Connecting 2 virtual machines to a single network

Message

Taigo · Post by **Taigo** » Fri Dec 09, 2022 8:14 am

For school i have to connect 2 virtual machines to a single network yet giving one machine internet using NAT. My school assumes i use VMware on MS Windows... but it doesn't work that well so i use kvm/qemu instead. I have been googling a lot about it but i don't understand a lot about it. Networking really is my weak spot.

Christian99 · Post by **Christian99** » Fri Dec 09, 2022 11:05 am

qemu is quite manual, it has some guis, but I never used them...

Personally, I do use Virtualbox, this has a nice gui, where you can setup this network stuff quite easily, maybe you want to give that a try?
If yes, and you still need advice with the network settings, don't hesitate to come back.

alamahant · Post by **alamahant** » Fri Dec 09, 2022 11:08 am

Kvm by default uses NAT networking.
You need qemu, libvirt and virt-manager.
So if you just create 2 vms they will --by default be on the same NAT network.
What exactly is your assignment?
Create two vms in two different NAT networks and being able to ping each other?
Can you plz be a bit more specific?

Taigo · Post by **Taigo** » Fri Dec 09, 2022 1:49 pm

alamahant wrote:Kvm by default uses NAT networking.
You need qemu, libvirt and virt-manager.
So if you just create 2 vms they will --by default be on the same NAT network.
What exactly is your assignment?
Create two vms in two different NAT networks and being able to ping each other?
Can you plz be a bit more specific?

I had to connect 2 windows servers and put them in the same domain and adding server 2 on server 1. But they are connected by default? i just assumed they are both connected to the host for internet but aren't connected to each other in a network. I'm not sure how that exactly works because my knowledge in networking is a bit lacking. my teacher said it had to be connected through NAT so it sounds right. i will try adding them just with the default NAT settings when I'm home(I'm in the bus now going home).

szatox · Post by **szatox** » Fri Dec 09, 2022 4:44 pm

"single domain" sounds more like they should be connected with a bridge, so they can actually see each other.
Unless there are other restrictions. in the task.

You can add an IP address to the bridge to let the guests talk to the host, and NAT rules (with iptables MASQUERADE target) on top of that to let those machines connect to the internet.

Taigo · Post by **Taigo** » Sat Dec 10, 2022 1:23 pm

My teacher told me not to use bridges (no idea myself about those). i forgot to mention that sever 1 should get internet from the host and server 2 should get internet from server 1.

Post by **NeddySeagoon** » Sat Dec 10, 2022 2:42 pm

Taigo,

If you set up a KVM with virt-manager, thats the GUI, your KVM will get an IP in the the 192.168.122.0/24 range for free.
It will also get NAT to the internet too. So that's VM 1.

If you turn off NAT when you make VM 2, it will only have an IP in the 192.168.122.0/24 range, so it can connect to VM 1 but not to the internet yet.

How you make VM 1 share its internet connection is up to you.

You can have a fully fledged router/firewall on VM 1. You should add another network card to VM1 for that.
For one other host, you can run PPP over another interface.
You can also just set up IP forwarding in VM 1. That may be free with NAT, so if you set a default route in VM 2 to point to VM 1, it may just work.

What is it you are supposed to learn from this exercise?

Taigo · Post by **Taigo** » Sat Dec 10, 2022 3:45 pm

Oh could it be a problem that I changed the IP to be 192.168.1.X on both VM's? My school doesn't really do seperate exercises but it's more, you set up a server and you keep adding features and certain things to it and learn about it that way. I'm supposed to learn how to make routers out of the servers, make a active directory and add other servers to that. i think you are right because I do recall my teacher saying I would need 2 network cards on my first vm and a single one on the second being connected to the first server.

Post by **NeddySeagoon** » Sat Dec 10, 2022 6:53 pm

Taigo,

The default DHCP settings provided by thu virt-manager is to have the gateway at 192.168.122.1 and the rest of the 192.168.122.0/24 subnet available for VMs.
They will all use 192.168.122.1 for NAT.

Feel free to change everything but you have to change all the bits together, or it won't work.

It sounds like you are expected to set up a router.
Not to give the game away entirely., there are several guides on the wiki for that.

alamahant · Post by **alamahant** » Sat Dec 10, 2022 9:41 pm

If the 2 VM are assigned a bridged adapter they will share the host LAN and be able to talk to each other the host and the outer internet.
If they are created in two separate LANs ie you assign them different NAT ifaces then both will be able to talk to the internet but NOT each other.To enable intra lan communication you need to add 6 iptables rules on the host.
A third case they both reside in the same network ,be it the host LAN or some NAT network but the one has connection to the internet and the second doesnt.
Which case best describes your needs?

szatox · Post by **szatox** » Sat Dec 10, 2022 11:51 pm

Oh, well, you clearly need a bridge to connect 2 machines (without connecting them to the internet) and an extra interface on one of them that will allow the traffic to go outside. The latter can even be in "user mode" for pretty much zero-config at the expense of performance you don't need there anyway.

