for the new installation do I need to do? Do I need to go with NAT or bridged?

I did four installations last night and could get any of the access the internet with ym. Must have been dumb luck the first two times.

I think it maybe something in iptables from one of the previous installs causing the problem. In ifconfig, I still have virbr0 and virbr1. Didn’t have those before.

Here’s my iptables:

# Generated by iptables-save v1.4.7 on Tue Sep 27 22:17:35 2016
*mangle
:PREROUTING ACCEPT [29980:14598541]
:INPUT ACCEPT [4740:1518258]
:FORWARD ACCEPT [25240:13080283]
:OUTPUT ACCEPT [6749:1743387]
:POSTROUTING ACCEPT [30207:14647456]
-A POSTROUTING -o virbr0 -p udp -m udp –dport 68 -j CHECKSUM
–checksum-fill
-A POSTROUTING -o virbr1 -p udp -m udp –dport 68 -j CHECKSUM
–checksum-fill
-A POSTROUTING -o virbr0 -p udp -m udp –dport 68 -j CHECKSUM
–checksum-fill
-A POSTROUTING -o virbr1 -p udp -m udp –dport 68 -j CHECKSUM
–checksum-fill COMMIT
# Completed on Tue Sep 27 22:17:35 2016
# Generated by iptables-save v1.4.7 on Tue Sep 27 22:17:35 2016
*nat
:PREROUTING ACCEPT [1130:73984]
:POSTROUTING ACCEPT [20:1245]
:OUTPUT ACCEPT [245:19366]
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE –to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE –to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE –to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE –to-ports 1024-65535
-A POSTROUTING -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE
-A POSTROUTING -o eth1 -j MASQUERADE
-A POSTROUTING -o br0 -j MASQUERADE
-A POSTROUTING -o eth0 -j MASQUERADE
COMMIT
# Completed on Tue Sep 27 22:17:35 2016
# Generated by iptables-save v1.4.7 on Tue Sep 27 22:17:35 2016
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
:IP4BOGONS – [0:0]
:f2b-default – [0:0]
:f2b-dovecot-pop3imap – [0:0]
-A INPUT -m set –match-set blacklistnet src -j DROP
-A INPUT -m set –match-set blacklist src -j DROP
-A INPUT -s 127.0.0.1/32 -j ACCEPT
-A INPUT -m set –match-set block src -j DROP
COMMIT
# Completed on Tue Sep 27 22:17:35 2016

And my ifconfig:

eth0 Link encap:Ethernet HWaddr 44:37:E6:53:1E:E2
inet addr:192.168.1.110 Bcast:192.168.1.255
Mask:255.255.255.0
inet6 addr: fe80::4637:e6ff:fe53:1ee2/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:601486 errors:0 dropped:0 overruns:0 frame:0
TX packets:601818 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:412662650 (393.5 MiB) TX bytes:508284675 (484.7 MiB)
Interrupt:20 Memory:fe500000-fe520000

eth1 Link encap:Ethernet HWaddr 00:1B:21:AF:6D:22
inet addr:192.168.0.111 Bcast:255.255.255.255
Mask:255.255.255.0
inet6 addr: fe80::21b:21ff:feaf:6d22/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:260 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 b) TX bytes:53372 (52.1 KiB)

lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:44216 errors:0 dropped:0 overruns:0 frame:0
TX packets:44216 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26786210 (25.5 MiB) TX bytes:26786210 (25.5 MiB)

virbr0 Link encap:Ethernet HWaddr 00:00:00:00:00:00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:3 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:162 (162.0 b)

virbr1 Link encap:Ethernet HWaddr 00:00:00:00:00:00
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 b) TX bytes:244 (244.0 b)

Currently, the are no VMs installed or running.

Any help would be greatly appreciated!

36 thoughts on - Virtualization Networking

  • the host thats running the VM, is it connected to a LAN behind a firewall/router, or directly to the internet? if directly, is there a dedicated internet IP address that the VM can use? if yes, then you want a bridged network where the VM uses that dedicated internet IP
    seperate from the host’s IP.

    if its on a LAN with private addressing, you want to use a dedicated LAN
    IP address, seperate from the host’s LAN IP, but since its behinda NAT
    router, I really don’t know how you’d expect it to use DDNS as that will only see the router’s internet IP address.

  • One of the primary advantages of VMs over real machines is that you can pause them, move them, and then restart them, with the VM guest OS not realizing that anything has happened.

    Some virtual machine management systems even automate this, letting you move an active VM without any downtime at all.

