I am trying to configure VMs to act like devices on my LAN, instead of hiding behind the host.
This is the tutorial I followed: RHEL8 Network Bridged Interface
My router/DHCP is at 10.10.1.254
Host is a CentOS 8 VM running inside ESXi – on DHCP with IP 10.10.1.54 , host can access internet/LAN and VMs.
Guest is also CentOS 8 – manages to get DHCP lease with IP 10.10.1.55 but can't connect to anything other than the host. It can't even ping the router at 10.10.1.254 even though it somehow gets a DHCP lease. I tried enabling net.ipv4.ip_forward on the host but that didn't fix it.
I also tried netinstall of CentOS7 guest. It manages to pull settings via DHCP, but it doesn't have network access as well.
Here is the host config:
-
ifcfg-bridge-slave-ens192
TYPE=Ethernet NAME=bridge-slave-ens192 UUID=... DEVICE=ens192 ONBOOT=yes BRIDGE=br0 -
ifcfg-br0
STP=yes BRIDGING_OPTS=priority=32768 TYPE=Bridge PROXY_METHOD=none BROWSER_ONLY=no BOOTPROTO=dhcp DEFROUTE=yes IPV4_FAILURE_FATAL=no IPV6INIT=yes IPV6_AUTOCONF=yes IPV6_DEFROUTE=yes IPV6_FAILURE_FATAL=no IPV6_ADDR_GEN_MODE=stable-privacy NAME=br0 UUID=.... DEVICE=br0 ONBOOT=yes
Finally in virt-manager under VM NIC I have set "Specify shared device name" as network source, and then under bridge name I have "br0" and type is "virtio".
# nmcli c show --active
Name - Type - Device
br0 - bridge - br0
bridge-slave-ens192 - ehernet - ens192
vnet0 - tun - vnet0
# virsh net-list -all
Name - State - Autostart - Persistent
br0 - active - yes - yes
# iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
# sysctl net.ipv4.ip_forward
net.ipv4.ip_forward = 1
Best Answer
The problem was not in the bridged network configuration.
Since the KVM host is running inside ESXi as a VM I had to enable promiscuous mode on the ESXi vSwitch.
Enabling promiscuous mode in vSwitch security settings fixed my issue.