This one got me for more time than I wish to admit, and seems to have caught others out along the way, this is how I finally solved it…<\/p>\n\n\n
![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2024\/08\/image-2.png\")
<\/a><\/figure><\/div>\n\n\n\n\n\n\nThis test setup has the following parameters:<\/p>\n\n\n\n
- \n
- Network: 10.0.4.0\/24<\/li>\n\n\n\n
- Internet Gateway: 10.0.4.1<\/li>\n\n\n\n
- KVM Host: 10.0.4.100<\/li>\n\n\n\n
- GuestL 10.0.4.101<\/li>\n<\/ul>\n\n\n\n
Install KVM and Cockpit<\/h3>\n\n\n\n
Install KVM and Cockpit (For easy access and testing of a guest):<\/p>\n\n\n\n
apt install qemu-kvm libvirt-daemon-system libvirt-clients bridge-utils virtinst cockpit cockpit-machines<\/code><\/pre>\n\n\n\nFor Debain 12, Cockpit blocks login from root, remove it from the disallowed-users file:<\/p>\n\n\n\n
nano \/etc\/cockpit\/disallowed-users<\/code><\/pre>\n\n\n\nRestart Cockpit to take changes:<\/p>\n\n\n\n
systemctl restart cockpit<\/code><\/pre>\n\n\n\nCockpit’s web interface can be accessed via port 9090 of the host IP.<\/p>\n\n\n\n
https://10.0.4.100:9090\/<\/code><\/pre>\n\n\n\nHost Network<\/h3>\n\n\n\n
Now bridge-utils is installed, the bridge can be configured on the host:<\/p>\n\n\n\n
nano \/etc\/network\/interfaces<\/code><\/pre>\n\n\n\nRemove \/ comment out the physical interface config and add the new bridge br0:<\/p>\n\n\n\n
# The loopback network interface\r\nauto lo\r\niface lo inet loopback\r\n\r\n# The primary network interface\r\nallow-hotplug ens192\r\niface ens192 inet manual\r\n #address 10.0.4.100\/24\r\n #gateway 10.0.4.1\r\n # dns-* options are implemented by the resolvconf package, if installed\r\n #dns-nameservers 10.0.4.1\r\n #dns-search debian-kvm.james-batchelor.local\r\n\r\nauto br0\r\niface br0 inet static\r\n address 10.0.4.100\r\n netmask 255.255.255.0\r\n network 10.0.4.0\r\n broadcast 10.0.4.255\r\n gateway 10.0.4.1\r\n bridge_ports ens192\r\n bridge_stp off\r\n bridge_fd 0\r\n bridge_maxwait 0\r\n dns-nameservers 1.1.1.1\r\n hwaddress ether 00:0c:29:3a:bc:72\r\n post-up echo 1 > \/proc\/sys\/net\/ipv4\/ip_forward<\/code><\/pre>\n\n\n\nNOTE: Add the hwaddress line and use the mac address of the physical interface, otherwise you’ll loose connection to the host when networking is restarted.
NOTE: For my solution, IP forwarding needs to be enabled.<\/p>\n\n\n\nRestart networking service, cross your fingers:<\/p>\n\n\n\n
systemctl restart networking<\/code><\/pre>\n\n\n\nGuest setup<\/h3>\n\n\n\n
Create folders for the guests:<\/p>\n\n\n\n
mkdir \/vm\nmkdir \/vm\/iso\nmkdir \/vm\/datastore<\/code><\/pre>\n\n\n\nThis issue got me for a while, so for testing I refined the process down to using a System Rescue cd for quick VM spin ups. Download the ISO:<\/p>\n\n\n\n
wget https:\/\/fastly-cdn.system-rescue.org\/releases\/11.01\/systemrescue-11.01-amd64.iso -P \/vm\/iso\/<\/code><\/pre>\n\n\n\nNow create the VM from the CLI:<\/p>\n\n\n\n
virt-install --name vm-test --ram=8192 --vcpu=4 --cpu host-passthrough --disk path=\/vm\/datastore\/vm-test,size=8 --cdrom \/vm\/iso\/systemrescue-11.01-amd64.iso --os-variant linux2022 --network bridge=br0,model=virtio --graphics vnc<\/code><\/pre>\n\n\n\nNow you can move to Cockpit to view and configure the guest from its console.<\/p>\n\n\n\n
Guest Networking<\/h3>\n\n\n\n
Lets take a second to think about whats happening when a guest pings the network; It has to leave through the host in order to get to the gateway, as the ARP table has has the correct details for the guest (including guest’s actual MAC), the ping reply will be send to the guest but needs to go through the host first.<\/p>\n\n\n\n
Therefore a static route is needed to steer traffic for the guest through the host. On the router, create a static route:<\/p>\n\n\n
\n![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2024\/08\/image.png\")
<\/a><\/figure><\/div>\n\n\n<\/p>\n\n\n\n
Via Cockpit, access the console of the System Rescue OS, enter the network config via:<\/p>\n\n\n\n
nmtui<\/code><\/pre>\n\n\n\nNavigate to edit a connection, and select the Wired Ethernet Connection, set IPv4 configuration to Manual and add the details:<\/p>\n\n\n\n
- \n
- IP address: IP address you set as the destination of the static route.<\/li>\n\n\n\n
- Gateway: IP address of host.<\/li>\n<\/ul>\n\n\n\n
![\"\"](\"https:\/\/james-batchelor.com\/wp-content\/uploads\/2024\/08\/image-1.png\")
<\/a><\/figure><\/div>\n\n\nSelect OK at the bottom of the screen to confirm config, go back to the main menu.<\/p>\n\n\n\n
TIP: Navigate to Activate Connections and toggle the interface off and back on, as otherwise there is a lag before the config is applied to the network.<\/p>\n\n\n\n
Test with pings from the guest and to it from other machines, they should now respond.<\/p>\n","protected":false},"excerpt":{"rendered":"
I’ve been playing with KVM on Debian 12 as a candidate for moving away from VMware as a hypervisor on my home server. I’ve been testing by using Debian 12 as VM in ESXI set with hardware CPU\/MMU enabled, and virtualisaion passthrough enabled. I’d like the KVM guests to access the network in bridge mode … Continue reading “Debian 12: KVM Guest using Bridged Network”<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[212,5],"tags":[391,396,389,390,394,395,392,393],"class_list":["post-951","post","type-post","status-publish","format-standard","hentry","category-network","category-servers","tag-bookworm","tag-cockpit","tag-debian","tag-debian-12","tag-gateway","tag-issue","tag-kvm","tag-ping"],"_links":{"self":[{"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/posts\/951","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/comments?post=951"}],"version-history":[{"count":4,"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/posts\/951\/revisions"}],"predecessor-version":[{"id":958,"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/posts\/951\/revisions\/958"}],"wp:attachment":[{"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/media?parent=951"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/categories?post=951"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/james-batchelor.com\/index.php\/wp-json\/wp\/v2\/tags?post=951"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}