In the default KVM configuration, all connections to the VM go through the KVM host via a NAT mechanism (Network Address Translation).
With this setting, a VM can access outside but not the opposite which is a very limited configuration.
It’s better to set up a bridged configuration. Furthermore, this configuration doesn’t require any additional network card.
Before going any further, you can decide to restore the old naming convention for your network interface card (for example eth0 instead of enp2s0).
Install the bridge-utils package (if not already there):
# yum install -y bridge-utils
Stop the Firewalld service:
# systemctl disable firewalld # systemctl stop firewalld
Note: Firewalld needs NetworkManager to define which network interface a packet is coming from. As we are going to stop NetworkManager, Firewalld should be stopped too.
Stop the NetworkManager service:
# systemctl mask NetworkManager # systemctl mask NetworkManager-dispatcher # systemctl stop NetworkManager
Note: As NetworkManager is a dbus-activated service, disabling it is not enough to be sure that it will not restart any more. Masking needs to be done before stopping, otherwise you won’t be sure it is really stopped. NetworkManager-dispatcher is a service run by NetworkManager to start or stop services according to network interfaces going up or down.
Start the network service:
# systemctl start network # chkconfig network on
Note: At this point you may need to rename IPADDR0 in IPADDR, NETMASK0 in NETMASK and GATEWAY0 in GATEWAY in the /etc/sysconfig/network-config/ifcfg-eth0 file (if your interface is called eth0), otherwise you won’t get any default gateway (Test done with CentOS 7.4).
Create a bridge called br0 (here the physical interface is eth0):
# virsh iface-bridge eth0 br0
Alternatively, you can manually create the bridge as follows:
Rename the ifcfg-eth0 configuration file in ifcfg-br0:
# cd /etc/sysconfig/network-scripts # mv ifcfg-eth0 ifcfg-br0
Edit the ifcfg-br0 file:
DEVICE=br0 ONBOOT=yes TYPE=Bridge BOOTPROTO=none IPADDR=192.168.1.5 NETMASK=255.255.255.0 GATEWAY=192.168.1.1 IPV6INIT=yes IPV6_AUTOCONF=yes DHCPV6=no STP=on DELAY=0 DNS1=192.168.1.1 DOMAIN=example.com
Create the new ifcfg-eth0 file:
DEVICE=eth0 ONBOOT=yes BRIDGE=br0 HWADDR="XX:XX:XX:XX:XX:XX"
Now, you need to reboot to get your bridge working.
You can find additional information on the Libvirt website.
Dejan’s blog provides also a tutorial about setting up a bridge on top of a network teaming configuration.
Fedora Magazine published an article about Building a network bridge with Fedora.