Howto | Simple networking in KVM

Most instructions on the web are suggesting setting up bridging and setting the interface to work in promiscuous mode; which I understand has security implications. I came across this website which seemed to promise a simple alternative, by which instead of bridging the networks we just advertise the presence of the guest interface. It seems to work well as far as I can tell.

Configuration

I went into windows and provisioned the emulated ethernet interface with an IP address of 192.168.0.19; along with appropriate DNS settings and default gateway settings. I’ve also reserved the address 192.168.0.18 for use by the tunnel device.

My /etc/qemu-ifup looks like this:

#!/bin/sh
# configure tun0 device (UML and newer versions of Qemu use tap0 here!)
sudo /sbin/ifconfig $1 192.168.0.18

# activate ip forwarding
sudo bash -c 'echo 1 > /proc/sys/net/ipv4/ip_forward'

# set up routing to the guest IP
sudo route add -host 192.168.0.19 dev tap0

# activate ARP proxy to "spoof" arp address
sudo bash -c 'echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp'

# set "spoofed" arp address
sudo arp -Ds 192.168.0.19 eth0 pub

Thats it… The bridging is done only for a single IP address by installing a proxy ARP.

Running

$ sudo kvm -hda w2k3.img -smp 2 -m 512 -no-acpi -k en-gb -net nic,model=rtl8139 -net tap,script=/etc/qemu-ifup -usb -usbdevice tablet -snapshot

References

comments powered by Disqus