Qemu (kvm) internal network setup

Andreas Schneider — Thu, 12 Jul 2007 19:19:42 +0000

I got a new notebook, a nice Thinkpad T61 with virtualization technology. I need to run some Windows system for development so I’ve decided to use the Kernel based Virtual Machine (KVM). The VMs should communicate over an internal network but should have access to the internet and I want access via network to them. So I setup a bridge with TUN/TAP devices masqueraded to my normal interface.


               HOST            QEMU GUEST1
        +---------------+   +--------------+
        | 10.10.5.158   |   |              |
 LAN ---+---- eth0      |   |              |
        |               |   |              |    QEMU GUEST2
        |   +------+ +--+---+---- nic0     |   +--------------+
        |   | tap0---+  |   |192.168.100.5 |   |              |
        |   | tap1---+  |   +--------------+   |              |
        |   +------+ |  |                      |              |
        |     br0    +--+----------------------+---- nic0     |
        |192.168.100.254|                      |192.168.100.1 |
        +---------------+                      +--------------+

Needed packages:

tunctl (uml-utilities)
bridge-utilities
kvm

Setup the network:

Create a file call kvm-network with the following content and make it executeable.

#!/bin/bash

KVMNET_UID=1000
KVMNET_GID=$(grep kvm /etc/group | cut -d ':' -f 3)

# number of TUN/TAP devices to setup
NUM_OF_DEVICES=3

case $1 in
        start)
                modprobe kvm
                modprobe kvm_intel

                modprobe tun
                echo "Setting up bridge device br0"
                brctl addbr br0
                ifconfig br0 192.168.100.254 netmask 255.255.255.0 up
                for ((i=0; i < NUM_OF_DEVICES ; i++)); do
                        echo -n "Setting up "
                        tunctl -b -g ${KVMNET_GID} -t kvmnet$i
                        #tunctl -b -u ${KVMNET_UID} -t kvmnet$i
                        brctl addif br0 kvmnet$i
                        ifconfig kvmnet$i up 0.0.0.0 promisc
                done
                SuSEfirewall2 stop
                SuSEfirewall2
        ;;
        stop)
                for ((i=0; i < NUM_OF_DEVICES ; i++)); do
                        ifconfig kvmnet$i down
                        brctl delif br0 kvmnet$i
                        tunctl -d kvmnet$i
                done
                ifconfig br0 down
                brctl delbr br0
                SuSEfirewall2 stop
                SuSEfirewall2

                rmmod kvm_intel
                rmmod kvm
        ;;
        *)
                echo "Usage: $(basename $0) (start|stop)"
        ;;
esac

br0 is the gateway to the external network.

Setting up the firewall:

Edit /etc/sysconfig/SuSEfirewall and set the following variables:

FW_DEV_INT="br0 qtap0 qtap1 qtap2 qtap3 qtap4"
FW_ROUTE="yes"
FW_MASQUERADE="yes"
FW_MASQ_NETS="192.168.100.0/24"
FW_PROTECT_FROM_INT="no"

If you don't run a SUSE system use the following lines to setup masquerading:

echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

On the guest you have to set the default gateway to 192.168.100.254 which is the bridge br0 and take a look in /etc/resolv.conf to get the name servers. I run a Windows 2003 Server as a guest which is the dhcp and name server for the other guests (Vista, several Linux installations).

Setting up qemu

Guest 1:

#!/bin/bash

qemu-kvm /path/to/vm.img \
          -net nic,model=rtl8139,macaddr=52:54:00:12:34:56 \
          -net tap,ifname=qtap0,script=no \
          -m 256 \
          -smp 1 \
          -usb \
          -usbdevice tablet \
          -localtime

Guest 2:

#!/bin/bash

qemu-kvm /path/to/vm2.img \
          -net nic,model=rtl8139,macaddr=52:54:00:12:34:57 \
          -net tap,ifname=qtap1,script=no \
          -m 256 \
          -smp 1 \
          -usb \
          -usbdevice tablet \
          -localtime

Note that the VMs have different MAC addresses. It took me a long time to find why I couldn't ping from one guest to another By the way, one of the guests is running Vista, which runs smoothly on my machine with KVM.