Network Configuration Diagram for hosting 8 kvms and ltsp on 12.3 w/ 2 nics and 1 static IP


I need help finding or creating a diagram of a network that has 2 nic cards, 1 fixed IP and domain name, running 8 KVM instances (that are proxed or some how accessible via the Internet using iptables designated mac addresses and ports, I think! multiple domain names?) and LTSP for the internal school network.

I;'ve read through much of the documentation on networking but am still not clear on how to configure the details for physical and virtual network adapters i.e. eth0, eth1, br0, br1 plus when and where to use other opensuse built-in networking i.e. vrnet.

What has confused me is initially setting up the server on my home dsl where both nic cards were tied together and now trying to figure out how to set it up once i have it at the church with a fixed IP?

thank you in advance.

I think I can give you a start. The details would be much more difficult because you’re trying to setup something complex and exactly what you want will determine what you need to do.

Only one NIC should face the Internet. There is no need to connect more than one NIC to the same physical network unless you intend to bond the NICs.

All your internal machines can share the same external NIC, if you’re running your KVM Guests on the same box, I recommend you do <not> bind them to the external NIC, you should bind to the internal NIC. This would make it trivial to connect additional physical machines to your LAN.

Once you understand what I’ve just described, then you should then understand you need to perfrom simple and normal IP Forwarding and SUSE FW rules forwarding inbound traffic from the external to your internal NIC.

Configured this way, if you want to expose external network access to Guests, you should be able to follow standard IP Tables and SUSE FW documentation and procedures.

I recommend setting up KVM using libvirt <if your LAN is entirely KVM guests on the same machine>. Although you can use YAST to create your transparent bridge (br) devices (bound to your internal NIC), I highly recommend instead using libvirt (vm manager) to create your virtual networks(vnet) bound to a transparent bridge(virbr) bound to your internal NIC(eth). There are certain advantages like optional automatic DHCP, dnsmasq and more built into the bridge devices when you use libvirt. Otherwise, the standard documentation (including the official KVM docs) describe configuring regular bridge devices, and then you’d <have to> deploy those services separately. Otherwise, your LAN is more than KVM guests on the same machine (eg other physical machines or KVM guests on other machines), then you’ll need to either configure services so they won’t conflict or turn off the options and as I described deploy DHcP and DNS normally.

Also, consider how you deploy your Domain Controllers if you’re deploying AD or LDAP. There are some security concerns deploying anything on the Host directly when it’s used to support Guests, but Domain Controllers are a special security concern because typically anyone or thing which can gain access to the Host can gain access to any Guest running on the Host (the opposite isn’t true). So, run only essential services on the Host and run everything possible in a Guest instead.

If you’re confused about specifics like exactly how you configure eth and br devices and what they do, just repost. The eth devices is just a “real” physical wired networking interface on a physical device. Typically a virtual network (eg vnet) is a virtual “networking” object which is bound to a virtual bridging device, typically called a br or virbr but I have also seen a tap device used that way. The br/virbr/tap devices are virtual devices that are bound to a physical interface that provide the device connectivity for a virtual network.

virtual network (vnet)
sits on a
br, virbr, or tap device
which sits on a physical
eth0, wlan0 or lo device


When I get some time, I’ll be creating a Wiki page for setting up various virtualization configurations on openSUSE, for almost a year I had experienced intermittent network connectivity problems using various virtual networking technologies (defined bridge devices both created by YAST and libvirt, as well as User Mode Networking).

Recently I finally tracked down the issues, it was confusing that the “blocked” errors were typical of both firewall filtering and ip forwarding disabled. I think I have finally identified <all> the different settings that relate to filtering and forwarding to virtualization which include

commands specific to the networking technology being used

plus anything else which might be present.

Until I’ve posted a hopefully comprehensive Guide, you may need to research and/or post to these forums, it’s been an interesting experience.
Based on research with the following

Including the relatively new “User Mode Networking” which is almost not mentioned in SUSE documentation.