Bridged Networking Setup

Introduction To Bridged Networking

Normally Xen and KVM virtual systems are configured so that they appear to be directly connected to the same LAN as the host system, and so can talk to the network without having their packets routed through the host. A bridge is typically created (xenbr0 for Xen or br0 for KVM), but this operates at the Ethernet level by connecting the host's real interface eth0 with peth or tap interfaces used by virtual machines.

However, some colocation providers don't allow additional virtual systems to be directly connected to the same LAN as their hosts - Hetzner for example is one commonly used by Cloudmin customers that have this restrictions. Also, a direct connection limits the firewalling you can do to restrict or protect virtual systems. And it requires that each virtual system have an IP address that is valid on the same LAN as the host system, which is typically a real Internet IP address.

Address Ranges for Bridged Networking

The first step to setup a network bridge is to work out the IP range that will be used by your virtual systems. Typically this is assigned by your hosting company, and includes a starting IP, ending IP and netmask. However, it is also possible to use an RFC 1918 address range like 192.168.1.1 to 192.168.1.255. In this case, you will also need to setup NAT so that your virtual systems can access the Internet.

Setting Up Bridged Networking

This page uses the term "bridged networking" to describe a setup in which virtual systems are connected to an additional bridge on the host, normally named br1. It is most commonly used with KVM, but the same principals apply to open-source Xen as well.

Bridge setup is best done before any virtual systems are created. It must be repeated on each host system, after Webmin, Cloudmin or Virtualmin is installed.

If your system runs the latest Webmin, the steps to setup a bridge are :

  1. Login to Webmin on the host system, and go to Networking -> Network Configuration -> Network Interfaces.
  2. Click on the Add a new bridge link. The number for a new bridge should be filled in auto
  3. Select Static configuration, and fill in the IPv4 address and Netmask fields. The address should be the first IP in the range you plan to use for this bridge.
  4. Select None in the Connect bridge to interface field.
  5. Click the Create and Apply button.

Otherwise you can setup a bridge on Debian or Ubuntu Linux as follows :

  1. Edit the /etc/network/interfaces and add a section like :
iface br1 inet static
        address 192.168.1.1
        netmask 255.255.255.0
        broadcast 192.168.1.255
        network 192.168.1.0
        pre-up brctl addbr br1
  1. Run the command ifup br1

Or on Redhat, Fedora or CentOS Linux :

  1. Create the file /etc/sysconfig/network-scripts/ifcfg-br1 containing :
BOOTPROTO=none
MACADDR=""
IPV6INIT=yes
TYPE=Bridge
DEVICE=br1
NETMASK=255.255.255.0
MTU=""
BROADCAST=192.168.1.255
IPADDR=192.168.1.1
NETWORK=192.168.1.0
ONBOOT=yes
  1. Run the command ifup br1

Enabling Routing

Once the bridge has been created, you will need to make sure that your system is configured to route traffic between it and the LAN. This can be done in Webmin on the host as follows :

  1. Go to Networking -> Network Configuration -> Routing and Gateways.
  2. Change the Act as router? option to Yes, and click Save.
  3. Click the Apply Configuration button.

If your Cloudmin master system is different from the host on which the bridge has been created, you may also need to add a static route for the bridge network with the host system as the gateway.

Enabling NAT

If your IP range is for internal use only, you should enable NAT so that virtual systems can access the Internet. Note that this will allow only outgoing connections, unless you also setup one to one destination NAT.

The steps to setup network address translation are :

  1. Login to Webmin on the host system, and go to Networking -> Linux Firewall.
  2. If your firewall has not been setup, you will be promoted for an initial configuration. Choose NAT, with eth0 being the external interface.
  3. Otherwise, select the Network address translation table and add a rule in the POSTROUTING chain with the action set to Masquerade and the Outgoing interface set to eth0.
  4. Click the Apply Configuration button.

Using Bridged Networking in Cloudmin

Once a network bridge has been created, you can configure Cloudmin to use it on the host as follows :

  1. Login to the Cloudmin master and go to Host Systems -> KVM Host Systems and click on the host machine. If the host has not been registered yet, follow the documentation on the Setting Up KVM Virtualization page.
  2. In the IP address allocation ranges section, enter or select the IP range for your bridged network. In the Bridge column, select br1.
  3. Enter the IP address of the host system that was assigned to br1 as the default gateway.
  4. In the Bridges on host system for KVM interfaces field, select br1
  5. Click the Save button.