How do you configure a virtual network to use two NICs? One being NAT, the other bridged
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty{ height:90px;width:728px;box-sizing:border-box;
}
This is probably something simple and has already been asked but I just don't know what I'm looking for. I lack the vocabulary. I have a server running with a Debian host and have KVM installed. I have a virtual netork that's configured with DHCP and instructed it to forward connections to one of the host's NICs using a NAT connection. However, this host device has more than one NIC, one that is connected to an external network, and one that in not being used. Is it possible to set up a bridged connection between my NAT virtual network and this other unused NIC? The idea would be to allow other physical devices to connect to this virtual network and get an IP from it which will allow this other physical device to communicate with the virtual machines running on the virtual network. Then any other connection requests to the outside world would be forwarded with NAT with the other NIC that's in use to connect to the internet. Where would I start and what would I be looking for to accomplish this? I have looked at some documentation however, can't seem to find what I'm looking for. If this question is unclear, please let me know and I'll try and reiterate.
networking virtual-machine network-adapter linux-kvm virtual-network
edited Jan 31 at 15:01
Michael Hampton
11.1k33469
asked Jan 31 at 4:24
BobserLuckBobserLuck
207
add a comment |
This is probably something simple and has already been asked but I just don't know what I'm looking for. I lack the vocabulary. I have a server running with a Debian host and have KVM installed. I have a virtual netork that's configured with DHCP and instructed it to forward connections to one of the host's NICs using a NAT connection. However, this host device has more than one NIC, one that is connected to an external network, and one that in not being used. Is it possible to set up a bridged connection between my NAT virtual network and this other unused NIC? The idea would be to allow other physical devices to connect to this virtual network and get an IP from it which will allow this other physical device to communicate with the virtual machines running on the virtual network. Then any other connection requests to the outside world would be forwarded with NAT with the other NIC that's in use to connect to the internet. Where would I start and what would I be looking for to accomplish this? I have looked at some documentation however, can't seem to find what I'm looking for. If this question is unclear, please let me know and I'll try and reiterate.
networking virtual-machine network-adapter linux-kvm virtual-network
edited Jan 31 at 15:01
Michael Hampton
11.1k33469
asked Jan 31 at 4:24
BobserLuckBobserLuck
207
add a comment |
This is probably something simple and has already been asked but I just don't know what I'm looking for. I lack the vocabulary. I have a server running with a Debian host and have KVM installed. I have a virtual netork that's configured with DHCP and instructed it to forward connections to one of the host's NICs using a NAT connection. However, this host device has more than one NIC, one that is connected to an external network, and one that in not being used. Is it possible to set up a bridged connection between my NAT virtual network and this other unused NIC? The idea would be to allow other physical devices to connect to this virtual network and get an IP from it which will allow this other physical device to communicate with the virtual machines running on the virtual network. Then any other connection requests to the outside world would be forwarded with NAT with the other NIC that's in use to connect to the internet. Where would I start and what would I be looking for to accomplish this? I have looked at some documentation however, can't seem to find what I'm looking for. If this question is unclear, please let me know and I'll try and reiterate.
networking virtual-machine network-adapter linux-kvm virtual-network
edited Jan 31 at 15:01
Michael Hampton
11.1k33469
asked Jan 31 at 4:24
BobserLuckBobserLuck
207
This is probably something simple and has already been asked but I just don't know what I'm looking for. I lack the vocabulary. I have a server running with a Debian host and have KVM installed. I have a virtual netork that's configured with DHCP and instructed it to forward connections to one of the host's NICs using a NAT connection. However, this host device has more than one NIC, one that is connected to an external network, and one that in not being used. Is it possible to set up a bridged connection between my NAT virtual network and this other unused NIC? The idea would be to allow other physical devices to connect to this virtual network and get an IP from it which will allow this other physical device to communicate with the virtual machines running on the virtual network. Then any other connection requests to the outside world would be forwarded with NAT with the other NIC that's in use to connect to the internet. Where would I start and what would I be looking for to accomplish this? I have looked at some documentation however, can't seem to find what I'm looking for. If this question is unclear, please let me know and I'll try and reiterate.
