Hello, I have an Alma Linux server installed with just the “server” option from the installer. I’ve updated it and installed cockpit-machines, enabled cockpit and setup SSL with certbot. Everything works great and all my VMs are setup using the “direct - source primary” since I only have one NIC.
My issue is that even though I was able to set up the VMs on the same subnet, they can’t communicate with each other or other machines on the network. I tried creating a bridge from the networking screen in cockpit but that renders my system inaccessible. I’ve RTFM several times and can’t understand what I am missing. At this point I have wrecked my install so many times, I’m about ready for a new SSD
First, I’ve never used the cockpit so can’t say what/how it does things. (I use ssh and CLI tools.)
I presume that cockpit uses libvirt/KVM as the hypervisor. Libvirt does, by default, create a virtual network named “default”. Technically, it is just a software bridge – a virtual network switch. It does, however, provide DHCP and DNS for the VM guests that are connected to it (so the VM’s can get network config with DHCP). Furthermore, the host is on that subnet and acts as router (aka ‘gateway’) to outside. A router that does masquerade (aka ‘sNAT’) the outgoing traffic, i.e. hides the existence of VM’s from outsiders. The firewall rules of the host allow traffic and there is nothing that prevents members of “default” from talking to each other.
In the above the host has “two NICs”. The physical and a virtual, and it has IP addresses in both.
In “bridged” setup there is also a software bridge. However, the physical NIC is used as one port of that “network switch” and the VM’s are linked to “other ports on the switch”. That is, the VM’s are directly connected to the subnet that is outside of the host. There is no NAT, no routing, and the host has only one IP address – assigned to the bridge.
Convertsion from “IP on NIC” into “IP on Bridge and NIC as its port” is indeed tricky if you have to do it via network connection as there are more than one step. I take you can somehow recover from “inaccessible system”?
You could gather information, both on the host and VMs. I would do it from command-line:
nmcli
nmcli d s
nmcli c s
ip ro
(The outputs of those are somewhat redundant, just to show different methods.)
I think nmcli is the only way to get this done but I am having issues with that as well. I’ve done the following.
I ran lsmod | grep bridge and came up empty so I ran sudo modprobe --first-time bridge
nmcli con show only listed enp0s31f6 so I did this:
nmcli con add ifname br0 type bridge con-name br0
nmcli con add type bridge-slave ifname enp0s31f6 master br0
nmcli con up br0
nmcli con delete enp0s31f6
After I restart NetworkManager and run nmcli con show, I see br0 and bridge-slave-enp0s31f6 are the only two connections listed and they are green. But my server can no longer access the internet. I’m sure I am still missing something.
EDIT: After I messed with this last night and it didn’t work. I turned it all off and went to bed. This morning I fire it up and it works fine with the above config. I guess sudo systemctl restart NetworkManager.service just wasn’t doing it and I should have rebooted.
SOLUTION: The above setup worked for me on a clean install AFTER REBOOT.
Thanks to everyone that helped. I was hoping to figure this out in Cockpit so I could show some folks who aren’t quite as savvy but at least I can script the NM config for them.
@MartinR our files look pretty similar except that I am blocking IPv6 and you have set a DOMAIN in your br0 conf and a ZONE in your other conf. The DOMAIN is obvious to me but what is the zone? Also, I love that you actually redacted stuff. I just made up some other numbers to mask my own but your way made me smile lol.
I don’t touch, hardly ever even look at the ifcfg-* files. I tend to give most options already on the nmcli con add.
The configuration of a connection, as NM sees it, one can peek with nmcli c s br0 which shows both stored and currently active values.
Is the ipv4 config identical to what you had before (on enp0s31f6)?
You have set static addresses manually. Doesn’t the subnet have DHCP?
If it helps, my main machine has had a bridge running for years, reinstalled for 7->8 but otherwise pretty well untouched. My VMs appear on the network quite happily. The network is the default 192.168.1/24 behind a router/firewall. Here’s the relevant files:
Can’t help with the nmcli though, I tend to regard the network mangler as something to live with, like an arthritic knee, rather than something to enjoy.
Edit: I forgot to say, this machine hosts DNS and DHCP so that’s why there are fixed addresses.
