Figuring out how to share a bridge/connection between host and VM

Hi all, on my desktop system I want to make the VMs available to be seen by the network, which as far as I understand required me to bridge the virtual network to the physical device.

However after this, the physical device is no longer available for use by the host machine. I have asked about this before on discussion.fedoraproject.org but I couldn’t figure out how to make it work.

A new idea I have is to set to another VM or a firewall (Pi-Hole) which is bridged to the physical ethernet connection and somehow route the host VM through this. However after much Googling I cannot seem to figure this out either.

Any pointers or help would be much appreciated.

This is not necessarily true.

I have several virtual machines running on my server using bridging to the virtual virbr0 device. The host interface on my LAN is at 192.168.2.111 and my virbr0 device is in the subnet 192.168.124.0/24.

I simply added a dedicated route on my gateway router that told it the subnet 192.168.124.0 was to be directed to the 192.168.2.111 address and every other machine on my LAN is able to connect to the VMs at will.

No changes were made to networking on the host.

Are you aware of any guides how to do this?

For me virbr0 is on ip 192.168.122.0 with range 192.168.122.2 - 192.168.122.254, Forwarding: NAT

The physical connection ip address is 192.168.0.96. Just in case it adds more info:

ip route
default via 192.168.0.1 dev enp3s0 proto dhcp src 192.168.0.96 metric 100 
default via 192.168.0.1 dev wlp5s0 proto dhcp src 192.168.0.138 metric 600 
192.168.0.0/24 dev enp3s0 proto kernel scope link src 192.168.0.96 metric 100 
192.168.0.0/24 dev wlp5s0 proto kernel scope link src 192.168.0.138 metric 600 
192.168.122.0/24 dev virbr0 proto kernel scope link src 192.168.122.1 
[naheemsays@fedora ~]$ 

I tried:

sudo ip route add 192.168.122.0/24 dev enp3s0
RTNETLINK answers: File exists

In the VM you have to define the networking as bridged via virbr0, then it will automatically be assigned an address in the 192.168.122.0/24 subnet.
Once that is done and you are no longer bridged to the physical interface it should just work for you.

You do not need to add a route on the host (which seems what you tried to do, and send it out via the ethernet), but on the gateway router for your LAN (which will direct contact from the LAN to your VM via the host IP). The output of ip route above shows the host already has the route to the 192.168.122.0 subnet, and that the host address on that subnet is 192.168.122.1.

On the VM, once the change is made and you reboot, you should see with ip addr that it now has an address on that subnet, and ip route should show the default route as going to 192.168.122.1 on the host.

The result should be
LAN → gateway → host ip → (forwarded to) IP of the VM on the 192.168.122.0/24 subnet

Your route add command above tried to send the 192.168.122.0/24 subnet via enp3s0 which is the physical interface facing the LAN while that subnet is already attached to virbr0 and already has a route via virbr0, which explains the ‘File exists’ message.

As I stated earlier, I only had to add the route on my gateway router to direct traffic from the LAN to the host containing the VM.

Do steps 1-5 before you fiddle with routing.

  1. configure the VM to use bridged network via the virbr0 device and not NAT
  2. boot the vm, and use ip addr to see what IP it is assigned (192.168.122.??)
  3. From the VM ping the host at 192.168.122.1
  4. From the VM ping the host at its LAN IP (192.168.0.96)
  5. From the host ping the VM at the address discovered in #2 above. (192.168.122.??)
  6. Only after all the above works, then establish the route on the gateway router, and from another machine ping the VM address. It should work.

Using NAT I experienced that I could get outward connection but for inward connections it did not work since NAT requires the VM establish the connection and does not accept connections that originate externally.

I also see this.

You have 2 different interfaces active on the same subnet at the same time, with routing via both. That config will often cause frustrating and difficult to trace network issues. It is normally suggested that you only ever have one interface active on one subnet at a time to avoid potential network issues. I suggest that you disable either the ethernet or the wifi and only leave one of those active. When you do the routing for the VM on the gateway you can only add one of those IPs anyway.

This helped me (I’m using a bridge/port direct to the Hardware adapter.):
Virtual Machine Manager | Bridged Network | Why so complicated to achiev? - #2 by jorti - Fedora Discussion

Thanks for sticking with me as I try to figure this out.

I have done steps 1-5.

For step 6 is it required to be a separate device as gateway? For me my PC is plugged straight into the router and the router doesnt allow configuring anything on there.

This works for bridge the VM connection, but then I cant use it for the host connection - I need a separate connection for that and as this is a desktop machine that is just hosting some VMs its important for it to have connectivity too.

I couldnt figure this out and since I had a spare ethernet card lying around, I decided to add that to my PC and use that for the Bridged VM connection.

Works for me but not perfect for others who may be trying to do the same thing - especially if they have a laptop, but I am closing this for now.

Below the connection i use locally on my computer. I check it with nmcli if they are running.
It should come up automatically if you make it as described in the link above.
If one of them is not green/not active you can start it with:

nmcli c up br0-port or
nmcli c up br0

$ nmcli c
NAME      UUID                                  TYPE      DEVICE  
br0       xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx    bridge    br0     
br0-port  xxxx-xxxx-xxxx-xxxx-xxxx-xxxx-xxxx    ethernet  enp0s25