KVM Bridgeing - Internal and External networks

[moshe]

Hi All,

Setting up a new CentOS 8 virtual server(KVM) with two physical NICs.

NIC 1 will be connected to the external network via the firewall. Its IP is: 192.168.1.20 (eno1). ExtNet
NIC 2 will will be connected to the internal network via the network switch. Its IP is: 10.0.0.22 (eno2). IntNet

Each VM will need two legs. One to IntNet and one to ExtNet (for direct exposed connections, smtp, ssh, etc). The external router/firewall(192.168.1.1) will handle the port forwarding to the eno1 IP.

Under CentOS5 I setup xenbr2 and xenbr3 to solve this problem. Not clear how to do this in the CentOS 8 world.

Assistance and/or pointers to a HowTO would be appreciated.

Thank you,
~Moshe

[TrevorH]

Same way, you need to set up a bridge on both connections - e.g. br0 and br1 or pick your own names.

[moshe]

Trevor,

Thank you for your reply!

It sounds like i am making it more complex than i need too. Under CentOS 5 i did it using the /etc/xen/scripts/network-bridge and network-bridge-n2 scripts.

Are you saying i just bring eno1 up as br0 and eno2 as br1 and KVM will figure it out figure it out based on the virtual nics i will add to the individual VMs?

Thank you,
~Moshe

[TrevorH]

I think some of it depends on the first question: are you using NetworkManager or the network service?

With the old style network service what you need to do is create a /etc/sysconfig/network-scripts/ifcfg-br0 (f.e.) file that looks a bit like this

Code: Select all

DEVICE="br0"
BOOTPROTO=none
ONBOOT=yes
TYPE=Bridge
IPADDR="x.x.x.x"
NETMASK="x.x.x.x"
IPV6INIT=yes
IPV6ADDR=yours
IPV6_DEFAULTGW=yours

You move the IP*= and NETMASK= parameters over from the real interface file to the br0 one. We have ipv6 so I included those, if you don't then just remove them. Then you need to edit the /etc/sysconfig/network-scripts/ifcfg-$interface file for the interface that you want to be part of the bridge, comment out the IP*/NETMASK lines and add BRIDGE=br0

If you use NM then best abandon all that and follow the upstream doc like https://access.redhat.com/documentation ... k_bridging

Oh and when you use virt-install or whatever method you use to create your VM then you tell it the network interface to use, repeated if you want more than one interface. You tell it there to use the bridge - see man virt-install

[moshe]

Thank you. I will give that a try. Much appreciated.

~Moshe

[jlehtone]

NetworkManager (albeit in CentOS 7), from CLI, and less words than the upstream doc (although doc is better):
viewtopic.php?f=47&t=71731#p301850
(details obviously differ from your case)

[moshe]

I am heading on-site today to give it a try. Will report any additional issues if needed. Much appreciated!