[CentOS-virt] Network configuration on KVMs

James B. Byrne byrnejb at harte-lyne.ca
Fri Sep 2 12:12:01 EDT 2011 

In the Redhat EL6 virtualization guide (
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html
) I read this:

#

Configure iptables
Configure iptables to allow all traffic to be forwarded
across the bridge.

# iptables -I FORWARD -m physdev --physdev-is-bridged -j
ACCEPT
# service iptables save
# service iptables restart

Disable iptables on bridges
Alternatively, prevent bridged traffic from being
processed by iptables rules. In /etc/sysctl.conf append
the following lines:

net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0

Reload the kernel parameters configured with sysctl.

# sysctl -p /etc/sysctl.conf


However, later in the same guide (
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/ch16s04.html
)  I read this:

*      Enabling IP forwarding (net.ipv4.ip_forward = 1) is
also required for shared bridges and the default bridge.
Note that installing libvirt enables this variable so it
will be enabled when the virtualization packages are
installed unless it was manually disabled.

Note
Note that enabling IP forwarding is not required for
physical bridge devices. When a guest is connected through
a physical bridge, traffic only operates at a level that
does not require IP configuration such as IP forwarding.

Which leaves me a little confused.  Is this talking about
some form of network device other than the installed NIC? 
How is this information integrated with the requirement
given in section 10.3?  Can someone explain to me how
these two sections relate to one another?

A second difficulty I encounter is that the first vm guest
that I created does not seem to have any interface
configuration file for etho in
/etc/sysconfig/network-scripts.  In fact, I see no ifcfg-x
files at all.  Am I supposed to create these by hand or
have I somehow missed a configuration step in
virt-manager?


-- 
***          E-Mail is NOT a SECURE channel          ***
James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the CentOS-virt mailing list