    That’s actually the main reason to use NAT over bridged networking: to *prevent* outsiders from connecting into the VM guest. It’s a good thing for exactly the same reason your home internet service’s router/gateway’s NAT is a good thing.

    While it is possible to drill a hole back through the VM’s NAT layer into the guest using port mapping rules, that amounts to double NAT, which adds an unnecessary amount of complexity.

    If all of the threats to the VM guest are outside the LAN’s border gateway, it’s simpler to use bridged networking, and set up the port forwarding rules on the LAN border gateway.

    Beyond that general advice, you escape anything CentOS-specific, so you need to take the problem up elsewhere, such as https://portforward.com/

    Once the VM is set to use port forwarding and a static IP, you can forward port 22 to the Internet.

    I recommend that the port forwarding rule expose the internal port 22 as some random value on the outside. This will cut down on a lot of script kiddie spam in your logs. Some will decry this as “security through obscurity,” but that’s bogus. Obscurity is not a bad thing in itself. The problem comes when obscurity is your *only* security. That’s not the case with SSH.

    I don’t recommend forwarding any other ports to the Internet, if you can possibly get away with it. SSH can do its own port forwarding, which reduces your VM’s attack surface from the Internet. With SSH acting as a poor-man’s VPN, an attacker would have to break SSH before they can get into any of your internal VM’s other services.

    Alternately, you could set up a VPN, and then you wouldn’t need to mess with port forwarding, either at the LAN border or via SSH.

  • ——– Original Message ——–
    Subject: Re: [CentOS] Virtualization Networking From: Warren Young
    Date: Wed, September 28, 2016 1:19 pm To: CentOS mailing list

    One of the primary advantages of VMs over real machines is that you can pause them, move them, and then restart them, with the VM guest OS not realizing that anything has happened.

    Some virtual machine management systems even automate this, letting you move an active VM without any downtime at all.

    That’s actually the main reason to use NAT over bridged networking: to
    *prevent* outsiders from connecting into the VM guest. It’s a good thing for exactly the same reason your home internet service’s router/gateway’s NAT is a good thing.

    While it is possible to drill a hole back through the VM’s NAT layer into the guest using port mapping rules, that amounts to double NAT, which adds an unnecessary amount of complexity.

    If all of the threats to the VM guest are outside the LAN’s border gateway, it’s simpler to use bridged networking, and set up the port forwarding rules on the LAN border gateway.

    Beyond that general advice, you escape anything CentOS-specific, so you need to take the problem up elsewhere, such as https://portforward.com/

    Once the VM is set to use port forwarding and a static IP, you can forward port 22 to the Internet.

    I recommend that the port forwarding rule expose the internal port 22 as some random value on the outside. This will cut down on a lot of script kiddie spam in your logs. Some will decry this as “security through obscurity,” but that’s bogus. Obscurity is not a bad thing in itself. The problem comes when obscurity is your *only* security. That’s not the case with SSH.

    I don’t recommend forwarding any other ports to the Internet, if you can possibly get away with it. SSH can do its own port forwarding, which reduces your VM’s attack surface from the Internet. With SSH acting as a poor-man’s VPN, an attacker would have to break SSH before they can get into any of your internal VM’s other services.

    Alternately, you could set up a VPN, and then you wouldn’t need to mess with port forwarding, either at the LAN border or via SSH.

  • it can, if its got its own internet IP address… but if you’re on consumer internet, with only one public IP address, then the best you can do is port forward specific services to different local hosts, be they virtual or physical.

  • If you only have one address, you’ll need to configure port forwarding or a “bastion host” from that DSL router (whatever it supports). Your
    “no-ip.com” address will simply point at that host.

    You have a couple of options for VMs that you want to access from the LAN. The best documented and probably most widely used is bridged.
    That one also probably requires the most setup:

    https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Networking_Guide/ch-Configure_Network_Bridging.html

    https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/7/html/Virtualization_Deployment_and_Administration_Guide/sect-Network_configuration-Bridged_networking.html

    You can also use macvtap, which doesn’t require the use of a special bridge interface, but you do have to enable hairpin mode if you want the KVM guest to be able to access its guests. I honestly can’t find much useful documentation.

    https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization_Administration_Guide/sect-attch-nic-physdev.html

  • a
    “no-ip.com”
    bridge

    Thanks, I am running 6.8.

    For whatever reason, the default NAT setup no longer works. I got some kind of bridge network (mactap) setup that has access to the outside but I still can’t connect locally.

  • Start over with a new install. Record each change you make, carefully.

    As I noted, when using the macvtap, the host and guest can’t communicate unless you enable hairpin mode.

