User Tools

Site Tools


VM bridge

This page describes how to set up a temporary bridge in your Debian machine that can be used by virtual machines (VMs — Linux containers, KVM, VirtualBox…) to access the Internet. It provides a DHCP server to VMs so they need no manual configuration of network interfaces, and the setup uses NAT so you need no additional addresses in your system.

First of all, install the bridge-utils and udhcpd packages:

# apt-get install bridge-utils udhcpd

Then edit /etc/network/interfaces and add the following stanza:

iface vmbr inet static
    bridge_ports  none
    up  sysctl net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1  # not undone
    up  iptables -t filter -P FORWARD ACCEPT  # not undone
    up  iptables -t nat -N $IFACE-nat
    up  iptables -t nat -I $IFACE-nat -o $(ip r g|sed -nr 's/.*\bdev (\S*).*/\1/p') -j MASQUERADE || true
    up  iptables -t nat -I POSTROUTING -j $IFACE-nat
    up  iptables -t filter -N $IFACE-dhcp
    up  iptables -t filter -I $IFACE-dhcp -i $IFACE -p udp -m udp --dport 67 -j ACCEPT
    up  iptables -t filter -I INPUT -j $IFACE-dhcp
    up  udhcpd /root/udhcpd,$IFACE.conf
    down  kill $(cat /var/run/udhcpd,$
    down  iptables -t filter -D INPUT -j $IFACE-dhcp
    down  iptables -t filter -F $IFACE-dhcp
    down  iptables -t filter -X $IFACE-dhcp
    down  iptables -t nat -D POSTROUTING -j $IFACE-nat
    down  iptables -t nat -F $IFACE-nat
    down  iptables -t nat -X $IFACE-nat

As you see, putting the new vmbr interface up sets up masquerading to your default route (you must have one!), allows DHCP traffic on the interface and fires udhcpd with a custom configuration (it is not automatically started by default so there should be no conflict). Putting the interface down stops the server, disallows DHCP traffic and cleans NAT (this assumes you are not using the POSTROUTING chain yourself).

Create the file /root/udhcpd,vmbr.conf with the following content:

interface       vmbr
pidfile         /var/run/udhcpd,
option  subnet
option  router
option  dns

As you see, the VM network is, with the first address being that of your machine. DNS servers belong to and OpenDNS.

To enable the interface, NAT and DHCP server run (as root) ifup vmbr. To stop everything, run ifdown vmbr.

soft/vm-bridge.txt · Last modified: 2015/07/08 15:37 by ivilata