Próximo: Roteamento de rede para libvirt, Acima: Máquinas Virtuais [Conteúdo][Índice]
By default, QEMU uses a so-called “user mode” host network back-end, which
is convenient as it does not require any configuration. Unfortunately, it
is also quite limited. In this mode, the guest VM (virtual machine)
can access the network the same way the host would, but it cannot be reached
from the host. Additionally, since the QEMU user networking mode relies on
ICMP, ICMP-based networking tools such as ping
do not work
in this mode. Thus, it is often desirable to configure a network bridge,
which enables the guest to fully participate in the network. This is
necessary, for example, when the guest is to be used as a server.
There are many ways to create a network bridge. The following command shows
how to use NetworkManager and its nmcli
command line interface
(CLI) tool, which should already be available if your operating system
declaration is based on one of the desktop templates:
# nmcli con add type bridge con-name br0 ifname br0
To have this bridge be part of your network, you must associate your network bridge with the Ethernet interface used to connect with the network. Assuming your interface is named ‘enp2s0’, the following command can be used to do so:
# nmcli con add type bridge-slave ifname enp2s0 master br0
Importante: Only Ethernet interfaces can be added to a bridge. For wireless interfaces, consider the routed network approach detailed in Veja Roteamento de rede para libvirt.
By default, the network bridge will allow your guests to obtain their IP address via DHCP, if available on your local network. For simplicity, this is what we will use here. To easily find the guests, they can be configured to advertise their host names via mDNS.
QEMU comes with a helper program to conveniently make use of a network
bridge interface as an unprivileged user veja Network options em QEMU Documentation. The binary must be made setuid root for proper
operation; this can be achieved by adding it to the
privileged-programs
field of your (host) operating-system
definition, as shown below:
(privileged-programs (cons (privileged-program (program (file-append qemu "/libexec/qemu-bridge-helper")) (setuid? #t)) %default-privileged-programs))
The file /etc/qemu/bridge.conf must also be made to allow the bridge interface, as the default is to deny all. Add the following to your list of services to do so:
(extra-special-file "/etc/qemu/host.conf" "allow br0\n")
When invoking QEMU, the following options should be provided so that the network bridge is used, after having selected a unique MAC address for the guest.
Importante: By default, a single MAC address is used for all guests, unless provided. Failing to provide different MAC addresses to each virtual machine making use of the bridge would cause networking issues.
$ qemu-system-x86_64 [...] \ -device virtio-net-pci,netdev=user0,mac=XX:XX:XX:XX:XX:XX \ -netdev bridge,id=user0,br=br0 \ [...]
To generate MAC addresses that have the QEMU registered prefix, the following snippet can be employed:
mac_address="52:54:00:$(dd if=/dev/urandom bs=512 count=1 2>/dev/null \ | md5sum \ | sed -E 's/^(..)(..)(..).*$/\1:\2:\3/')" echo $mac_address
If you use Docker on your machine, you may experience connectivity issues
when attempting to use a network bridge, which are caused by Docker also
relying on network bridges and configuring its own routing rules. The
solution is add the following iptables
snippet to your
operating-system
declaration:
(service iptables-service-type (iptables-configuration (ipv4-rules (plain-file "iptables.rules" "\ *filter :INPUT ACCEPT [0:0] :FORWARD DROP [0:0] :OUTPUT ACCEPT [0:0] -A FORWARD -i br0 -o br0 -j ACCEPT COMMIT "))
Próximo: Roteamento de rede para libvirt, Acima: Máquinas Virtuais [Conteúdo][Índice]