plembo · June 30, 2025 10:09 · Apr 4, 2025 · Apr 4, 2025 · Apr 4, 2025 · Apr 4, 2025
diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -2,7 +2,7 @@
 This will work with either networkd or NetworkManager as a resolver. In fact, this is the _only_ way to do bridged KVM
 (libvirtd) networking with NetworkManager.
 
-If you're using NetworkManager (on a desktop or laptop, for example) on your KVM host, follow [these instructions](https://gist.github.com/plembo/f7abd2d9b6f76e7afdece02dae7e5097) to set up a bridge interface. Once you have the bridge up, be sure to change the default firewall rules as described in vinzcamp8's [comment below](https://gist.github.com/plembo/a7b69f92953a76ab2d06533754b5e2bb?permalink_comment_id=5519208#gistcomment-5519208).
+If you're using NetworkManager (on a desktop or laptop, for example) on your KVM host, follow [these instructions](https://gist.github.com/plembo/f7abd2d9b6f76e7afdece02dae7e5097) to set up a bridge interface.
 
 Once you have the host bridge set up, proceed as follows:
 

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -2,7 +2,7 @@
 This will work with either networkd or NetworkManager as a resolver. In fact, this is the _only_ way to do bridged KVM
 (libvirtd) networking with NetworkManager.
 
-If you're using NetworkManager (on a desktop or laptop, for example) on your KVM host, follow [these instructions](https://gist.github.com/plembo/f7abd2d9b6f76e7afdece02dae7e5097) to set up a bridge interface. Once you have the bridge up, be sure to change the default firewall rules as [described here](https://gist.github.com/plembo/38ae4e8b255fdd61ef592f7b05cd1e1a), or simply follow vinzcamp8's less tedious procedure in [the comments below](https://gist.github.com/plembo/a7b69f92953a76ab2d06533754b5e2bb?permalink_comment_id=5519208#gistcomment-5519208).
+If you're using NetworkManager (on a desktop or laptop, for example) on your KVM host, follow [these instructions](https://gist.github.com/plembo/f7abd2d9b6f76e7afdece02dae7e5097) to set up a bridge interface. Once you have the bridge up, be sure to change the default firewall rules as described in vinzcamp8's [comment below](https://gist.github.com/plembo/a7b69f92953a76ab2d06533754b5e2bb?permalink_comment_id=5519208#gistcomment-5519208).
 
 Once you have the host bridge set up, proceed as follows:
 

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -2,7 +2,7 @@
 This will work with either networkd or NetworkManager as a resolver. In fact, this is the _only_ way to do bridged KVM
 (libvirtd) networking with NetworkManager.
 
-If you're using NetworkManager (on a desktop or laptop, for example) on your KVM host, follow [these instructions](https://gist.github.com/plembo/f7abd2d9b6f76e7afdece02dae7e5097) to set up a bridge interface. Once you have the bridge up, be sure to change the default firewall rules as [described here](https://gist.github.com/plembo/38ae4e8b255fdd61ef592f7b05cd1e1a), or simply follow vinzcamp8's procedure in [the comments below](https://gist.github.com/plembo/a7b69f92953a76ab2d06533754b5e2bb?permalink_comment_id=5519208#gistcomment-5519208).
+If you're using NetworkManager (on a desktop or laptop, for example) on your KVM host, follow [these instructions](https://gist.github.com/plembo/f7abd2d9b6f76e7afdece02dae7e5097) to set up a bridge interface. Once you have the bridge up, be sure to change the default firewall rules as [described here](https://gist.github.com/plembo/38ae4e8b255fdd61ef592f7b05cd1e1a), or simply follow vinzcamp8's less tedious procedure in [the comments below](https://gist.github.com/plembo/a7b69f92953a76ab2d06533754b5e2bb?permalink_comment_id=5519208#gistcomment-5519208).
 
 Once you have the host bridge set up, proceed as follows:
 

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -2,7 +2,7 @@
 This will work with either networkd or NetworkManager as a resolver. In fact, this is the _only_ way to do bridged KVM
 (libvirtd) networking with NetworkManager.
 
