# networking/kvm

## Christian99

Hi, if got a running kvm machine. I want it to be seen in my LAN just as if it would be a real computer plugged into my switch:

What i've done:

creating bridge br0

assinging eth1 to br0

creating tap0

assigning tap0 to br0

bringing up br0 and getting adress from dhcp

starting kvm with those net options: 

-net nic,vlan=1,macaddr=01:23:45:67:89:AB -net tap,vlan=1,script=no,downscript=no,ifname=tap0

I see a networkcard inside my virtual machine, but from there I can't reach my "normal" LAN, neither via dhcp nor when I assign IP manually.

Is something basically wrong with my setup on the host (I guess this is the part not working) or did i just miss a few additional steps? or is something wrong with my kvm setup?

Greetings

Christian

----------

## Hu

Can the guest reach the host?  That will determine whether the problem is a complete lack of network access or whether the host is disrupting access.

----------

## Christian99

don't have a connection in any direction. neither host to gueest nor guest to host.

----------

## Hu

Assuming you meant that you performed the requested test and found no connectivity, rather than that you are not expecting any such connectivity and therefore find my question to be irrelevant, it would be helpful to see the output of ip addr ; ip link ; iptables-save ; tcpdump -n -i interface from both sides, while trying simple traffic such as an ICMP echo request.  Also, please post the output of brctl show on the host.

----------

## bbgermany

maybe you forgot ipforwarding on the host  :Wink: 

bb

----------

## Christian99

@ hu

I performed a ping in both directions, with no answer (Destination Host Unreachable) and also the dhcp request from the guest receives no answer.

i don't have "ip", but i think it's similar to ifconfig, here is it's output:

```

br0       Protokoll:Ethernet  Hardware Adresse 00:1d:7d:08:8b:8d

          inet Adresse:192.168.0.3  Bcast:192.168.0.255  Maske:255.255.255.0

          inet6 Adresse: fe80::21d:7dff:fe08:8b8d/64 Gültigkeitsbereich:Verbindung

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:11391 errors:0 dropped:0 overruns:0 frame:0

          TX packets:5783 errors:0 dropped:0 overruns:0 carrier:0

          Kollisionen:0 Sendewarteschlangenlänge:0

          RX bytes:2487669 (2.3 MiB)  TX bytes:665926 (650.3 KiB)

eth1      Protokoll:Ethernet  Hardware Adresse 00:1d:7d:08:8b:8d

          inet6 Adresse: fe80::21d:7dff:fe08:8b8d/64 Gültigkeitsbereich:Verbindung

          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1

          RX packets:5775610 errors:0 dropped:0 overruns:0 frame:0

          TX packets:5601988 errors:0 dropped:0 overruns:0 carrier:0

          Kollisionen:0 Sendewarteschlangenlänge:1000

          RX bytes:3329854813 (3.1 GiB)  TX bytes:4231698703 (3.9 GiB)

          Interrupt:31 Basisadresse:0x4000

lo        Protokoll:Lokale Schleife

          inet Adresse:127.0.0.1  Maske:255.0.0.0

          inet6 Adresse: ::1/128 Gültigkeitsbereich:Maschine

          UP LOOPBACK RUNNING  MTU:16436  Metric:1

          RX packets:5194147 errors:0 dropped:0 overruns:0 frame:0

          TX packets:5194147 errors:0 dropped:0 overruns:0 carrier:0

          Kollisionen:0 Sendewarteschlangenlänge:0

          RX bytes:1963829301 (1.8 GiB)  TX bytes:1963829301 (1.8 GiB)

```

if u need it, in which packet is "ip"?

i don't have iptables also. I thought i only need it fot firewalling the bridge?

