summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakefu <root@pigstarter.de>2014-09-12 14:05:29 +0200
committermakefu <root@pigstarter.de>2014-09-12 14:05:29 +0200
commit80a6b5b7662e42c964409cb56b03fe168f7aa353 (patch)
tree883200fddddd695180d3f4d8acb0e17677124015
parent83db04970ef2cccc6170aa2f27457b94ab2f8403 (diff)
add libvirt bridge
-rw-r--r--content/posts/archlinux-and-bridged-libvirt-plus-ufw.rst68
1 files changed, 68 insertions, 0 deletions
diff --git a/content/posts/archlinux-and-bridged-libvirt-plus-ufw.rst b/content/posts/archlinux-and-bridged-libvirt-plus-ufw.rst
new file mode 100644
index 0000000..cb4850d
--- /dev/null
+++ b/content/posts/archlinux-and-bridged-libvirt-plus-ufw.rst
@@ -0,0 +1,68 @@
+Arch+libvirt+bridges+ufw
+########################
+:date: 2014-07-03 14:48
+:tags: archlinux,libvirt,network-bridge,ufw,netctl
+
+I never thought getting bridged network for libvirt
+clients to work under archlinux. Here is the digest.
+
+Adding Bridge Network with netctl
+---------------------------------
+eth0 needs to be up in order to get the bridge working
+
+
+**/etc/netctl/bridge**
+
+.. code-block:: bash
+
+ Description='bridge'
+ Interface=br0
+ Connection=bridge
+ BindsToInterface=(eth0)
+ IP=static # or dhcp
+ Address=('1.2.3.4/24')
+ Gateway='1.2.3.1'
+ DNS=('1.2.3.3')
+ ExecUpPost="brctl stp $Interface on||:"
+
+**/etc/netctl/eth_bridged**
+
+.. code-block:: bash
+
+ Description='eth0 without ip'
+ Interface=eth0
+ Connection=ethernet
+ IP=no
+ IP6=no
+
+**enable the bridge**
+
+.. code-block:: bash
+
+ systemctl disable dhcpcd@eth0 # if applicable
+ netctl enable bridge
+ netctl enable eth_bridged
+
+After a reboot the interface should be available and libvirt should be able to use the bridge for libvirt clients.
+If you have ufw in place, add this line to **/etc/ufw/before{,6}.rules** between \*filter and COMMIT :
+
+.. code-block:: bash
+
+ -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT
+
+maybe you also need the following lines in **/etc/sysctl.d/bridge.conf**:
+
+.. code-block:: bash
+
+ net.bridge.bridge-nf-call-ip6tables = 0
+ net.bridge.bridge-nf-call-iptables = 0
+ net.bridge.bridge-nf-call-arptables = 0
+
+enable security changes
+
+.. code-block:: bash
+
+ ufw disable
+ ufw enable
+ sysctl -p /etc/sysctl.d/bridge.conf
+