Home / server / Questions / 1053873
Accepted
sanjib
Asked: 2021-02-17 10:59:07 +0800 CST

KVM hosts to be accessible from outside world for server purpose In centos 7

  • 772

Today i just ran into a problem i just wanted to ask a question to all of you

I have just install kvm in my system and i have some how managed to get a node installed and working in the system Now what i want is i want to host a server in the node

I have access to the KVM host server with its public ip (eth0) The only interface

Not i have a public ip to give to the node but i am not understanding how to do it

Every time i make a bridge connection between eth0 and new br0 interface it fails and i lost my connection

So how can i acess my kvm node from outside world any tips i am very new TO KVM so plz do help me with the steps about how to link what network

virtualization linux kvm-virtualization libvirt

2 Answers

  1. Best Answer

    Don't bridge your eth0. Leave its IP address and configuration as it is. Instead, make your host a router for your VMs.

    Let's assume that network on your host works and it is able to access an Internet.

    You have to create a "pure virtual" bridge, which won't have any member assigned at first. Let's call the bridge br0:

    ip link add name br0 type bridge
ip link set br0 up

    Nevertheless, that bridge must have some "internal" address, I presume, from the IANA private space. Let it be 192.168.95.1/24:

    ip address add 192.168.95.1/24 dev br0

    Now, you configure a masquerading NAT on your box and enable ip forwarding:

    sysctl net.ipv4.ip_forward=1
iptables -t nat -A POSTROUTING -o eth0 -s 192.168.95.0/24 -j MASQUERADE

    All your VM's vNICs must be put into the bridge br0. You'll give them IP addresses from 192.168.95.2÷254 range and specify a 192.168.95.1 as the default gateway. You may use any public DNS service, for example, Google's 8.8.8.8 and 8.8.4.4 for simplicity. If you want, you may set up a DHCP and DNS servers for your VMs, for example, using dnsmasq (which is designed specifically for such cases).

    Essentially, you are creating a simple "NAT" router, which will have a eth0 interface as the WAN side and br0 inteface as the LAN side.

    • 1

  2. If you want your node to share a public IP address with host (i.e. NAT), then @Nikita's answer applies.

    However, if you want the node to access the same subnet as the host with a separate IP address, then you need to bridge the real interface eth0 and connect both the host and the node to the network through the bridge.

    If you only have one network interface, making a change like this remotely is risky. If the server is hosted at a datacenter, ther eis often a remote hands service available to help you make changes like this.

    1. bridge the physical port

    edit your current configuration (/etc/sysconfig/network-scripts/ifcfg-eth0) to remove any IP address configuration and add:

    BRIDGE=br0

    2. Assign

    Create a new configuration for your virtual bridge (/etc/sysconfig/network-scripts/ifcfg-br0).

    DEVICE=br0
TYPE=Bridge
IPADDR=xxx.xxx.xxx.xxx
NETMASK=xxx.xxx.xxx.xxx
GATEWAY=xxx.xxx.xxx.xxx
ONBOOT=yes
BOOTPROTO=none
NM_CONTROLLED=no
DELAY=0

    3. Apply Changes

    With changes like this, restarting the host is the most reliable way to apply the changes.

    Once restarted, you should see your bridge in brctl show.

    Remote Changes

    Network changes like this are best done in person. If you make an error in the configuration, you will need physical access to fix it.

    In the past, I have written a watchdog script to help me make risky network changes remotely. When enabled, it polled an upstream server to detect network connectivity and, if the network was unavailable, it would revert to the last good network configuration.

    • 1