KVM Bridge with external ip with windows server 2012 guest

Tom Widdowson asked:

I’m currently setting up a guest windows server with kvm/qemu on a unbuntu 14.04 host and a bridged network connection to allow the server to be exposed over the internet.

I’m trying to give my windows server the same ip as my linux host server, this ip is the external ip address of the server.

I’m pretty new to this so I set up my bridge using this command on Ubuntu 14.04

virsh iface-bridge eth0 br0

My current bridge that I have created is as follows (edit external server ip, replaced with letters).

br0       Link encap:Ethernet  HWaddr 38:60:77:26:4a:b3
          inet addr:aaa.bb.ccc.137  Bcast:aaa.bb.ccc.255  Mask:255.255.255.0
          inet6 addr: aaaa:bbbb:8:e89::1/128 Scope:Global
          inet6 addr: aaaa::bbbb:cccc:fe26:4ab3/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:1607000 errors:0 dropped:42 overruns:0 frame:0
          TX packets:1458574 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:3860135693 (3.8 GB)  TX bytes:164453268 (164.4 MB)

eth0      Link encap:Ethernet  HWaddr 38:60:77:26:4a:b3
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:5629010 errors:0 dropped:0 overruns:0 frame:0
          TX packets:2998492 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:8133304283 (8.1 GB)  TX bytes:446483217 (446.4 MB)
          Interrupt:20 Memory:fe500000-fe520000

lo        Link encap:Local Loopback
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:65536  Metric:1
          RX packets:50169 errors:0 dropped:0 overruns:0 frame:0
          TX packets:50169 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:12576653 (12.5 MB)  TX bytes:12576653 (12.5 MB)

virbr0    Link encap:Ethernet  HWaddr 00:00:00:00:00:00
          inet addr:192.168.122.1  Bcast:192.168.122.255  Mask:255.255.255.0
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:402 errors:0 dropped:0 overruns:0 frame:0
          TX packets:76 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:67355 (67.3 KB)  TX bytes:50853 (50.8 KB)

And here is my /etc/network/interfaces that was created with the above command.

auto lo
iface lo inet loopback

auto br0
iface br0 inet static
   address aaa.bb.ccc.137
   netmask 255.255.255.0
   gateway aaa.bb.ccc.254
   bridge_ports eth0
   bridge_stp on
   bridge_fd 0
iface br0 inet6 static
   address aaaa:bbbb:8:E89::1
   netmask 128

Here is my brctl show showing that my guest is being added to the bridge that I assigned my guest using virt-manager. vnet0 is my guest.

root@ns388356:~# brctl show
bridge name     bridge id               STP enabled     interfaces
br0             8000.386077264ab3       yes             eth0
                                                        vnet0
virbr0          8000.000000000000       yes

Now I access this nic via the virtio drivers which are correctly installed on the guest os.

I cannot get anything on the guest, have I missed something major here? I have an ipv6 address too, is it possible to use that for the guest os only maybe?

UPDATE:

In the end I just ended up keeping the default nat network interface and then just using iptables to forward external connections on specific ports to the internal equivalent. Nothing fancy and I’m pretty embarrassed about how simple it was.

Here’s the commands I used.

iptables -t nat -A PREROUTING -p tcp -d (external ip) --dport 3389 -j DNAT --to-destination 192.168.122.202:3389

This added the rule to the firewall

iptables -t nat -D PREROUTING -p tcp -d (external ip) --dport 3389 -j DNAT --to-destination 192.168.122.202=:3389

This removed it if needed (dhcp assigns new internal ip)

Then i just flush the iptables

iptables --flush

Now these need to be saved as they are lost when a reboot occurs.

My answer:


You can’t give two machines the same IP address and expect them to work.

Give the Windows guest a different IP address.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.