I’ve created a small QEMU/KVM server to host several desktops and services, including an instance of PFSense. My next task to establish the internal QEMU network, bridging all guests and LAN clients
My desired network topology is something like this, where blue represents physical connections and red represents bridged connections. Note that PFSense’s OPT1 and LAN connections ought to be transparent to enable external devices to connect physically. I’m unsure how to implement this design or if it is even an ideal configuration. Please let me know your thoughts. Thanks!
So pfsense is a VM or is it physical? Assuming it’s a VM you want to have three physical NICs in your hypervisor. Configure bridges for each of the three interfaces, so for each one something like this in /etc/network/interfaces
auto br0
iface br0 inet manual
bridge_ports eth0
bridge_stp off
bridge_fd 0.0
Where br0 is the name you give the bridge and eth0 is the physical interface. If you want to use the interface for the hypervisor itself, like the LAN interface, then set the IP and everything on the bridge rather than the physical LAN (get rid of the physical LAN configuration)
When you have the three bridge interfaces configured then simply set those as the interfaces for your VMs, if all your VMs are using the same bridge interface (your opt1 interfaces in this case) then they will all be able to talk to each other, as well as to a physical network should you want to.
Are multiple guests unable to use the same bridge interface? I’d like to minimize the per-guest configurations for a nicely scalable design (e.g. assign each guest a NIC along to br0).
For clarification:
- pfsense is virtualized. Its NICs (
WAN and LAN) are VFIO’d.
- Currently,
eth0 is unused. I don’t plan to use it at the moment.
Multiple VMs can use the same bridge interface, any VMs sharing an interface will essentially be on the same LAN as each other. You don’t have to use a physical interface but if you want the VMs to access a physical network then you do.
