diff --git a/content/posts/archlinux-and-bridged-libvirt-plus-ufw.rst b/content/posts/archlinux-and-bridged-libvirt-plus-ufw.rst new file mode 100644 index 0000000..cb4850d --- /dev/null +++ b/content/posts/archlinux-and-bridged-libvirt-plus-ufw.rst @@ -0,0 +1,68 @@ +Arch+libvirt+bridges+ufw +######################## +:date: 2014-07-03 14:48 +:tags: archlinux,libvirt,network-bridge,ufw,netctl + +I never thought getting bridged network for libvirt +clients to work under archlinux. Here is the digest. + +Adding Bridge Network with netctl +--------------------------------- +eth0 needs to be up in order to get the bridge working + + +**/etc/netctl/bridge** + +.. code-block:: bash + + Description='bridge' + Interface=br0 + Connection=bridge + BindsToInterface=(eth0) + IP=static # or dhcp + Address=('1.2.3.4/24') + Gateway='1.2.3.1' + DNS=('1.2.3.3') + ExecUpPost="brctl stp $Interface on||:" + +**/etc/netctl/eth_bridged** + +.. code-block:: bash + + Description='eth0 without ip' + Interface=eth0 + Connection=ethernet + IP=no + IP6=no + +**enable the bridge** + +.. code-block:: bash + + systemctl disable dhcpcd@eth0 # if applicable + netctl enable bridge + netctl enable eth_bridged + +After a reboot the interface should be available and libvirt should be able to use the bridge for libvirt clients. +If you have ufw in place, add this line to **/etc/ufw/before{,6}.rules** between \*filter and COMMIT : + +.. code-block:: bash + + -I FORWARD -m physdev --physdev-is-bridged -j ACCEPT + +maybe you also need the following lines in **/etc/sysctl.d/bridge.conf**: + +.. code-block:: bash + + net.bridge.bridge-nf-call-ip6tables = 0 + net.bridge.bridge-nf-call-iptables = 0 + net.bridge.bridge-nf-call-arptables = 0 + +enable security changes + +.. code-block:: bash + + ufw disable + ufw enable + sysctl -p /etc/sysctl.d/bridge.conf +