[CentOS-virt] Network configuration on KVMs
James B. Byrne
byrnejb at harte-lyne.ca
Fri Sep 2 12:12:01 EDT 2011
In the Redhat EL6 virtualization guide (
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/sect-Virtualization-Network_Configuration-Bridged_networking_with_libvirt.html
) I read this:
#
Configure iptables
Configure iptables to allow all traffic to be forwarded
across the bridge.
# iptables -I FORWARD -m physdev --physdev-is-bridged -j
ACCEPT
# service iptables save
# service iptables restart
Disable iptables on bridges
Alternatively, prevent bridged traffic from being
processed by iptables rules. In /etc/sysctl.conf append
the following lines:
net.bridge.bridge-nf-call-ip6tables = 0
net.bridge.bridge-nf-call-iptables = 0
net.bridge.bridge-nf-call-arptables = 0
Reload the kernel parameters configured with sysctl.
# sysctl -p /etc/sysctl.conf
However, later in the same guide (
http://docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/Virtualization/ch16s04.html
) I read this:
* Enabling IP forwarding (net.ipv4.ip_forward = 1) is
also required for shared bridges and the default bridge.
Note that installing libvirt enables this variable so it
will be enabled when the virtualization packages are
installed unless it was manually disabled.
Note
Note that enabling IP forwarding is not required for
physical bridge devices. When a guest is connected through
a physical bridge, traffic only operates at a level that
does not require IP configuration such as IP forwarding.
Which leaves me a little confused. Is this talking about
some form of network device other than the installed NIC?
How is this information integrated with the requirement
given in section 10.3? Can someone explain to me how
these two sections relate to one another?
A second difficulty I encounter is that the first vm guest
that I created does not seem to have any interface
configuration file for etho in
/etc/sysconfig/network-scripts. In fact, I see no ifcfg-x
files at all. Am I supposed to create these by hand or
have I somehow missed a configuration step in
virt-manager?
--
*** E-Mail is NOT a SECURE channel ***
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the CentOS-virt
mailing list