Home / server / Questions / 582539
In Process
AndreasT
Asked: 2014-03-17 23:10:57 +0800 CST

Linux kvm: Public bridge without the physical nic

  • 772

I have a VM host on the internet with my own subnet. I intended to use bridged networking and simply add my one physical NIC to the bridge and be done. But that had several downsides, not the least of which seemed to be a buggy driver.

Can I set up a public bridge without adding the physical NIC? with guests and their public IPs on it?

I tried to do it simply by routing, but that doesn't seem to work completely:

Guest: ip route default via <host> dev br0
ip route add <host> dev br0  # May be redundant.

Host: ip route add <guest>/32 via br0;

External access is still not working, as the host does not seem to tell others that "Ey I have access to those other IPs!" My guess is that I need some kind of arp trickery to finish what I started. (?)

linux

1 Answers

  1. Ok, I found one solution to this problem (will start from the get-go, solution to question starts after point 3):

    1. Create independent bridge device 

      brctl addbr br0

    2. Connect guest to shared device br0 and give it its public ip and network

    3. Set up routing so host and guest can communicate freely using their public addresses:

      host:ip route add <guestip>/32 dev br0
guest:ip route add default via <hostip> dev eth0

    4. The only thing missing now is access from outside 

      host: arp -i eth0 -Ds <guestip> br0 pub

    5. Now the guest should be available from the outside.

    If your ISP routes the network through to your host, the artful arp should not be necessary. Set your ISPs gateway as default gateway on host and guests in that case.

    • 2