Hello,

I'm taking my first foray into virtualization. I would like to get a web server running on a virtual system accessible to the outside world.

I've been reading up and learning a lot, but wanted to go over my setup step by step from the beginning to better my understanding. Below is an overview of what I am trying to accomplish, and what my understanding is so far. In the end, I am asking specifically how I set up a network bridge, but if I have gone astray anywhere, I would also appreciate any corrections to my understanding or feedback on the approach.

The host is a Fedora 31 system
The guest that will run the web server is a Debian 10 system
I'm using libvirt, virt-manager, etc.
The guest is running under the QEMU/KVM hypervisor

The host system is running on my home network.
We'll say my public IP is 1.1.1.1
The host system on my home network is 192.168.0.100/24
The home network router/gateway is 192.168.0.1/24
My home router is set up to forward traffic on ports 80 and 443 to the host system.

The network interfaces on the host currently are:
lo: loopback device
enp8s0: wired ethernet interface between the host and home network (192.168.0.100/24)
virbr0: My understanding is libvirt creates this virtual bridge interface. It is set up for NAT by default. (192.168.122.1/24)
virbr0-nic: To be honest, I don't know what this is. I assume it is related to virbr0. (Does not currently show an IP address)

If I fire up the guest system now, it gets an IP address on the 192.168.122.0 network.

What I understand from reading up on networking is there are two general networking approaches with VMs:
1) NAT
2) Bridged

The current/default setup with libvirt is NAT.

Under this setup, all the virtual machines live on a separate network, 192.168.122.0. I believe I could achieve the result I want (publicly accessible web server running on the guest system) under the NAT setup. It would require that I set up firewall rules on the host to forward traffic to the guest and track connection etc. I think that will be harder to set up and maintain than using a bridged network.

My understanding is that under a bridged network setup, the virtual systems will live on the same network as the host (192.168.0.0). This seems appealing. If I understand correctly, I would not need to set up firewall rules on the host or configure the host system to track connections, etc. The guest system would get an IP address on the 192.168.0.0 network (perhaps a static address maintained by my router's DHCP server?) and I could directly configure the router to forward traffic to the guest rather than to the host. Do I have that right so far?

If so, the steps where I really get lost are for setting up the bridge. I worry that some of the information out there is outdated (disable NetworkManager?, use brctl or ip?) and I am not sure the role of different tools (ip, nmcli, virsh, etc.)

It seems like using ip is preferred.
I have just created a new bridge interface, br0 with the command:
Now I think I need to associate interfaces with the bridge. How to I perform this step?

However, this won't survive a reboot. Furthermore, I am not sure if NetworkManager is happy when you poke around in the lower configuration layers. Thus, try nmcli to create the bridge and add the interface to it:
(I haven't tried it; source https://www.cyberciti.biz/faq/how-to...ager-on-linux/)

EDIT: Also the official nmcli-examples manual page, example 9: https://developer.gnome.org/NetworkM...-examples.html.

1 members found this post helpful.

You are correct, bridge interface was not present after rebooting. I was seeing examples that created the bridge with ip, and examples that created it with nmcli. I guess one is for temporary setup while the other is for persistent setup.

This almost did it. After making these edits, I fired up the VM and it was not getting assigned an IP address. On the host, the bridge interface still did not have an IP address.

The missing step was about half way down the first link you provided. It says you must turn off the wired connection and turn on the bridge. Edited for my setup:

As soon as I executed that second line, output was sent to the terminal indicating that the bridge was active and awaiting connections.

At that point I started my VM up again, and it was assigned an IP address on the 192.168.0.0 network. The host and the guest both had network access. Success!

To test the persistence of the configuration, I rebooted one more time. After reboot, ip link shows that both interfaces are UP:
I was wondering if I would have to take the wired interface down again. But I left it as is, fired up the VM, and everything was still working.