In this tutorial I would like to show how to bridge an Operation System (OS) that is running inside a virtual machine (guest), with OS running on physical hardware (a host). A virtual machine is created and virtualized by Qemu emulator, installed on the host.
By default, when a Qemu virtual machine is started without specifying NIC options, one single network interface is created on the guest OS. The interface connects a guest OS with with a host OS using a NAT mode. The NAT ensures that traffic leaving guest OS is passed out of the guest network interface without any restrictions but only established traffic is allowed to enter a guest network interface. Traffic coming from the host to the guest that is not established, is discarded. An IP address of the guest network interface is assigned automatically from an internal Qemu DHCP server and it is typically 10.0.2.15/24 with a default gateway IP address 10.0.2.2.
Our goal is to create configuration which allows traffic being initialized from the both directions. This type of connection between is called a bridged connection and the both - guest and host IP addresses are assigned from the same subnet. To create a bridged connection between the guest and host we have to create a virtual tap interface on the host and Qemu must be told to bridge a guest interface with a tap interface. Then we can create a bridge virtual interface and bridge an existing host Ethernet interface and tap interface together. The Fedora Linux package bridge-utils can be used for this job.
Host OS Configuration - Fedora Linux
1/ Install bridge-utils package
The bridge utility creates a virtual bridge interface that forwards traffic between tap and Ethernet interface.
sudo yum install bridge-utils
2/ Install tunctl package
The tunctl utility is used to create and manage virtual TUN/TAP interfaces. It is required that a generic TUN/TAP driver is either built-in to kernel, or available as a module. To check the availability of this module do the following:
ls -la /dev/net/tun
If you get an error message no such file or directory, load a module to a Linux kernel with the modprobe tun command. After that a module should be presented in the output of lsmod command.
sudo yum install tunctl
3/ Create bridge device virbr0
sudo brctl addbr virbr0
4/ Create virtual tap0 interface
Tap interface is persistent and owned by user brezular
/usr/sbin/tunctl -t tap0 -u brezular
5/ Add eth0 and tap0 to the bridge and bring the interfaces up
sudo brctl addif virbr0 eth0
sudo brctl addif virbr0 tap0
sudo ifconfig eth0 up
sudo ifconfig tap0 up
sudo ifconfig virbr0 up
Note: Check if tap0 and eth0 are properly bridged.
brctl show
Picture 1 - Bridging Ethernet and Virtual TAP Interface
6/ Assign IP address to virbr0 interface and remove IP address eth0 interface
Only the bridge interface virbr0 should have an IP address assigned.
sudo ifconfig virbr0 172.16.1.2/16
sudo ifconfig eth0 0.0.0.0 promisc
Note: If you run DHCP server in your network, issue the following command to assign IP address to the interface virbr0.
sudo dhclient virbr0
Configure a default route if connection to the Internet is required. In the example below, the default gateway IP address is the last usable IP address for the subnet 172.16.0.0/16.
sudo route add default gw 172.16.255.254
7/ Disable L2 traffic filtering - ebtables, bridge-nf, arptables
Change value 1 to 0 for all the files in directory /proc/sys/net/bridge/.
cd /proc/sys/net/bridge; ls
bridge-nf-call-arptables bridge-nf-call-iptables
bridge-nf-call-ip6tables bridge-nf-filter-vlan-tagged
sudo su
for f in bridge-nf-*; do echo 0 > $f; done
8/ Start Guest OS - Core Linux
Qemu guest virtual machine have to be started with the parameters that instruct Qemu to bridge a tap0 interface with a guest network interface. Below is deprecated "vlan" command syntax.
/usr/local/bin/qemu-system-x86 -m 128M -enable-kvm -boot c -hda /home/brezular/qemu-tinycore-linux.img -net nic,vlan=0,macaddr=00:aa:00:60:00:01,model=e1000 -net tap,vlan=0,ifname=tap0,script=no
The new Qemu versions use "netdev" syntax.
/usr/local/bin/qemu-system-x86 -m 128M -enable-kvm -boot c -hda /home/brezular/qemu-tinycore-linux.img -netdev tap,id=net0,ifname=tap0,script=no,downscript=no -device e1000,netdev=net0,mac=00:aa:00:60:00:01
Explanation:
-boot c -> boot from the hard disk
-m 128M -> 128 MB RAM allocated for the image
-enable-kvm ->enable hardware virtualization
Guest OS Configuration - Core Linux
1/ Configure IP address for eth0 interface (it is on the same subnet as virbr0)
sudo su
ifconfig eth0 172.16.1.1/16 up
Could you show how to do roughly the same thing inside gns3 ?
dream GNS3: qemuhost-------www_world
presently GNS3 qemuhost------EthSwitch-------www_world
does it mean we need somehow to force gns3_qemuwrapper to include net_option:-net tap
otherwise qemu is "stranger" to hostPC ?.
thank you
GNS3 uses "cloud" device to connect itself to world.
In cloud configuration choose "NIO TAP" and select tap interface.
On your PC, create tap interface. Then bridge ethernet interface and tap interface.
https://brezular.com/2011/06/19/bridging-qemu-image-to-the-real-network-using-tap-interface/
I am wondering what the ip address and subnet of the host PC eth0 interface is in this example? you said it is on the same subnet as the 172.16.0.0/16 I am trying to get this to work and everytime I create the bridge it completely cuts my host OS from the network.
