On 3/15/12 9:22 AM, Martin Kletzander wrote:
On 03/14/2012 10:24 PM, Felix Blanke wrote:
> Hello,
>
> this isn't a bug report or an advanced usage question. This is just a
> question from a noob who is new to kvm and needs some help to setup a
> network between the host and the guests. If you're willing to spend a
> little time to help me out please continue reading :)
Even though "mail from mailing list with attachment" scared me a little,
I might have had similar need as you, so I continue =)
Hello,
I'm glad you had the courage to continue :)
> See the attached image for more information. I have a host running with
> a public ip adress. I want to setup some vm for different tasks
> (webserver, mailserver, database, fileserver). I need to setup a network
> where the host can speak to the guests, the guest can speak to each
> other and the guests can speak to the host (meaning to the internet).
> The host also works as a firewall.
>
> Some examples:
>
> A) A package for the webserver (port 80) needs to be routed fron the
> host to the vm1.
>
> B) The mailserver needs to access the database.
>
> C) The mailserver needs to access the internet for sending an email.
>
> So every vm needs one interface. I don't know if it would work if I
> setup one virtual switch for the guest interconnections and use the host
> as a router to route the different ports to the vm interfaces.
>
You are very lucky. The default libvirt installation comes with a
'default' network. You should be able to see it using "virsh net-list
--all". To this network, you can attach a card from the guest and it
provides NAT as well as DHCP (both by default).
If you modify an interface in the guest so it is a<interface
type='network'/> and has<source network='default'/>, it is
virtually
plugged to this network and all the interfaces can see each other and
access the internet.
Example from my guest configuration:
<interface type='network'>
<mac address='52:54:00:37:a1:0c'/>
<source network='default'/>
<address type='pci' domain='0x0000' bus='0x00'
slot='0x07'
function='0x0'/>
</interface>
The way this is done is using iptables (and ebtables if needed and I'm
not wrong), so you can then see it in the system. Libvirt applies these
rules automatically when the network is started (I have it set to
autostart).There is also some filtering (firewall) available but I have
no experience with this.
Everything can be done by "virsh edit", "virsh net-edit" etc. For
more
and deeper information about network configuration, have a look at these
two pages, I hope you find everything you need there:
http://libvirt.org/formatnetwork.html
http://libvirt.org/formatnwfilter.html
So I could use something like "virt-install ... --network=default"? The
problem with that was I couldn't find a switch to set the lease time to
forever or configure the build in dhcp to map "mac -> ip address". Do
you know a way to configure this?
I will try to setup my network using your description after the weekend.
Thanks for your help so far!
One more thing though, if you are missing this functionality on
self-compiled libvirt, don't forget the --with-network parameter for
when configuring the source.
Thanks for that hint. I'm using gentoo and allready had the correct use
flag set :)
> I hope this wasn't so confusing :) What would be the best way
to
> accomplish my goal using virt-install and virsh. Thanks for everyone who
> is trying to help me out.
>
>
> Kind regards,
> Felix
Have a nice day
Martin