Centos 7 public static IP address for a KVM guest

tester3 asked:

I am on Centos 7 with KVM and virt-manager installed. I have a virtual (guest) machine with Debian 8.1 on it. Network on guest was configured with virt-manages using NAT (with default settings). So now my virtual machine has Internet access and local IP 192.168.122.227.

On my host system I have 1 physical network interface and 1 main public ip and 3 additional public ips on it.

My public ips (example): 85.0.0.1, 85.0.0.2, 85.0.0.3, 85.0.0.4

Broadcast ips are also examples.

My ifconfig from host:

enp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 85.0.0.1 netmask 255.255.255.192 broadcast 85.0.0.127
ether d4:3d:7e:ec:b3:55 txqueuelen 1000 (Ethernet)
RX packets 4920 bytes 416179 (406.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2298 bytes 392837 (383.6 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

enp2s0:0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 85.0.0.2 netmask 255.255.255.192 broadcast 85.0.0.127
ether d4:3d:7e:ec:b3:55 txqueuelen 1000 (Ethernet)

enp2s0:1: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 85.0.0.3 netmask 255.255.255.192 broadcast 85.0.0.127
ether d4:3d:7e:ec:b3:55 txqueuelen 1000 (Ethernet)

enp2s0:2: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 85.0.0.4 netmask 255.255.255.192 broadcast 85.0.0.127
ether d4:3d:7e:ec:b3:55 txqueuelen 1000 (Ethernet)

lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
loop txqueuelen 0 (Local Loopback)
RX packets 30 bytes 2856 (2.7 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 30 bytes 2856 (2.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

virbr0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.122.1 netmask 255.255.255.0 broadcast 192.168.122.255
ether 52:54:00:cf:32:9d txqueuelen 0 (Ethernet)
RX packets 18 bytes 1407 (1.3 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 8 bytes 779 (779.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

vnet0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
ether fe:54:00:96:2d:23 txqueuelen 500 (Ethernet)
RX packets 18 bytes 1659 (1.6 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 574 bytes 30211 (29.5 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0

When I do this on the host machine, I still keep coming to host machine by ssh 85.0.0.2 but not to the guest:

iptables -t nat -I PREROUTING -d 85.0.0.2 -i enp2s0:0 -j DNAT --to-destination 192.168.122.227 

iptables -t nat -I POSTROUTING -s 192.168.122.227 -o enp2s0:0 -j SNAT --to-source 85.0.0.2 iptables -P FORWARD ACCEPT

iptables -P FORWARD ACCEPT

My enp2s0:0 config:

# Generated by parse-kickstart
UUID=9928e0a6-df18-45ef-a826-edaf8b4dc370
DNS2=85.0.0.10 #(example)
DNS1=85.0.0.10 #(example)
BOOTPROTO=none
DEVICE=enp2s0:0
ONBOOT=yes
IPV6INIT="no"
TYPE=Ethernet
IPADDR=85.0.0.2
PREFIX=26
GATEWAY=85.0.0.127
DEFROUTE=yes
IPV4_FAILURE_FATAL=no
IPV6_AUTOCONF=yes
IPV6_DEFROUTE=yes
IPV6_PEERDNS=yes
IPV6_PEERROUTES=yes
IPV6_FAILURE_FATAL=no
NAME="System enp2s0:0"

I am not stupidly duplicating question, I’ve already read and googled a lot, but still can’t solve this problem. Please help!

My answer:


You should not have IP addresses meant for guests assigned to the host. (And you should not be using interface aliases. Those were deprecated many years ago.)

Instead, create a bridge, and add enp2s0 to it. Then assign your KVM guests to that bridge and assign their IP addresses in each guest.


View the full question and answer on Server Fault.

Creative Commons License
This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 Unported License.