  • I read something about turning off and disabling NetworkManager. I haven’t done this.

    I’m getting ready to throw in the towel. If I can’t set this up to at least access the VM from the LAN, I can’t test CentOS 7 and the software I want to run. It makes it very hard to setup and configure with vi.

    Thanks!

  • I deleted all virtualization packages and re-installed.

    Something must have been hosed up.

    Installing a VM and it didn’t even ask to setup the network. Hopefully that’s a good sign.

    Will know shortly………………..

    TIA

  • Deletion does not remove all, Try a erase if that did not work.

    Configuration files are not always where you expect then to be.

    Regards Michael Cole

  • OK, I’m about done trying to get this to work. I have spent HOURS reading, installing, re-installing, etc.

    I can get the guest to access the internet but have tried every was possible to be able to access the guest from the LAN or even the host. Nothing I have tried works.

    The only thing all documentation leaves out is how to set up the guest networking during the install. Seems if I don’t set anything up or just set it to DHCP it has internet connectivity, but that is all.

    I have gone back in after the guest has been installed and changed the networking configuration to match my LAN, that doesn’t work either. I lose internet accessibility when I do that.

    I have tried to install CentOS 7 and Debian 8, the same problems with each. I have tried CentOS the built in Virt-Manager and VirtualBox. with same results. Can’t seem to find the free version of VMware but I suspect I
    would have the same results as well.

    Again, any help would be greatly appreciated.

    TI!

  • If you still have in place environment with virt-manager, can you send the output of

    virsh net-list

    Then for every network-name you get into the output of the command above in column “Name”

    virsh net-dumpxml network-name

    Then brctl show

    Feel free to transform any ip you think could be sensible.

    Gianluca

  • VirtualBox gives you a GUI for setting up port forwarding from the host to the guest. It’s under Machine -> Settings -> Network -> Advanced. Did you try it?

  • [Thomas E Dukes]
    Hi!

    Thanks, I did

    I portwared 80 to 8080 and 22 to 2222.

    I also tried the NAT networking, changing the default 10.0.5.0/24 to
    192.168.1.0/24

  • What happens when you issue the command ‘ssh -p 2222 localhost’ on the host? I’m assuming that an SSH server is running on the guest and that there are no firewalls getting in the way.

    Never tried that.

  • Don’t know about the other VM software, but I have several VM guests under VirtualBox. Each of them has their networking set up as “bridged adapter”. Although they could use DHCP then, I’ve used each virtual guest’s network software to set them up with static address configs.

    No problems reaching other lan hosts in either direction nor in reaching the internet.

    Jon

  • “All documentation” doesn’t leave out this information. The links I
    sent earlier clearly and specifically document the process for setting up a network bridge, which you need to do if you want to access your VM
    from the LAN.

    If you need help, you need to provide more information than “I can’t get this to work” and “I’ve tried everything.” Those don’t tell us anything about the state of your system. Useful information would include: your configuration files (/etc/sysconfig/network-scripts/ifcfg-*), the output of “ip link show” and “ip addr show”, the output of “brctl show”, and maybe the output of “virsh iface-list”.

  • network this the configuration show”

    I posted some files previously but that was like 20 or so installs ago. I
    don’t know the files you need.

    For this installation:

    /etc/sysconfig/ifcfg-eth0

    NAME=”eth0″
    BOOTPROTO=none GATEWAY2.168.1.1
    NM_CONTROLLED=no HWADDRD:37:E6:53:1E:E2
    MACADDR=””
    IPV6INIT=no DEVICE=eth0
    NETMASK%5.255.255.0
    MTU=””
    BROADCAST2.168.1.255
    IPADDR2.168.1.110
    NETWORK2.168.1.0
    ONBOOT=yes TYPE=Ethernet

    /etc/sysconfig/ifcfg-eth1

    GATEWAY2.168.1.1
    NAME=””
    BOOTPROTO=none NM_CONTROLLED=no MACADDR=””
    IPV6INIT=no DEVICE=eth1
    NETMASK%5.255.255.0
    MTU=””
    BROADCAST%5.255.255.255
    IPADDR2.168.0.111
    NETWORK2.168.0.0
    ONBOOT=yes

    /etc/sysconfig/ifcfg-lo

    GATEWAY2.168.1.1
    NAME=loopback BOOTPROTO=none MACADDR=””
    IPV6INIT=no DEVICE=lo NETMASK%5.0.0.0
    MTU=””
    BROADCAST7.255.255.255
    IPADDR7.0.0.1
    NETWORK7.0.0.0
    ONBOOT=yes

    # ip link show

    1: lo: mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 44:37:e6:53:1e:e2 brd ff:ff:ff:ff:ff:ff
    3: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:1b:21:af:6d:22 brd ff:ff:ff:ff:ff:ff
    4: vboxnet0: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff

    Absolutely no clue on that!!

