User Tools

Site Tools


soft:vm-bridge

VM bridge

This page describes how to set up a temporary bridge in your Debian machine that can be used by virtual machines (VMs — Linux containers, KVM, VirtualBox…) to access the Internet. It provides a DHCP server to VMs so they need no manual configuration of network interfaces, and the setup uses NAT so you need no additional addresses in your system.

First of all, install the bridge-utils and udhcpd packages:

# apt-get install bridge-utils udhcpd

Then edit /etc/network/interfaces and add the following stanza:

iface vmbr inet static
    bridge_ports  none
    address  172.24.42.1
    netmask  255.255.255.0
    up  sysctl net.ipv4.ip_forward=1 net.ipv6.conf.all.forwarding=1  # not undone
    up  iptables -t filter -P FORWARD ACCEPT  # not undone
    up  iptables -t nat -N $IFACE-nat
    up  iptables -t nat -I $IFACE-nat -o $(ip r g 192.0.2.1|sed -nr 's/.*\bdev (\S*).*/\1/p') -j MASQUERADE || true
    up  iptables -t nat -I POSTROUTING -j $IFACE-nat
    up  iptables -t filter -N $IFACE-dhcp
    up  iptables -t filter -I $IFACE-dhcp -i $IFACE -p udp -m udp --dport 67 -j ACCEPT
    up  iptables -t filter -I INPUT -j $IFACE-dhcp
    up  udhcpd /root/udhcpd,$IFACE.conf
    down  kill $(cat /var/run/udhcpd,$IFACE.pid)
    down  iptables -t filter -D INPUT -j $IFACE-dhcp
    down  iptables -t filter -F $IFACE-dhcp
    down  iptables -t filter -X $IFACE-dhcp
    down  iptables -t nat -D POSTROUTING -j $IFACE-nat
    down  iptables -t nat -F $IFACE-nat
    down  iptables -t nat -X $IFACE-nat

As you see, putting the new vmbr interface up sets up masquerading to your default route (you must have one!), allows DHCP traffic on the interface and fires udhcpd with a custom configuration (it is not automatically started by default so there should be no conflict). Putting the interface down stops the server, disallows DHCP traffic and cleans NAT (this assumes you are not using the POSTROUTING chain yourself).

Create the file /root/udhcpd,vmbr.conf with the following content:

interface       vmbr
pidfile         /var/run/udhcpd,vmbr.pid
start           172.24.42.10
end             172.24.42.254
option  subnet  255.255.255.0
option  router  172.24.42.1
option  dns     77.109.148.136 77.109.148.137 208.67.222.222

As you see, the VM network is 172.24.42.0/24, with the first address being that of your machine. DNS servers belong to xiala.net and OpenDNS.

To enable the interface, NAT and DHCP server run (as root) ifup vmbr. To stop everything, run ifdown vmbr.

soft/vm-bridge.txt · Last modified: 2015/07/08 15:37 by ivilata