tcpdump -n -i br0 while pinging:

```

16:14:21.558846 IP 192.168.0.3.53999 > 85.114.132.153.80: . ack 1159 win 501 <nop,nop,timestamp 856405372 1474117048>     

16:14:21.768188 STP 802.1d, Config, Flags [none], bridge-id 8000.02:23:8b:55:12:bf.8000, length 43

16:14:22.866679 arp who-has 192.168.0.10 tell 192.168.0.3

16:14:23.373481 IP6 fe80::5c49:2bbf:662d:e2a5.60527 > ff02::c.1900: UDP, length 146

16:14:23.499778 IP6 fe80::5c49:2bbf:662d:e2a5.546 > ff02::1:2.547: dhcp6 solicit

16:14:23.768245 STP 802.1d, Config, Flags [none], bridge-id 8000.02:23:8b:55:12:bf.8000, length 43

16:14:23.866683 arp who-has 192.168.0.10 tell 192.168.0.3

16:14:24.866684 arp who-has 192.168.0.10 tell 192.168.0.3

16:14:25.610618 IP 74.125.39.147.80 > 192.168.0.3.56668: F 2293683352:2293683352(0) ack 798822534 win 125 <nop,nop,timestamp 2034881746 856169422>

16:14:25.651438 IP 192.168.0.3.56668 > 74.125.39.147.80: . ack 1 win 62 <nop,nop,timestamp 856409464 2034881746>

16:14:25.768468 STP 802.1d, Config, Flags [none], bridge-id 8000.02:23:8b:55:12:bf.8000, length 43

16:14:26.373582 IP6 fe80::5c49:2bbf:662d:e2a5.60527 > ff02::c.1900: UDP, length 146

16:14:26.559752 IP 192.168.0.3.53998 > 85.114.132.153.80: P 1032:2014(982) ack 808 win 501 <nop,nop,timestamp 856410373 1474115782>

16:14:26.616769 IP 85.114.132.153.80 > 192.168.0.3.53998: P 808:1305(497) ack 2014 win 501 <nop,nop,timestamp 1474118312 856410373>

16:14:26.616810 IP 192.168.0.3.53998 > 85.114.132.153.80: . ack 1305 win 501 <nop,nop,timestamp 856410430 1474118312>

16:14:26.867679 arp who-has 192.168.0.10 tell 192.168.0.3

16:14:27.768557 STP 802.1d, Config, Flags [none], bridge-id 8000.02:23:8b:55:12:bf.8000, length 43

16:14:27.867681 arp who-has 192.168.0.10 tell 192.168.0.3

16:14:28.867680 arp who-has 192.168.0.10 tell 192.168.0.3

16:14:29.768623 STP 802.1d, Config, Flags [none], bridge-id 8000.02:23:8b:55:12:bf.8000, length 43

16:14:30.374029 IP6 fe80::5c49:2bbf:662d:e2a5.60527 > ff02::c.1900: UDP, length 146

16:14:30.868680 arp who-has 192.168.0.10 tell 192.168.0.3

16:14:31.622071 IP 192.168.0.3.53999 > 85.114.132.153.80: P 1964:2946(982) ack 1159 win 501 <nop,nop,timestamp 856415435 1474117048>

16:14:31.677640 IP 85.114.132.153.80 > 192.168.0.3.53999: P 1159:1656(497) ack 2946 win 501 <nop,nop,timestamp 1474119578 856415435>

16:14:31.677687 IP 192.168.0.3.53999 > 85.114.132.153.80: . ack 1656 win 501 <nop,nop,timestamp 856415491 1474119578>

16:14:31.768698 STP 802.1d, Config, Flags [none], bridge-id 8000.02:23:8b:55:12:bf.8000, length 43

16:14:31.868681 arp who-has 192.168.0.10 tell 192.168.0.3

```

brctl show:

```

brctl show

bridge name     bridge id               STP enabled     interfaces

br0             8000.001d7d088b8d       no              eth1

                                                        tap0

```

the guest system is windows, so don't have these utilities. if you need it, i'll set up a linux, and perform the tests there too.

@bb:

yeah, i didn't even know about that....

now i have 

/proc/sys/net/ipv4/ip_forward = 1

but no change. do i need anymore about ipforwarding?

I'm also not sure if i need to set tap0 up or down.

Internetconnection works with "ifconfig eth1 up" and "ifconfig eth1 down". but what is about tap0?

----------

## bbgermany

When adding devices to a bridge, they should be down (iirc). afterwards they need to be up. so, since your tap0 is not up, you wont get a connection at all. 

do you have a gui installed on this machine? or do you have a remote machine where you work at with linux? if yes, you should spend some time in configuring libvirt and virt-manager. this will handle firewall, bridge etc for you.

bb

----------

## Hu

 *bbgermany wrote:*   

> maybe you forgot ipforwarding on the host 

 

The host does not need IP forwarding enabled if he just wants it to receive traffic from a directly connected peer.  He may need it later, but first he needs to sort out why the host and guest cannot communicate.

 *Christian99 wrote:*   

> I performed a ping in both directions, with no answer (Destination Host Unreachable) and also the dhcp request from the guest receives no answer.
> 
> i don't have "ip", but i think it's similar to ifconfig, here is it's output:

 Vaguely similar, but the ip command from sys-apps/iproute2 presents the information in a more concise manner, and can be used to provide the routing table.