    # ip addr show

    1: lo: mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
    2: eth0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 44:37:e6:53:1e:e2 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.110/24 brd 192.168.1.255 scope global eth0
    inet6 fe80::4637:e6ff:fe53:1ee2/64 scope link
    valid_lft forever preferred_lft forever
    3: eth1: mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether 00:1b:21:af:6d:22 brd ff:ff:ff:ff:ff:ff
    inet 192.168.0.111/24 brd 255.255.255.255 scope global eth1
    inet6 fe80::21b:21ff:feaf:6d22/64 scope link
    valid_lft forever preferred_lft forever
    4: vboxnet0: mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 1000
    link/ether 0a:00:27:00:00:00 brd ff:ff:ff:ff:ff:ff
    inet 192.168.56.1/24 brd 192.168.56.255 scope global vboxnet0

    No clue on that one either

    # brctl show

    bridge name bridge id STP enabled interfaces

    # virsh iface-list

    I have uninstalled all CentOS kvm/virtualization packages and trying Vitualbox.

    Got home late this evening. I can un-install VB and re-install CentOS
    virtualization

    TIA

  • Some of the things in your ifcfg files look odd to me. Rather than enumerating them, here are my files from a CentOS-6 host system.

    This is a 2-NIC machine where the “host” uses eth1 and the guest(s)
    use eth0.

    One specific point — lo is the localhost, so I don’t think it should have a gateway entry, as you are showing.

    ifcfg-br0
    ::::::::::::::
    DEVICE=”br0″
    BOOTPROTO=”static”
    BROADCAST=”192.168.1.255″
    DNS1=”192.168.1.36″
    GATEWAY=”192.168.1.1″
    NETMASK=”255.255.255.0″
    IPV6INIT=”no”
    IPV6_AUTOCONF=”no”
    NM_CONTROLLED=”no”
    ONBOOT=”yes”
    TYPE=”Bridge”
    DELAY=”0″
    ::::::::::::::
    ifcfg-eth0
    ::::::::::::::
    DEVICE=”eth0″
    BOOTPROTO=”static”
    BROADCAST=”192.168.1.255″
    DNS1=”192.168.1.36″
    GATEWAY=”192.168.1.1″
    HWADDR=”78:2B:CB:38:73:BD”
    NETMASK=”255.255.255.0″
    NM_CONTROLLED=”no”
    BRIDGE=”br0″
    ONBOOT=”yes”
    ::::::::::::::
    ifcfg-eth1
    ::::::::::::::
    DEVICE=”eth1″
    BOOTPROTO=”static”
    BROADCAST=”192.168.1.255″
    DNS1=”192.168.1.36″
    GATEWAY=”192.168.1.1″
    HWADDR=”78:2B:CB:38:73:BE”
    IPADDR=”192.168.1.52″
    NETMASK=”255.255.255.0″
    NM_CONTROLLED=”yes”
    ONBOOT=”yes”
    ::::::::::::::
    ifcfg-lo
    ::::::::::::::
    DEVICE=lo IPADDR7.0.0.1
    NETMASK%5.0.0.0
    NETWORK7.0.0.0
    ONBOOT=yes NAME=loopback

  • Don’t specify GATEWAY in interface files where it isn’t used. This should be set on eth0 only.

    OK, so you don’t have a bridge interface. If you want to access guest VMs from the LAN, you need to set one up. Refer to the documentation I
    sent earlier. You’ll create a bridge interface configuration, and the move the IP configuration from whichever ethX device you want to enslave to the bridge. The ethX configuration file, then, won’t have any IP
    configuration specified, instead it’ll contain “BRIDGE=br0”.

