On 03/14/2012 10:24 PM, Felix Blanke wrote:
Hello,
this isn't a bug report or an advanced usage question. This is just a
question from a noob who is new to kvm and needs some help to setup a
network between the host and the guests. If you're willing to spend a
little time to help me out please continue reading :)
Even though "mail from mailing list with attachment" scared me a little,
I might have had similar need as you, so I continue =)
See the attached image for more information. I have a host running
with
a public ip adress. I want to setup some vm for different tasks
(webserver, mailserver, database, fileserver). I need to setup a network
where the host can speak to the guests, the guest can speak to each
other and the guests can speak to the host (meaning to the internet).
The host also works as a firewall.
Some examples:
A) A package for the webserver (port 80) needs to be routed fron the
host to the vm1.
B) The mailserver needs to access the database.
C) The mailserver needs to access the internet for sending an email.
So every vm needs one interface. I don't know if it would work if I
setup one virtual switch for the guest interconnections and use the host
as a router to route the different ports to the vm interfaces.
You are very lucky. The default libvirt installation comes with a
'default' network. You should be able to see it using "virsh net-list
--all". To this network, you can attach a card from the guest and it
provides NAT as well as DHCP (both by default).
If you modify an interface in the guest so it is a <interface
type='network'/> and has <source network='default'/>, it is
virtually
plugged to this network and all the interfaces can see each other and
access the internet.
Example from my guest configuration:
<interface type='network'>
<mac address='52:54:00:37:a1:0c'/>
<source network='default'/>
<address type='pci' domain='0x0000' bus='0x00'
slot='0x07' function='0x0'/>
</interface>
The way this is done is using iptables (and ebtables if needed and I'm
not wrong), so you can then see it in the system. Libvirt applies these
rules automatically when the network is started (I have it set to
autostart).There is also some filtering (firewall) available but I have
no experience with this.
Everything can be done by "virsh edit", "virsh net-edit" etc. For
more
and deeper information about network configuration, have a look at these
two pages, I hope you find everything you need there:
http://libvirt.org/formatnetwork.html
http://libvirt.org/formatnwfilter.html
One more thing though, if you are missing this functionality on
self-compiled libvirt, don't forget the --with-network parameter for
when configuring the source.
I hope this wasn't so confusing :) What would be the best way to
accomplish my goal using virt-install and virsh. Thanks for everyone who
is trying to help me out.
Kind regards,
Felix
Have a nice day
Martin