My teacher told me not to use bridges

Told you not to use bridges in what scope?
I bet he meant inside your windows machines. It's kinda implied by the context, since you're using qemu to do a vmware exercise... It tells me it's about windows guests and not about vmware.

Extracting requirements out of your customer (teacher) is the often the most tricky part of building the system.
Get used to asking questions, it will make your life much easier down the line. People often don't know what they want, or they want mutually exclusive features they don't need. What is the purpose of this system? What procedures is it supposed to serve? Ask about the problem, you can come up with a solution by yourself, once you know why it's needed.

Taigo · Post by **Taigo** » Sun Dec 11, 2022 2:38 am

i guess it would work if I give vm 1 internet through NAT and connecting vm 1 with 2 using a bridge but I'm not so familiar with setting them up (which i hope google will help me) and connecting them so they act just like they would be connected to a hub/switch.

I bet he meant inside your windows machines. It's kinda implied by the context, since you're using qemu to do a vmware exercise... It tells me it's about windows guests and not about vmware.

It's actually a funny thing because the teachers teach you how to do it in VMware and the school uses that but the book we use actually uses hyperV.

alamahant · Post by **alamahant** » Sun Dec 11, 2022 10:43 am

i guess it would work if I give vm 1 internet through NAT and connecting vm 1 with 2 using a bridge

You can not bridge bridges.
In your host you will have something like virbr0 vrbr1 etc.
These are bridges created and used by libvirt.
What i would do is create a second NAT network from virt-manager UI.
Assign default network to the one VM,assign the second NAT to the second VM and then on the host use something like

Code: Select all

iptables -t nat -I POSTROUTING 1 -o virbr0 -j MASQUERADE
iptables -t nat -I POSTROUTING 1 -o virbr1 -j MASQUERADE

iptables -t nat -I POSTROUTING 1 -s 192.168.122.0/24 -d 10.1.2.0/24 -j ACCEPT
iptables -t nat -I POSTROUTING 1 -d 192.168.122.0/24 -s 10.1.2.0/24 -j ACCEPT

iptables -I FORWARD 1 -d 192.168.122.0/24 -s 10.1.2.0/24 -j ACCEPT
iptables -I FORWARD 1 -s 192.168.122.0/24 -d 10.1.2.0/24 -j ACCEPT

I checked it in my machine and it works just fine.
Plz adapt the above rules to your environment.
Enable in the host ip forwarding:
Check it out

Code: Select all

sysctl -a | grep forward

Make sure you have

Code: Select all

net.ipv4.ip_forward = 1

If not then run

Code: Select all

echo "net.ipv4.ip_forward = 1" >> /etc/sysctl.d/90-ip-forward.conf
sysctl -p /etc/sysctl.d/90-ip-forward.conf

Then on VM2 you have to set it to use VM1 dns server.Otherwise it will not be able to join the AD domain.
IF on the other hand you wish VM2 to be isolated with no internet access then in virt-manager UI when creating second network choose "Isolated" instead of "NAT".
IF you want to cheat though the easiest way is to assign both vms 2 network adapters,one for each network and dont do anything of the above.
But this is cheating maybe?

Post by **NeddySeagoon** » Sun Dec 11, 2022 11:49 am

Taigo,

A bridge is the software equivalent of an Ethernet hub. To connect virtual machines together you connect both (or more) to the same bridge. Think of it as connecting the virtual Ethernet cables together.
The host may or may not connect to the bridge.

Taigo · Post by **Taigo** » Sun Dec 11, 2022 4:19 pm

ahhh, thanks for that information. that sound exact like what i need. i guess o will try connecting them now.

Taigo · Post by **Taigo** » Sun Dec 11, 2022 4:32 pm

I have created virbr0 but when i add the cards to the vm and start it the bridges don't seem to have an ip. also seems like it created other devices called vnet0 vnet1 and vnet2. I went with the default settings so i could have had something i needed to do but i don't know what that would or could be.

alamahant · Post by **alamahant** » Sun Dec 11, 2022 4:34 pm

I have created virbr0 but when i add the cards to the vm and start it the bridges don't seem to have an ip

virbr0 is created automatically by libvirt for its default NAT network.
You dont need to create it.
You only need to create a second NAT network from virt-manager UI->edit->connection details-->networks.
vnet0 vnet1 and vnet2 are slaves to the bridges created by libvirt.Its the ifaces that inside the VM will appear as eth0 eth1 etc

Taigo · Post by **Taigo** » Sun Dec 11, 2022 4:42 pm

alamahant wrote:
I have created virbr0 but when i add the cards to the vm and start it the bridges don't seem to have an ip
virbr0 is created automatically by libvirt for its default NAT network.
You dont need to create it.
You only need to create a second NAT network from virt-manager UI->edit->connection details-->networks.
vnet0 vnet1 and vnet2 are slaves to the bridges created by libvirt.Its the ifaces that inside the VM will appear as eth0 eth1 etc

oh I see, do I have to use the default settings or is there anything j should change because it looks like I can forward it to "any physical device" or "physical device"(I assume a specific one)

alamahant · Post by **alamahant** » Sun Dec 11, 2022 4:44 pm

oh I see, do I have to use the default settings or is there anything j should change because it looks like I can forward it to "any physical device" or "physical device"(I assume a specific one)