networking virtual-machine network-adapter linux-kvm virtual-network
networking virtual-machine network-adapter linux-kvm virtual-network
edited Jan 31 at 15:01
Michael Hampton
11.1k33469
asked Jan 31 at 4:24
BobserLuckBobserLuck
207
edited Jan 31 at 15:01
Michael Hampton
11.1k33469
asked Jan 31 at 4:24
BobserLuckBobserLuck
207
edited Jan 31 at 15:01
Michael Hampton
11.1k33469
edited Jan 31 at 15:01
Michael Hampton
11.1k33469
edited Jan 31 at 15:01
Michael Hampton
11.1k33469
11.1k33469
asked Jan 31 at 4:24
BobserLuckBobserLuck
207
asked Jan 31 at 4:24
BobserLuckBobserLuck
207
asked Jan 31 at 4:24
BobserLuckBobserLuck
207
207
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
Yes, you can do this. Add the second NIC to the internal bridge. As you are using debian, the commands might look something like this:
brctl show
Identify the bridge for your virtual network.
brctl addif <name of bridge> <name of interface>
This makes the change temporarily. To make the change permanent you should edit your config files. If you have a /etc/network/interfaces file, adding the line "bridge <name of bridge>" under the interface you'd like to be on the internal network will do the trick. If you have /etc/sysconfig/network-scripts/ folder, then you'll have a file named 'ifcfg-' and you'll need to put the changes in there. Documentation is available online for the formats for each of these files.
answered Jan 31 at 19:26
AndyAndy
1,050311
Thanks for the answer! I'll go ahead and configure it remotely and test it later when I'm able and see if that works.
– BobserLuck
Feb 1 at 0:27
I think that got me half way there. I was able to run vrctl addif ExampleBridge ExampleInterface and add the bridge but upon connecting a device to the interface, it couldn't recognize the network. It may be something I need to edit with virsh since the network was created with it.
– BobserLuck
Feb 1 at 18:32
1
When you say 'didn't recognize the network' do you mean that the virsh DHCP server was not found? That is a head scratcher. Can you put a packet sniffer on your external device and/or on your bridge and check if the bridge is working? You should see traffic from the other segment of the bridge even if you cannot get DHCP.
– Andy
Feb 1 at 19:13
Ah, it seems that the interface was down. Now I can connect to the DHCP hosted on the network and acquire an IP address and connect to the internet from my laptop through this server. I can't seem to communicate with the VMs on the network. I can ping one VM from another, I can ping the internet from all devices, but I can't ping from my laptop to a VM nor from a VM to my laptop. Not quite sure what's going on. Would it have to do with the Virtual Network using NAT? Do the IPs get translated before hitting the bridge? Why can I get an IP from the network but not communicate with the VMs?
– BobserLuck
Feb 4 at 5:53
IP ares not being translated at all; the bridge is functionally identical to a switch and has very little intelligence. NAT doesn't play into it either; you don't leave your virtual LAN to ping one machine to another. I suspect that firewall rules are more likely to blame, especially if one of your machines is Windows OS. Make sure your Windows machine is set to Private Network mode, and if that doesn't work, temporarily disable Windows Firewall to check if your problem is at all firewall related.
– Andy
Feb 4 at 5:59
|
show 7 more comments
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "3"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1400374%2fhow-do-you-configure-a-virtual-network-to-use-two-nics-one-being-nat-the-other%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
Yes, you can do this. Add the second NIC to the internal bridge. As you are using debian, the commands might look something like this:
brctl show
Identify the bridge for your virtual network.
brctl addif <name of bridge> <name of interface>
This makes the change temporarily. To make the change permanent you should edit your config files. If you have a /etc/network/interfaces file, adding the line "bridge <name of bridge>" under the interface you'd like to be on the internal network will do the trick. If you have /etc/sysconfig/network-scripts/ folder, then you'll have a file named 'ifcfg-' and you'll need to put the changes in there. Documentation is available online for the formats for each of these files.
answered Jan 31 at 19:26
AndyAndy
1,050311
Thanks for the answer! I'll go ahead and configure it remotely and test it later when I'm able and see if that works.