-If you're using NetworkManager (on a desktop or laptop, for example) on your KVM host, follow [these instructions](https://gist.github.com/plembo/f7abd2d9b6f76e7afdece02dae7e5097) to set up a bridge interface. Once you have the bridge up, be sure to change the default firewall rules as [described here](https://gist.github.com/plembo/38ae4e8b255fdd61ef592f7b05cd1e1a), or simply follow vinzcamp8's howto in the comments below.
+If you're using NetworkManager (on a desktop or laptop, for example) on your KVM host, follow [these instructions](https://gist.github.com/plembo/f7abd2d9b6f76e7afdece02dae7e5097) to set up a bridge interface. Once you have the bridge up, be sure to change the default firewall rules as [described here](https://gist.github.com/plembo/38ae4e8b255fdd61ef592f7b05cd1e1a), or simply follow vinzcamp8's procedure in [the comments below](https://gist.github.com/plembo/a7b69f92953a76ab2d06533754b5e2bb?permalink_comment_id=5519208#gistcomment-5519208).
 
 Once you have the host bridge set up, proceed as follows:
 

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -2,7 +2,7 @@
 This will work with either networkd or NetworkManager as a resolver. In fact, this is the _only_ way to do bridged KVM
 (libvirtd) networking with NetworkManager.
 
-If you're using NetworkManager (on a desktop or laptop, for example) on your KVM host, follow [these instructions](https://gist.github.com/plembo/f7abd2d9b6f76e7afdece02dae7e5097) to set up a bridge interface.
+If you're using NetworkManager (on a desktop or laptop, for example) on your KVM host, follow [these instructions](https://gist.github.com/plembo/f7abd2d9b6f76e7afdece02dae7e5097) to set up a bridge interface. Once you have the bridge up, be sure to change the default firewall rules as [described here](https://gist.github.com/plembo/38ae4e8b255fdd61ef592f7b05cd1e1a), or simply follow vinzcamp8's howto in the comments below.
 
 Once you have the host bridge set up, proceed as follows:
 

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -28,7 +28,7 @@ Load the br_netfilter module:
 $ sudo modprobe br_netfilter
 ```
 
-Persist on reboot by creating /etc/modules-load.d/br_netfilter.conf with this line in it:
+Persist on reboot by creating /etc/modules-load.d/br_netfilter.conf:
 ```bash
 $ sudo echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf
 ```

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -21,8 +21,9 @@ $ virsh net-define host-bridge.xml
 $ virsh net-start host-bridge
 $ virsh net-autostart host-bridge
 ```
-2. Make it possible for hosts outside of KVM to talk to your bridged guest.
+2. Make it possible for hosts outside of KVM to talk to your bridged guest by making the following changes on the KVM host.
 
+Load the br_netfilter module:
 ```bash
 $ sudo modprobe br_netfilter
 ```

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -23,15 +23,6 @@ $ virsh net-autostart host-bridge
 ```
 2. Make it possible for hosts outside of KVM to talk to your bridged guest.
 
-Append to /etc/ufw/before.rules:
-```bash
-# allow all traffic to 10.1.1.110
--A FORWARD -d 10.1.1.110 -j ACCEPT
--A FORWARD -s 10.1.1.110 -j ACCEPT
-```
-The above network address is entirely fictional, use an address on your local network instead.
-
-Load br_netfilter module:
 ```bash
 $ sudo modprobe br_netfilter
 ```

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -60,7 +60,7 @@ $ sudo sysctl -a | grep "bridge-nf-call"
 ```
 
 3. Configure the guest to use host-bridge.
-Open up the Virtaual Machine Manager and then select the target guest. Go to the NIC device. The drop down for
+Open up the Virtual Machine Manager and then select the target guest. Go to the NIC device. The drop down for
 "Network Source" should now include a device called "Virtual netowrk 'host-bridge'". The "Bridge network device
 model" will be "virtio" if that's your KVM configuration's default.
 

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -38,7 +38,7 @@ $ sudo modprobe br_netfilter
 
 Persist on reboot by creating /etc/modules-load.d/br_netfilter.conf with this line in it:
 ```bash
-br_netfilter
+$ sudo echo "br_netfilter" > /etc/modules-load.d/br_netfilter.conf
 ```
 
 Create /etc/sysctl.d/10-bridge.conf:

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -50,7 +50,7 @@ net.bridge.bridge-nf-call-arptables=0
 ```
 
 Apply the config now:
-``bash
+```bash
 $ sudo sysctl -p /etc/sysctl.d/10-bridge.conf
 ```
 

