Requirement for Host & Guest Network Address to be the Same

Hi,

First time poster and complete Linux novice so please be gentle! :smiley:

We have a requirement for users to connect to their VM’s within the same IP subnet as the host server. The server worked previously setup this way but after a rebuild I’m having difficulty setting it up again.

eth0 on the host server used to get it’s IP address from the site’s DHCP server, 192.168.193.199 and the VM’s had IP addresses ranging from 192.168.193.200-210. Still receiving the correct IP address for the host but the first VM I’ve created using Virtual Manager is using the virtual network 192.168.122.0. I’ve read and tried various things to get this going. I believe it’s a public bridge I’m looking for but struggling to find the instructions to get me there.

I thought posting here, receiving advice and posting my results may have more success.

Appreciate any advice coming my way.

TiA.

@JyTees51:

Which Virtual Machine are you using?

  • Xen?
  • KVM?
  • Oracle VirtualBox?

Are you using the openSUSE Virtual Machine Manager?

  • BTW, Oracle have their own Manager for VirtualBox and, their own documentation …

[HR][/HR]BTW, the openSUSE Virtualisation documentation is here – <https://doc.opensuse.org/documentation/leap/virtualization/html/book-virtualization/index.html>.

KVM and Opensuse Virtual Machine Manager.

@JyTees51:

If the Virtual Guests need to use the same IP subnet as the VM Server then, you can configure the guests to use a Network Bridge – <https://doc.opensuse.org/documentation/leap/virtualization/html/book-virtualization/cha-libvirt-host.html#libvirt-networks-bridged>.

But, if the VM Guests need to have their own DHCP and DNS services then, you’ll have to take a look at Virtual Networks – <https://doc.opensuse.org/documentation/leap/virtualization/html/book-virtualization/cha-libvirt-host.html#libvirt-networks-virtual>.

We’ve pretty much tried all of that and had no success.

eth0 had an IP from the local subnet using DHCP and was accessible from the local lan (192.168.193.199/24). We tried the following:

  1. Used Yast to create br0, removed IP from eth0 & changed br0 to use static IP. Also tried using DHCP, same result not able to ping to host, removed br0 config
  2. Used virtual machine manager to create virbr1, NAT mode with any interface. Tried to create with same ip subnet but get error message saying “Network is already in use by interface eth0”
  3. Used virtual machine manager, added a virbr1 NAT mode with any interface and a small ip subnet (192.168.193.0/28) which isn’t used in the main lan, the guest was able to ping out to the main lan but devices on this lan couldn’t reach the guest, I read in NAT mode you don’t need to add any static route to the gateway?
  4. Used virtual machine manager, added a virbr2 Routed mode with another subnet on lan, this allocated a dhcp address for the host and dhcp address from the DHCP range configured to the guest but unable to reach in or out from the host virtual network

#3 has proved the most successful but not sure why its not getting any response when trying from the main lan towards the guests. We need the VM’s to be accessible from the lan.

Then, there are 2 Firewalls “protecting” the VM Guests –

  • The Firewall on the VM Host.
  • The Firewall on each VM Guest.

Please check the following – on the VM Host and, on each VM Guest –


 # firewall-cmd --state
running
 # 
 # firewall-cmd --check-config
success
 # 


 > firewall-cmd --get-active-zones
docker
  interfaces: docker0
trusted
  interfaces: eth0
 > 
 > firewall-cmd --get-default-zone 
public
 > 
 > firewall-cmd --get-zone-of-interface=eth0
trusted
 > 

Consider setting the Firewall Zone of the Ethernet interface of the VM Host and each VM Guest to “trusted” – assuming that, the LAN can only be accessed by machines which are physically attached to the LAN …

  • If you’re allowing remote access to the LAN then, you’ll have to consider some more complex rules for the Firewall.

Documentation is here – <Masquerading and firewalls | Security and Hardening Guide | openSUSE Leap 15.5.

Firewall was the first thing I checked on both.

Not running on either the host or the guests.

I have a setup of pretty much what you want to do. I set it up as per your #1 except I am using DHCP not a static IP but I am setting a default gateway manually. I also have br0: and p3p1: (Equivalent to your eth0:) set to trusted in Firewalld as @dcurtisfra suggested. I also have p3p1: added to the bridge.

This is my host setup:


skylab:~ # ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: p3p1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP group default qlen 1000
    link/ether d0:67:e5:0c:97:74 brd ff:ff:ff:ff:ff:ff
3: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
    link/ether d0:67:e5:0c:97:74 brd ff:ff:ff:ff:ff:ff
    inet 192.168.27.2/24 brd 192.168.27.255 scope global br0
       valid_lft forever preferred_lft forever
    inet6 2a00:23c5:b3a6:802:1888:122a:3262:5d65/64 scope global temporary dynamic 
       valid_lft 604238sec preferred_lft 85817sec
    inet6 2a00:23c5:b3a6:802:d267:e5ff:fe0c:9774/64 scope global dynamic mngtmpaddr 
       valid_lft 2591908sec preferred_lft 604708sec
    inet6 fe80::d267:e5ff:fe0c:9774/64 scope link 
       valid_lft forever preferred_lft forever

When the guest is started vnet0: is automatically created and added to the bridge on the host. “ip addr” now adds this entry


4: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UNKNOWN group default qlen 1000
    link/ether fe:54:00:b8:8d:79 brd ff:ff:ff:ff:ff:ff
    inet6 fe80::fc54:ff:feb8:8d79/64 scope link 
       valid_lft forever preferred_lft forever

The guest is set to DHCP but again I add the default gateway manually and firewalld is set to trusted.

The guest setup is as follows:

 ip addr1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
    link/ether 52:54:00:b8:8d:79 brd ff:ff:ff:ff:ff:ff
    altname enp1s0
    inet 192.168.27.19/24 brd 192.168.27.255 scope global eth0
       valid_lft forever preferred_lft forever
    inet6 2a00:23c5:b3a6:802:c21:bb7:8845:b750/64 scope global temporary dynamic 
       valid_lft 604408sec preferred_lft 85568sec
    inet6 2a00:23c5:b3a6:802:5054:ff:feb8:8d79/64 scope global dynamic mngtmpaddr 
       valid_lft 2591820sec preferred_lft 604620sec
    inet6 fe80::5054:ff:feb8:8d79/64 scope link 
       valid_lft forever preferred_lft forever



Finally this is the XML code for my network configuration of the guest (I am using VMM so just clicked the XML tab):

<interface type="bridge">  <mac address="52:54:00:b8:8d:79"/>
  <source bridge="br0"/>
  <target dev="vnet0"/>
  <model type="virtio"/>
  <alias name="net0"/>
  <address type="pci" domain="0x0000" bus="0x01" slot="0x00" function="0x0"/>
</interface>



Thanks for the reply Julina.

The xml code for br0 was the missing link. I found the info here https://doc.opensuse.org/documentation/leap/archive/15.2/virtualization/html/book.virt/cha-libvirt-networks.html

EXAMPLE 11.4: USING AN EXISTING BRIDGE ON VM HOST SERVER

<network>
<name>host-bridge</name>
<forward mode=“bridge”/>
<bridge name=“br0”/>
</network>