– BobserLuck
Feb 1 at 0:27
I think that got me half way there. I was able to run vrctl addif ExampleBridge ExampleInterface and add the bridge but upon connecting a device to the interface, it couldn't recognize the network. It may be something I need to edit with virsh since the network was created with it.
– BobserLuck
Feb 1 at 18:32
1
When you say 'didn't recognize the network' do you mean that the virsh DHCP server was not found? That is a head scratcher. Can you put a packet sniffer on your external device and/or on your bridge and check if the bridge is working? You should see traffic from the other segment of the bridge even if you cannot get DHCP.
– Andy
Feb 1 at 19:13
Ah, it seems that the interface was down. Now I can connect to the DHCP hosted on the network and acquire an IP address and connect to the internet from my laptop through this server. I can't seem to communicate with the VMs on the network. I can ping one VM from another, I can ping the internet from all devices, but I can't ping from my laptop to a VM nor from a VM to my laptop. Not quite sure what's going on. Would it have to do with the Virtual Network using NAT? Do the IPs get translated before hitting the bridge? Why can I get an IP from the network but not communicate with the VMs?
– BobserLuck
Feb 4 at 5:53
IP ares not being translated at all; the bridge is functionally identical to a switch and has very little intelligence. NAT doesn't play into it either; you don't leave your virtual LAN to ping one machine to another. I suspect that firewall rules are more likely to blame, especially if one of your machines is Windows OS. Make sure your Windows machine is set to Private Network mode, and if that doesn't work, temporarily disable Windows Firewall to check if your problem is at all firewall related.
– Andy
Feb 4 at 5:59
|
show 7 more comments
Yes, you can do this. Add the second NIC to the internal bridge. As you are using debian, the commands might look something like this:
brctl show
Identify the bridge for your virtual network.
brctl addif <name of bridge> <name of interface>
This makes the change temporarily. To make the change permanent you should edit your config files. If you have a /etc/network/interfaces file, adding the line "bridge <name of bridge>" under the interface you'd like to be on the internal network will do the trick. If you have /etc/sysconfig/network-scripts/ folder, then you'll have a file named 'ifcfg-' and you'll need to put the changes in there. Documentation is available online for the formats for each of these files.
answered Jan 31 at 19:26
AndyAndy
1,050311
Thanks for the answer! I'll go ahead and configure it remotely and test it later when I'm able and see if that works.
– BobserLuck
Feb 1 at 0:27
I think that got me half way there. I was able to run vrctl addif ExampleBridge ExampleInterface and add the bridge but upon connecting a device to the interface, it couldn't recognize the network. It may be something I need to edit with virsh since the network was created with it.
– BobserLuck
Feb 1 at 18:32
1
When you say 'didn't recognize the network' do you mean that the virsh DHCP server was not found? That is a head scratcher. Can you put a packet sniffer on your external device and/or on your bridge and check if the bridge is working? You should see traffic from the other segment of the bridge even if you cannot get DHCP.
– Andy
Feb 1 at 19:13
Ah, it seems that the interface was down. Now I can connect to the DHCP hosted on the network and acquire an IP address and connect to the internet from my laptop through this server. I can't seem to communicate with the VMs on the network. I can ping one VM from another, I can ping the internet from all devices, but I can't ping from my laptop to a VM nor from a VM to my laptop. Not quite sure what's going on. Would it have to do with the Virtual Network using NAT? Do the IPs get translated before hitting the bridge? Why can I get an IP from the network but not communicate with the VMs?
– BobserLuck
Feb 4 at 5:53
IP ares not being translated at all; the bridge is functionally identical to a switch and has very little intelligence. NAT doesn't play into it either; you don't leave your virtual LAN to ping one machine to another. I suspect that firewall rules are more likely to blame, especially if one of your machines is Windows OS. Make sure your Windows machine is set to Private Network mode, and if that doesn't work, temporarily disable Windows Firewall to check if your problem is at all firewall related.