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -31,17 +31,34 @@ Append to /etc/ufw/before.rules:
 ```
 The above network address is entirely fictional, use an address on your local network instead.
 
-Append to /etc/ufw/sysctl.conf:
+Load br_netfilter module:
 ```bash
-# Allow packets to reach guests
+$ sudo modprobe br_netfilter
+```
+
+Persist on reboot by creating /etc/modules-load.d/br_netfilter.conf with this line in it:
+```bash
+br_netfilter
+```
+
+Create /etc/sysctl.d/10-bridge.conf:
+```bash
+# Do not filter packets crossing a bridge
 net.bridge.bridge-nf-call-ip6tables=0
 net.bridge.bridge-nf-call-iptables=0
 net.bridge.bridge-nf-call-arptables=0
 ```
-Refresh ufw
+
+Apply the config now:
+``bash
+$ sudo sysctl -p /etc/sysctl.d/10-bridge.conf
+```
+
+Check result:
 ```bash
-$ sudo ufw reload
+$ sudo sysctl -a | grep "bridge-nf-call"
 ```
+
 3. Configure the guest to use host-bridge.
 Open up the Virtaual Machine Manager and then select the target guest. Go to the NIC device. The drop down for
 "Network Source" should now include a device called "Virtual netowrk 'host-bridge'". The "Bridge network device

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -1,6 +1,6 @@
 # Setting up a bridged network for KVM guests
 This will work with either networkd or NetworkManager as a resolver. In fact, this is the _only_ way to do bridged KVM
-networking with NetworkManager.
+(libvirtd) networking with NetworkManager.
 
 If you're using NetworkManager (on a desktop or laptop, for example) on your KVM host, follow [these instructions](https://gist.github.com/plembo/f7abd2d9b6f76e7afdece02dae7e5097) to set up a bridge interface.
 

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -62,6 +62,6 @@ If you inspect the guest's XML (by using ```virsh dumplxml guestname```), it sho
 Be sure to save your changes!
 
 4. Go up to your router and add a DHCP reservation and DNS mapping for the guest (assuming you want a dynamic address and
-want to be able to easily find the guest later).
+want to be able to easily find the guest later). Otherwise, be prepared to manually configure networking on the guest.
 
 5. Start (or restart) the guest.
diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -44,8 +44,10 @@ $ sudo ufw reload
 ```
 3. Configure the guest to use host-bridge.
 Open up the Virtaual Machine Manager and then select the target guest. Go to the NIC device. The drop down for
-"Network Source" should now include a device called "Virtual netowrk 'host-bridge': Bridge network device model: virtio".
-Select that.
+"Network Source" should now include a device called "Virtual netowrk 'host-bridge'". The "Bridge network device
+model" will be "virtio" if that's your KVM configuration's default.
+
+Select that "host-bridge" device.
 
 If you inspect the guest's XML (by using ```virsh dumplxml guestname```), it shoud look something like this:
 

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -44,7 +44,7 @@ $ sudo ufw reload
 ```
 3. Configure the guest to use host-bridge.
 Open up the Virtaual Machine Manager and then select the target guest. Go to the NIC device. The drop down for
-"Network Source" should now include a device called "Virtual netowrk 'host-bridge': Bridge network device model: virtio'".
+"Network Source" should now include a device called "Virtual netowrk 'host-bridge': Bridge network device model: virtio".
 Select that.
 
 If you inspect the guest's XML (by using ```virsh dumplxml guestname```), it shoud look something like this:

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -47,7 +47,7 @@ Open up the Virtaual Machine Manager and then select the target guest. Go to the
 "Network Source" should now include a device called "Virtual netowrk 'host-bridge': Bridge network device model: virtio'".
 Select that.
 
-If you inspect the guest's XML (by using ```virsh dumplxml guestname```, it shoud look something like this:
+If you inspect the guest's XML (by using ```virsh dumplxml guestname```), it shoud look something like this:
 
 ```xml
 <interface type='network'>

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -6,7 +6,7 @@ If you're using NetworkManager (on a desktop or laptop, for example) on your KVM
 
 Once you have the host bridge set up, proceed as follows:
 
-1. Create a bridged network inside KVM. Edit and save the below text as file host-bridge.xml:
+1. Create a bridge network device inside KVM. Edit and save the below text as file host-bridge.xml:
 ```xml
 <network>
    <name>host-bridge</name>

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -6,7 +6,7 @@ If you're using NetworkManager (on a desktop or laptop, for example) on your KVM
 
 Once you have the host bridge set up, proceed as follows:
 
-1. Create a bridged network on KVM. Edit and save the below text as file host-bridge.xml:
+1. Create a bridged network inside KVM. Edit and save the below text as file host-bridge.xml:
 ```xml
 <network>
    <name>host-bridge</name>

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -1,10 +1,10 @@
-# Setting up a NetworkManager bridged network for KVM guests
-This is easy on Ubuntu Linux 18.04 server with networkd. On Workstation with NetworkManager? OK, there are a few steps.
-But if you're using that workstation to experiment with different system configurations inside KVM, you're going to
-eventually need at least one bridged network that will allow two-way communication with some of your guests.
+# Setting up a bridged network for KVM guests
+This will work with either networkd or NetworkManager as a resolver. In fact, this is the _only_ way to do bridged KVM
+networking with NetworkManager.
 