 *Christian99 wrote:*   

> 
> 
> i don't have iptables also. I thought i only need it fot firewalling the bridge?

 Yes, firewalling or NATing.  Improper firewall rules can cause problems, but if you do not have iptables, you probably have no firewall rules.

 *Christian99 wrote:*   

> I'm also not sure if i need to set tap0 up or down.
> 
> Internetconnection works with "ifconfig eth1 up" and "ifconfig eth1 down". but what is about tap0?

 For best results, interfaces should be up when you want them to pass traffic.

----------

## Christian99

ok, then here are outputs from ip addr:

```
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

    inet 127.0.0.1/8 brd 127.255.255.255 scope host lo

    inet6 ::1/128 scope host

       valid_lft forever preferred_lft forever

2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000

    link/ether 00:1d:7d:08:8b:9d brd ff:ff:ff:ff:ff:ff

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:1d:7d:08:8b:8d brd ff:ff:ff:ff:ff:ff

    inet6 fe80::21d:7dff:fe08:8b8d/64 scope link

       valid_lft forever preferred_lft forever

4: tunl0: <NOARP> mtu 1480 qdisc noop state DOWN

    link/ipip 0.0.0.0 brd 0.0.0.0

5: gre0: <NOARP> mtu 1476 qdisc noop state DOWN

    link/gre 0.0.0.0 brd 0.0.0.0

6: sit0: <NOARP> mtu 1480 qdisc noop state DOWN

    link/sit 0.0.0.0 brd 0.0.0.0

7: ip6tnl0: <NOARP> mtu 1460 qdisc noop state DOWN

    link/tunnel6 :: brd ::

30: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN

    link/ether 00:1d:7d:08:8b:8d brd ff:ff:ff:ff:ff:ff

    inet 192.168.0.3/24 brd 192.168.0.255 scope global br0

    inet6 fe80::21d:7dff:fe08:8b8d/64 scope link

       valid_lft forever preferred_lft forever

31: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500

    link/ether 7a:bd:30:cb:85:0f brd ff:ff:ff:ff:ff:ff

    inet6 fe80::78bd:30ff:fecb:850f/64 scope link

       valid_lft forever preferred_lft forever
```

and ip link:

```
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue state UNKNOWN

    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00

2: eth0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc pfifo_fast state DOWN qlen 1000

    link/ether 00:1d:7d:08:8b:9d brd ff:ff:ff:ff:ff:ff

3: eth1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP qlen 1000

    link/ether 00:1d:7d:08:8b:8d brd ff:ff:ff:ff:ff:ff

4: tunl0: <NOARP> mtu 1480 qdisc noop state DOWN

    link/ipip 0.0.0.0 brd 0.0.0.0

5: gre0: <NOARP> mtu 1476 qdisc noop state DOWN

    link/gre 0.0.0.0 brd 0.0.0.0

6: sit0: <NOARP> mtu 1480 qdisc noop state DOWN

    link/sit 0.0.0.0 brd 0.0.0.0

7: ip6tnl0: <NOARP> mtu 1460 qdisc noop state DOWN

    link/tunnel6 :: brd ::

30: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN

    link/ether 00:1d:7d:08:8b:8d brd ff:ff:ff:ff:ff:ff

31: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UNKNOWN qlen 500

    link/ether 7a:bd:30:cb:85:0f brd ff:ff:ff:ff:ff:ff
```

never knew that there are so many interfaces....

----------

## bbgermany

Hi,

i rechecked your startup command. is there something special about your vlans? have you tried vlan=0 instead of vlan=1? also, did you checkout the gentoo wiki about kvm? if not, check out: http://en.gentoo-wiki.com/wiki/KVM

bb

----------

## Christian99

no, there's nothing special, but as far as i could get it, they only need to be similar, aren't they?

yes, I have been in the wiki also. Unfortunately it's not exact the same as I want to do, but I tried to adopt it to my needs.

----------

## AngelKnight

 *Christian99 wrote:*   

> Hi, if got a running kvm machine. I want it to be seen in my LAN just as if it would be a real computer plugged into my switch:
> 
> What i've done:
> 
> creating bridge br0
> ...

 

From all appearances, you aren't using 802.1q VLAN tagging.  Remove the "vlan=1" parameter or else it's emitting 802.1q tagged frames which, from what you've provided so far, nothing on your network is apparently set to handle.

----------