– Andy
Feb 4 at 5:59
|
show 7 more comments
Yes, you can do this. Add the second NIC to the internal bridge. As you are using debian, the commands might look something like this:
brctl show
Identify the bridge for your virtual network.
brctl addif <name of bridge> <name of interface>
This makes the change temporarily. To make the change permanent you should edit your config files. If you have a /etc/network/interfaces file, adding the line "bridge <name of bridge>" under the interface you'd like to be on the internal network will do the trick. If you have /etc/sysconfig/network-scripts/ folder, then you'll have a file named 'ifcfg-' and you'll need to put the changes in there. Documentation is available online for the formats for each of these files.
answered Jan 31 at 19:26
AndyAndy
1,050311
Yes, you can do this. Add the second NIC to the internal bridge. As you are using debian, the commands might look something like this:
brctl show
Identify the bridge for your virtual network.
brctl addif <name of bridge> <name of interface>
This makes the change temporarily. To make the change permanent you should edit your config files. If you have a /etc/network/interfaces file, adding the line "bridge <name of bridge>" under the interface you'd like to be on the internal network will do the trick. If you have /etc/sysconfig/network-scripts/ folder, then you'll have a file named 'ifcfg-' and you'll need to put the changes in there. Documentation is available online for the formats for each of these files.
answered Jan 31 at 19:26
AndyAndy
1,050311
edited Jan 31 at 19:34
answered Jan 31 at 19:26
AndyAndy
1,050311
answered Jan 31 at 19:26
AndyAndy
1,050311
answered Jan 31 at 19:26
AndyAndy
1,050311
1,050311
Thanks for the answer! I'll go ahead and configure it remotely and test it later when I'm able and see if that works.
– BobserLuck
Feb 1 at 0:27
I think that got me half way there. I was able to run vrctl addif ExampleBridge ExampleInterface and add the bridge but upon connecting a device to the interface, it couldn't recognize the network. It may be something I need to edit with virsh since the network was created with it.
– BobserLuck
Feb 1 at 18:32
1
When you say 'didn't recognize the network' do you mean that the virsh DHCP server was not found? That is a head scratcher. Can you put a packet sniffer on your external device and/or on your bridge and check if the bridge is working? You should see traffic from the other segment of the bridge even if you cannot get DHCP.
– Andy
Feb 1 at 19:13
Ah, it seems that the interface was down. Now I can connect to the DHCP hosted on the network and acquire an IP address and connect to the internet from my laptop through this server. I can't seem to communicate with the VMs on the network. I can ping one VM from another, I can ping the internet from all devices, but I can't ping from my laptop to a VM nor from a VM to my laptop. Not quite sure what's going on. Would it have to do with the Virtual Network using NAT? Do the IPs get translated before hitting the bridge? Why can I get an IP from the network but not communicate with the VMs?
– BobserLuck
Feb 4 at 5:53
IP ares not being translated at all; the bridge is functionally identical to a switch and has very little intelligence. NAT doesn't play into it either; you don't leave your virtual LAN to ping one machine to another. I suspect that firewall rules are more likely to blame, especially if one of your machines is Windows OS. Make sure your Windows machine is set to Private Network mode, and if that doesn't work, temporarily disable Windows Firewall to check if your problem is at all firewall related.
– Andy
Feb 4 at 5:59
|
show 7 more comments
Thanks for the answer! I'll go ahead and configure it remotely and test it later when I'm able and see if that works.
– BobserLuck
Feb 1 at 0:27
I think that got me half way there. I was able to run vrctl addif ExampleBridge ExampleInterface and add the bridge but upon connecting a device to the interface, it couldn't recognize the network. It may be something I need to edit with virsh since the network was created with it.
– BobserLuck
Feb 1 at 18:32
1
When you say 'didn't recognize the network' do you mean that the virsh DHCP server was not found? That is a head scratcher. Can you put a packet sniffer on your external device and/or on your bridge and check if the bridge is working? You should see traffic from the other segment of the bridge even if you cannot get DHCP.
– Andy
Feb 1 at 19:13
Ah, it seems that the interface was down. Now I can connect to the DHCP hosted on the network and acquire an IP address and connect to the internet from my laptop through this server. I can't seem to communicate with the VMs on the network. I can ping one VM from another, I can ping the internet from all devices, but I can't ping from my laptop to a VM nor from a VM to my laptop. Not quite sure what's going on. Would it have to do with the Virtual Network using NAT? Do the IPs get translated before hitting the bridge? Why can I get an IP from the network but not communicate with the VMs?