  • Hi,

    Yes, that is all there were, but ifconfig shows:

    eth0 Link encap:Ethernet HWaddr 44:37:E6:53:1E:E2
    inet addr:192.168.1.110 Bcast:192.168.1.255 Mask:255.255.255.0
    inet6 addr: fe80::4637:e6ff:fe53:1ee2/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:1140835 errors:0 dropped:0 overruns:0 frame:0
    TX packets:915202 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:726508027 (692.8 MiB) TX bytes:272942663 (260.2 MiB)
    Interrupt:20 Memory:fe500000-fe520000

    eth1 Link encap:Ethernet HWaddr 00:1B:21:AF:6D:22
    inet addr:192.168.0.111 Bcast:255.255.255.255 Mask:255.255.255.0
    inet6 addr: fe80::21b:21ff:feaf:6d22/64 Scope:Link
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:513 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 b) TX bytes:115018 (112.3 KiB)

    lo Link encap:Local Loopback
    inet addr:127.0.0.1 Mask:255.0.0.0
    inet6 addr: ::1/128 Scope:Host
    UP LOOPBACK RUNNING MTU:65536 Metric:1
    RX packets:2616 errors:0 dropped:0 overruns:0 frame:0
    TX packets:2616 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:0
    RX bytes:25973275 (24.7 MiB) TX bytes:25973275 (24.7 MiB)

    vboxnet0 Link encap:Ethernet HWaddr 0A:00:27:00:00:00
    inet addr:192.168.56.1 Bcast:192.168.56.255 Mask:255.255.255.0
    UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
    RX packets:0 errors:0 dropped:0 overruns:0 frame:0
    TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
    collisions:0 txqueuelen:1000
    RX bytes:0 (0.0 b) TX bytes:0 (0.0 b)

  • be IP
    bridge. specified,

    I did. I disabled NetworkManager and created one. Its not there now because I have started over so many times.

    Thanks

  • Am 04.10.2016 um 08:46 schrieb Gordon Messmer :

    This can be accomplished by just this (generates ifcfg files etc):

    # virsh iface-bridge eth0 br0

    If eth0 is the LAN interface otherwise change this. The VM
    configuration must then use br0/bridge as interface/type.

  • when the networking isn’t working right. If the issue is simply one of routing (as mostly seems to be the case) you should be able to fix that by tweaking/building the appropriate ifcfg file on the host or guest. You shouldn’t have to be deleting everything and starting over just to resolve that type of issue.

  • Brilliant! I’m not sure why I haven’t noticed that in the docs, before. I’ve definitely been to the page where Red Hat documents it… Thanks.

  • You don’t need to do that on CentOS 7, and I wouldn’t recommend it. Use NetworkManager where it works.

  • –nn5J1ewh2h4jQuW1P0BFBSOfvvxnSdP27
    Content-Type: text/plain; charset=windows-1252
    Content-Transfer-Encoding: quoted-printable

    I’ve just tried that on my machine (CentOS 7):

    # virsh iface-bridge enp4s0 br2
    error: An error occurred, but the cause is unknown

    # virsh iface-bridge enp3s0 br1
    error: An error occurred, but the cause is unknown

    # command -v virsh
    /bin/virsh

    # ip add
    1: lo: mtu 65536 qdisc noqueue state UNKNOWN
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
    valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host
    valid_lft forever preferred_lft forever
    2: enp3s0: mtu 1500 qdisc pfifo_fast state UP qlen 1000
    link/ether brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.2/24 brd 192.168.1.255 scope global enp3s0
    valid_lft forever preferred_lft forever
    inet6
    /64 scope link
    valid_lft forever preferred_lft forever
    3: enp4s0: mtu 1500 qdisc pfifo_fast state DOWN qlen 1000
    link/ether
    brd ff:ff:ff:ff:ff:ff
    inet 192.168.2.2/24 brd 192.168.2.255 scope global enp4s0
    valid_lft forever preferred_lft forever
    4: virbr0: mtu 1500 qdisc noqueue state DOWN
    link/ether
    brd ff:ff:ff:ff:ff:ff
    inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
    valid_lft forever preferred_lft forever
    5: virbr0-nic: mtu 1500 qdisc pfifo_fast master virbr0 state DOWN qlen 500
    link/ether
    brd ff:ff:ff:ff:ff:ff
    # brctl show bridge name bridge id STP enabled interfaces virbr0 8000.
    yes virbr0-nic

    Regards, Martin

    –nn5J1ewh2h4jQuW1P0BFBSOfvvxnSdP27

  • The host is 6.8, the guest is 7.x. I read somewhere in one of the 6.8
    Virtualization guides to turn it off to use a bridge. That may be outdated now.

    On the other hand, I setup a bridge just now and its working!! YEAH!!!!!

    I can access the guest from the LAN. Will know tomorrow if I can access it from work.

    The only problem is the virt manager I’m using is VirtualBox.

    I’m just guessing but I probably can’t run the CentOS virt mangaer with VirtualBox. I got errors trying to do so unless I unloaded some kvm kernel modules.

    I really appreciate everyone’s help and patience.

    Thomas E Dukes