Meaning?
Ah ok yes.In virt-manager UI leave it as the default

Code: Select all

Forward to --> "Any physical device"
Mode --> NAT
Ipv4 configuration --> create your network here.You can accept the default given to you by virt-manager or you can change it also.
Ipv6 configuration --> leave it as it is.Disabled

What is your host?Is it Gentoo?
Have you created your 2 windows VM?
If yes just start libvirtd and post

Code: Select all

ip a

Taigo · Post by **Taigo** » Sun Dec 11, 2022 4:59 pm

ip a output: http://0x0.st/odhx.txt

I added the new created network and the bridge on both VMs and it looks like progress, both VMs now have 2 ethernet when running ipconfig. (thanks in advance)

alamahant · Post by **alamahant** » Sun Dec 11, 2022 5:06 pm

I added the new created network and the bridge on both VMs and it looks like progress

Which bridge?
Just assign to the two VMs the two NAT adapters one to each.
You have

8: virbr0: <BROADCAST,MULTICAST> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:39:aa:f0 brd ff:ff:ff:ff:ff:ff
16: virbr1: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 52:54:00:97:2b:7f brd ff:ff:ff:ff:ff:ff
inet 192.168.112.1/24 brd 192.168.112.255 scope global virbr1

I suppose the virbr1 was just created no?When you created your new NAT network no?
Did libvirt not auto create a default NAT network probably virbr0 with an address 192.168.122.0/24?
I see virbr0 is down.
Plz check again in virt-manager UI.
And if not running start it and set it to auto start.

Post by **NeddySeagoon** » Sun Dec 11, 2022 5:19 pm

Taigo,

Leave the defaults alone. They work and you may want to use the default network to fix things.

Make a new bridge on the host, call it br0 so you know its not being managed by virt-manager.
Add a second network card to each VM and connect it to br0.
That's the two VMs connected together.

Think of a private IP range that you don't use yet. 10.10.10.0/24 will do.
Inside each VM, on the interface connected to br0, assign static IPs from the 10.10.10.0/24 subnet.
They must be unique. say 10.10.10.a/24 and 10.10.10.b/24 you pick a and b. You must not use 0 or 255 by anything in between is good.

Ping 10.10.10.a from 10.10.10.b and vice versa is expected to work.

br0 is a bridge with two ports, so its just like an Ethernet cable joint.
Now you have a private network between the VMs and the 192.168.122.0/24 that goes between the VMs and the host with NAT.

If the ping 10.10.10.a works, remove the 192.168.122.0/24 IP address from VM2.
Now it can only connect to VM1 via the bridge. Ping should still work.

alamahant · Post by **alamahant** » Sun Dec 11, 2022 5:27 pm

Ok plz follow @Neddy suggestion.
Its more elegant and simple than my own.
I was trying to avoid assigning 2 adapters to each VM.
But its better the way Neddy suggested.

Taigo · Post by **Taigo** » Sun Dec 11, 2022 9:29 pm

NeddySeagoon wrote:Taigo,

Leave the defaults alone. They work and you may want to use the default network to fix things.

Make a new bridge on the host, call it br0 so you know its not being managed by virt-manager.
Add a second network card to each VM and connect it to br0.
That's the two VMs connected together.

Think of a private IP range that you don't use yet. 10.10.10.0/24 will do.
Inside each VM, on the interface connected to br0, assign static IPs from the 10.10.10.0/24 subnet.
They must be unique. say 10.10.10.a/24 and 10.10.10.b/24 you pick a and b. You must not use 0 or 255 by anything in between is good.

Ping 10.10.10.a from 10.10.10.b and vice versa is expected to work.

br0 is a bridge with two ports, so its just like an Ethernet cable joint.
Now you have a private network between the VMs and the 192.168.122.0/24 that goes between the VMs and the host with NAT.

If the ping 10.10.10.a works, remove the 192.168.122.0/24 IP address from VM2.
Now it can only connect to VM1 via the bridge. Ping should still work.

i tried it but when i ping with vm 1 to 2 it times out but when i ping from 2 to 1 it tells me "reply from 10.10.10.3: destination host unreachable" so it looks like vm 1 is having problems pinging vm 2. By creating the bridge i used "nmtui" and changed the ipv4 configuration to automatic and added "10.10.10.0/24" as ip and "10.10.10.1" as default gateway, which now im typing this i realised there's no router in that path so after this i'll try removing the gateway but i don't think it will make much difference,
i assigned 10.10.10.2 to vm 1 and 10.10.10.3 to vm2. vm 1 is connected to the host device and the bridge but vm 2 only is connected to the bridge.

Taigo · Post by **Taigo** » Sun Dec 11, 2022 9:32 pm

update: strangely, also connecting vm 2 to the host results in both machines timing out when pinging each other.