Once you add eth0 interface to the bridge, it really doesn't matter what is eth0 IP address. It can be any IP address because it doesn't have any effect on connection.
You only need to care about bridge IP address. This IP adress should match your home network subnet.
You can do a quick test if you want. For example, add eth0 to the bridge and assign any IP adress to eth0 e.g 20.20.20.1/8.
Then assign such an IP address to bridge interface that matches your home subnet. In my case it is 172.18.0.0/16.
defualt_gw---------eth0------------virbr0
172.18.100.1/16 20.20.20.1/8 172.18.100.2/16
Now try to ping default gateway 172.18.100.1 from your PC. What do you think is result?
Hi
Please can you tell me how to connect my home network ip address to bridge ?Because now i dont know my fedora internet is not comming up at all :( i dont know what to do to solve it and make it work once again like before...
Please guide me to let my internet up and also my bride to qemu up too ...
Thank you and you are really genius :)
1. bridge eth0 and tap interface and bring eth0, tap0, virbr0 to up state
2. assign IP address to the bridge
2. assign null IP address to eth0 interface
3. use command route and check if route to default gw is tied with virbr0 interface. If not recreate default route with command as root:
route add default gw IP_address_dfgw
Hi
Thank You for your replay
Indeed after the way you showed i configured it and yuppy its working fine but the problem is whenever fedora restarts all my configs all goes away...Is there any way to save them all ?
Thank You
I'd suggest you to create a configuration script.
Currently my Fedora host home network connects to the Internet using a bridge (br0) and if eth0. How should I adapt my current setup using your instructions?
I am running qemu or bochs in android and using dsl4.0 linux but not able to connect to internet every os which was installed on qemu or boschs is not able to find eth0 showing only lo 127.0.0.1
Is there any way to run net either by config ethernet or via tuntap.
Can you provide a tut on it if not
Any help will be great help for me. Config guide is provide on bocjs si5 but any changes in bochsrc leads to no boot same is with qemu.
Thanks in advance
Hi brezular, I did every thing you said on your post and Im able to ping the bridge form the guest machine and also ping the guest form the host.
My problem is that Im trying to SSH the guest form the host and I keep getting ssh: connect to host xxx.xxx.xxx.xx port 22: Connection refused
I installed OpenSHH-shell cleint and server on the host.
Is there any particular setup that I have to do so I can SSH the guest from the host?
When trying to do this with -M overo or -M beagle, model=e1000 is not emulated for this machines. Insted its model=lan9118.
Does this setup nned a some special settings before making the VM joing the network? (The first post that I did was based on a x86-64 VM).
I say this because when I get to the step:
Guest OS – Microcore Linux
1/ Configure IP address for eth0 interface (it is on the same subnet as virbr0)
sudo su
ifconfig eth0 172.16.1.1/16 up
The guest VM says that no eth0 device was found.
Thnx for any help that you can give me.
I used the information to create a bridged interface for a qemu-kvm Windows Vista x86 VM running on openSuSE 12.1 x86_64. Worked great for myself and thanks for posting this useful article. I had been using VMware Player but, something about the dual displays kept locking up my system.
This is fantastic information! You have helped me out immensely! I am in the process of building an ARM-based Debian image for use in a coding class and my problem was getting the network to bridge cleanly without too much effort. Your instructions were nearly spot on (except for the e1000 network interface - the ARM-based Debian image uses an SMC interface (in this case it's a SMC91C11 network card).
Using the e1000 setting caused the kernel not to load anything (not even the e1000) and I couldn't get the interface up. Just leaving out the model=e1000 and macaddr= arguments brought the image up with a local network interface and IP address and I'm able to finish building the image (need to install developer tools). Thank you very much for this information!
Can you please help and advise, how i can do it in Ubuntu/Kali linux, Thanks in-advance
Can you please help and advise, how i can do it in Ubuntu/Kali linux, did not get any joy. Appreciated and looking forward hearing from you!
Thanks in-advance
Thank you for this beautiful tutorial.
If you want to use ip command in place of brctl and tunctl (both will be deprecated) then following conversion table may be helpful.
brctl addbr virbr0 ---> ip link add br0 type bridge
/usr/sbin/tunctl -t tap0 -u ab ---> ip tuntap add $1 mode tap user ab
brctl addif virbr0 enp2s0 ---> ip link set eth0 master br0
brctl addif virbr0 tap0 ---> ip link set tap0 master br0
ifconfig tap0 up ---> ip link set dev tap0 up
ifconfig virbr0 up ---> ip link set dev br0 up
brctl stp virbr0 on ---> ip link set br0 type bridge stp_state 1
ifconfig enp2s0 0.0.0.0 promisc ---> ip addr flush dev eth0
I installed foss-cloud single server and created dynamic windows 10 machines. I wants to boot windows 10 vm with pxe directly but dont know how to do settings of dhcp configured with ldap. Dnsmasq.conf itself is not configured but available. Vmbr0 is runing.
Thanks
Hi,
Should not the last step be
ifconfig tap0 ...
instead of
ifconfig eth0 ...
?
Nope. It's is a configuration of the guest's interface and tap interface is presented inside the host.