– BobserLuck
Feb 4 at 5:53
IP ares not being translated at all; the bridge is functionally identical to a switch and has very little intelligence. NAT doesn't play into it either; you don't leave your virtual LAN to ping one machine to another. I suspect that firewall rules are more likely to blame, especially if one of your machines is Windows OS. Make sure your Windows machine is set to Private Network mode, and if that doesn't work, temporarily disable Windows Firewall to check if your problem is at all firewall related.
– Andy
Feb 4 at 5:59
Thanks for the answer! I'll go ahead and configure it remotely and test it later when I'm able and see if that works.
– BobserLuck
Feb 1 at 0:27
Thanks for the answer! I'll go ahead and configure it remotely and test it later when I'm able and see if that works.
– BobserLuck
Feb 1 at 0:27
I think that got me half way there. I was able to run vrctl addif ExampleBridge ExampleInterface and add the bridge but upon connecting a device to the interface, it couldn't recognize the network. It may be something I need to edit with virsh since the network was created with it.
– BobserLuck
Feb 1 at 18:32
I think that got me half way there. I was able to run vrctl addif ExampleBridge ExampleInterface and add the bridge but upon connecting a device to the interface, it couldn't recognize the network. It may be something I need to edit with virsh since the network was created with it.
– BobserLuck
Feb 1 at 18:32
1
1
When you say 'didn't recognize the network' do you mean that the virsh DHCP server was not found? That is a head scratcher. Can you put a packet sniffer on your external device and/or on your bridge and check if the bridge is working? You should see traffic from the other segment of the bridge even if you cannot get DHCP.
– Andy
Feb 1 at 19:13
When you say 'didn't recognize the network' do you mean that the virsh DHCP server was not found? That is a head scratcher. Can you put a packet sniffer on your external device and/or on your bridge and check if the bridge is working? You should see traffic from the other segment of the bridge even if you cannot get DHCP.
– Andy
Feb 1 at 19:13
Ah, it seems that the interface was down. Now I can connect to the DHCP hosted on the network and acquire an IP address and connect to the internet from my laptop through this server. I can't seem to communicate with the VMs on the network. I can ping one VM from another, I can ping the internet from all devices, but I can't ping from my laptop to a VM nor from a VM to my laptop. Not quite sure what's going on. Would it have to do with the Virtual Network using NAT? Do the IPs get translated before hitting the bridge? Why can I get an IP from the network but not communicate with the VMs?
– BobserLuck
Feb 4 at 5:53
Ah, it seems that the interface was down. Now I can connect to the DHCP hosted on the network and acquire an IP address and connect to the internet from my laptop through this server. I can't seem to communicate with the VMs on the network. I can ping one VM from another, I can ping the internet from all devices, but I can't ping from my laptop to a VM nor from a VM to my laptop. Not quite sure what's going on. Would it have to do with the Virtual Network using NAT? Do the IPs get translated before hitting the bridge? Why can I get an IP from the network but not communicate with the VMs?
– BobserLuck
Feb 4 at 5:53
IP ares not being translated at all; the bridge is functionally identical to a switch and has very little intelligence. NAT doesn't play into it either; you don't leave your virtual LAN to ping one machine to another. I suspect that firewall rules are more likely to blame, especially if one of your machines is Windows OS. Make sure your Windows machine is set to Private Network mode, and if that doesn't work, temporarily disable Windows Firewall to check if your problem is at all firewall related.
– Andy
Feb 4 at 5:59
IP ares not being translated at all; the bridge is functionally identical to a switch and has very little intelligence. NAT doesn't play into it either; you don't leave your virtual LAN to ping one machine to another. I suspect that firewall rules are more likely to blame, especially if one of your machines is Windows OS. Make sure your Windows machine is set to Private Network mode, and if that doesn't work, temporarily disable Windows Firewall to check if your problem is at all firewall related.
– Andy
Feb 4 at 5:59
|
show 7 more comments
Thanks for contributing an answer to Super User!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1400374%2fhow-do-you-configure-a-virtual-network-to-use-two-nics-one-being-nat-the-other%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
