Hello,
I'm taking my first foray into virtualization. I would like to get a web server running on a virtual system accessible to the outside world.
I've been reading up and learning a lot, but wanted to go over my setup step by step from the beginning to better my understanding. Below is an overview of what I am trying to accomplish, and what my understanding is so far. In the end, I am asking specifically how I set up a network bridge, but if I have gone astray anywhere, I would also appreciate any corrections to my understanding or feedback on the approach.
The host is a Fedora 31 system
The guest that will run the web server is a Debian 10 system
I'm using libvirt, virt-manager, etc.
The guest is running under the QEMU/KVM hypervisor
The host system is running on my home network.
We'll say my public IP is 1.1.1.1
The host system on my home network is 192.168.0.100/24
The home network router/gateway is 192.168.0.1/24
My home router is set up to forward traffic on ports 80 and 443 to the host system.
The network interfaces on the host currently are:
lo: loopback device
enp8s0: wired ethernet interface between the host and home network (192.168.0.100/24)
virbr0: My understanding is libvirt creates this virtual bridge interface. It is set up for NAT by default. (192.168.122.1/24)
virbr0-nic: To be honest, I don't know what this is. I assume it is related to virbr0. (Does not currently show an IP address)
If I fire up the guest system now, it gets an IP address on the 192.168.122.0 network.
What I understand from reading up on networking is there are two general networking approaches with VMs:
1) NAT
2) Bridged
The current/default setup with libvirt is NAT.
Under this setup, all the virtual machines live on a separate network, 192.168.122.0. I believe I could achieve the result I want (publicly accessible web server running on the guest system) under the NAT setup. It would require that I set up firewall rules on the host to forward traffic to the guest and track connection etc. I think that will be harder to set up and maintain than using a bridged network.
My understanding is that under a bridged network setup, the virtual systems will live on the same network as the host (192.168.0.0). This seems appealing. If I understand correctly, I would not need to set up firewall rules on the host or configure the host system to track connections, etc. The guest system would get an IP address on the 192.168.0.0 network (perhaps a static address maintained by my router's DHCP server?) and I could directly configure the router to forward traffic to the guest rather than to the host. Do I have that right so far?
If so, the steps where I really get lost are for setting up the bridge. I worry that some of the information out there is outdated (disable NetworkManager?, use brctl or ip?) and I am not sure the role of different tools (ip, nmcli, virsh, etc.)
It seems like using ip is preferred.
I have just created a new bridge interface, br0 with the command:
Code:
sudo ip link add br0 type bridge
Now I think I need to associate interfaces with the bridge. How to I perform this step?