-Follow [these instructions](https://gist.github.com/plembo/f7abd2d9b6f76e7afdece02dae7e5097) to set up a bridge interface
-on your NetworkManager controlled workstation. Then proceed as follows:
+If you're using NetworkManager (on a desktop or laptop, for example) on your KVM host, follow [these instructions](https://gist.github.com/plembo/f7abd2d9b6f76e7afdece02dae7e5097) to set up a bridge interface.
+
+Once you have the host bridge set up, proceed as follows:
 
 1. Create a bridged network on KVM. Edit and save the below text as file host-bridge.xml:
 ```xml

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -9,9 +9,9 @@ on your NetworkManager controlled workstation. Then proceed as follows:
 1. Create a bridged network on KVM. Edit and save the below text as file host-bridge.xml:
 ```xml
 <network>
-    <name>host-bridge</name>
-    <forward mode="bridge"/>
-    <bridge name="br0"/>
+   <name>host-bridge</name>
+   <forward mode="bridge"/>
+   <bridge name="br0"/>
 </network>
 ```
 Then execute these commands (as a user in the libvirt group):

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -17,7 +17,7 @@ on your NetworkManager controlled workstation. Then proceed as follows:
 Then execute these commands (as a user in the libvirt group):
 
 ```bash
-$ virsh net-define host-bridge
+$ virsh net-define host-bridge.xml
 $ virsh net-start host-bridge
 $ virsh net-autostart host-bridge
 ```

diff --git a/nmbrnetkvm.md b/nmbrnetkvm.md
@@ -0,0 +1,65 @@
+# Setting up a NetworkManager bridged network for KVM guests
+This is easy on Ubuntu Linux 18.04 server with networkd. On Workstation with NetworkManager? OK, there are a few steps.
+But if you're using that workstation to experiment with different system configurations inside KVM, you're going to
+eventually need at least one bridged network that will allow two-way communication with some of your guests.
+
+Follow [these instructions](https://gist.github.com/plembo/f7abd2d9b6f76e7afdece02dae7e5097) to set up a bridge interface
+on your NetworkManager controlled workstation. Then proceed as follows:
+
+1. Create a bridged network on KVM. Edit and save the below text as file host-bridge.xml:
+```xml
+<network>
+    <name>host-bridge</name>
+    <forward mode="bridge"/>
+    <bridge name="br0"/>
+</network>
+```
+Then execute these commands (as a user in the libvirt group):
+
+```bash
+$ virsh net-define host-bridge
+$ virsh net-start host-bridge
+$ virsh net-autostart host-bridge
+```
+2. Make it possible for hosts outside of KVM to talk to your bridged guest.
+
+Append to /etc/ufw/before.rules:
+```bash
+# allow all traffic to 10.1.1.110
+-A FORWARD -d 10.1.1.110 -j ACCEPT
+-A FORWARD -s 10.1.1.110 -j ACCEPT
+```
+The above network address is entirely fictional, use an address on your local network instead.
+
+Append to /etc/ufw/sysctl.conf:
+```bash
+# Allow packets to reach guests
+net.bridge.bridge-nf-call-ip6tables=0
+net.bridge.bridge-nf-call-iptables=0
+net.bridge.bridge-nf-call-arptables=0
+```
+Refresh ufw
+```bash
+$ sudo ufw reload
+```
+3. Configure the guest to use host-bridge.
+Open up the Virtaual Machine Manager and then select the target guest. Go to the NIC device. The drop down for
+"Network Source" should now include a device called "Virtual netowrk 'host-bridge': Bridge network device model: virtio'".
+Select that.
+
+If you inspect the guest's XML (by using ```virsh dumplxml guestname```, it shoud look something like this:
+
+```xml
+<interface type='network'>
+   <mac address='52:54:8b:d9:bf:a2'/>
+   <source network='host-bridge'/>
+   <model type='virtio'/>
+   <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
+</interface>'
+```
+Be sure to save your changes!
+
+4. Go up to your router and add a DHCP reservation and DNS mapping for the guest (assuming you want a dynamic address and
+want to be able to easily find the guest later).
+
+5. Start (or restart) the guest.
No results found