Getting the network stuff to work.
In order to provide network to the guest, the host may have to make some changes to it network configuration.
To run your guest in bridge mode (where it shares the same subnet as the host), you need to make your host network a bridge.
Bridging on the host is accomplished with a special bridge device.
Important considerations
Introducing bridge network device to your system may have a number of implications. Any existing application (samba, mediatomb, apache, bind9, any many more) that is configured to use or treat eth0 specifically may need to be updated. I is not clear that a bridge device is as flexible with respect to dhcp and hotplug.
There may be other ways to do this, but this I added to my /etc/network/interfaces (Debian / Ubuntu style network):
auto br0
iface br0 inet static
address 10.9.0.5
netmask 255.255.255.0
network 10.9.0.0
broadcast 10.9.0.255
gateway 10.9.0.48
bridge_ports eth0
bridge_stp off
# dns-* options are implemented by the resolvconf package, if installed
dns-nameservers 10.9.0.4
dns-search localdomain
Note that you would have to remove other entries that control eth0.
The above assumes my host has a static IP address 10.9.0.5. If your host is using a dynamic IP, it might look like:
auto br0
iface br0 inet dhcp
bridge_ports eth0
bridge_stp off
Update:
Some discussion indicates I do need to configure eth0, however, so far I have been ok without this:
auto eth0 br0
# the physical ethernet adapter must run in promiscous mode
iface eth0 inet manual
up ifconfig eth0 0.0.0.0 promisc up
down ifconfig eth0 down
The 'tap' interface on the Host corresponds to the guest interface in the vm. Kvm connects to the tap interface to allow packets to move to/from the guest.
Creating tap devices with kvm command-line
Kvm will create the tap interface on demand (based on command-line parameters):
-net tap[,vlan=n][,name=str][,fd=h][,ifname=name][,script=file][,downscript=dfile]
Without fd=h, kvm will create a tap for you. The new tap will called tap0 or tap1 unless you provide a name using ifname=
The parmeter fd indicates an existing file-descriptor to access the tap on the host. If you are entering the kvm/qemu command via your keyboard, you probably do not want this parm.
If you are seeing garbage / binary output from kvm/qemu on your host terminal, it is likely you have used the fd parm incorrectly.
1. fd=h
This seems to indicate use of a pre-existing tap, named, if necessary by ifname=
2. fd=N (where N is an integer, for example: fd=14 )
This seems to indicate kvm should read from an existing file-descriptor. Is is not clear to me if this form now deprecated. You still see it in a lot of examples, but there seems to be some confusion around it's use.
3. fd=tap0 (where tap0 is an existing tap device)
This form is also not very common and may be depricated.
It is not clear what name= does. It may just be for debugging.
Creating tap devices at Linux Boot
It is also possible to create the tap(s) at boot time in /etc/network/interfaces
I think it is possible, also, to give the tap devices more descriptive names, but changing tap0 tap1 to vnet0 rednet0 etc.
In this example, the tap devices are 'owned' by two linux users: vm1-user, vm2-user
The advantage to this is that it solves some permissions issues because no root commands are needed later to setup the taps.
# Two tap devices
auto tap0 tap1
iface tap0 inet manual
pre-up tunctl -t $IFACE -u vm1-user
pre-up brctl addif br0 $IFACE
up ifconfig $IFACE 0.0.0.0 up
down ifconfig $IFACE down
down brctl delif br0 $IFACE
down tunctl -d $IFACE
iface tap1 inet manual
pre-up tunctl -t $IFACE -u vm2-user
pre-up brctl addif br0 $IFACE
up ifconfig $IFACE 0.0.0.0 up
down ifconfig $IFACE down
down brctl delif br0 $IFACE
down tunctl -d $IFACE
ref: http://qemu-forum.ipi.fi/viewtopic.php?f=4&t=3805
In some cases, we may want to run the guest in a private subnet. In this case, the guest will not have direct access to the host subnet, instead, the host will provide the guest with a translated subnet using Network Address Translation (NAT).
sudo modprobe ip_tables
sudo modprobe iptable_nat
# not sure about these
modprobe ip_nat_ftp
modprobe ip_nat_irc
# Enable IP-Forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# If you get your IP Address Dynamically
echo "1" > /proc/sys/net/ipv4/ip_dynaddr
# Enable SNAT (MASQUERADE) functionality on $IFACE
# IFACE will be eth0 or br0 typically.
iptables -t nat -A POSTROUTING -o $IFACE -j MASQUERADE
ref: http://ubuntuforums.org/showthread.php?t=179472
DHCP / DNS on Host (for NAT Guest)