Creating isolated virtual network

For my home lab, I want to create an isolated virtual network not connected to my home LAN/Internet. I’m currently using Libvirt/KVM on Debian Stretch. I want VMs on this virtual network to communicate with each other as if they were on a real LAN, but don’t want any connection to the outside world. I also want to disable DHCP services on the isolated LAN, but am unsure how to do this with virsh. This was pretty simple to do with VMWare ESXi, but I’m lost when trying to do this with KVM.

Does anyone know how to do this, or can you point me to a HOWTO? I’d also eventually like to be able to connect this VM with a dual-interface VM (e.g., a pfSense VM) to play with routing, NAT, etc.

Don’t know how to do what you’re asking, but if I were you I’d just make a dark vlan and stick all that stuff on it.

I second gravity. Rather than adding a bunch of complexity go simple and use a vlan

Well two problems with a vlan. I don’t have an extra network card, and my piddly home router won’t do vlans AFAIK. I’ll have to check my router docs to see if it’s even possible.

Buy a managed switch that does.

Why buy hardware that costs significant money when I should be able to solve the problem with free software?

Just create a bridge…but don’t attach a network device to it

Because a vlan will take a minute to setup and you’ve already wasted 2/3 days asking questions, and an unknown amount of time trying to shoehorn a solution using a roundabout software solution.

Buy a used managed switch, they cost <= $50.

If you go to /r/homelab they will suggest this too.

This is rather easy to do with virt-manager GUI. Should also be straightforward with virsh.

Can’t quite believe folks are suggesting hardware… Anyhow, see the very last para here:

https://libvirt.org/formatnetwork.html

You can then set up a pfSense VM with 2 interfaces - one isolated - one NAT. That way you can have some VM’s on the isolated lan yet still have access to the internet via the pfSense router.

This. Why would you need physical hardware for a virtual network? Nonsense.

Take a look at the Host-only and internal networking bit on the Arch wiki.
Is that what you’re looking for?

https://wiki.archlinux.org/index.php/QEMU#Host-only_networking

I had the same problem a while ago. Check my OP here. It will tell you how to get an isolated network up and running in KVM.

You may need to adjust your firewall settings, though. I am just allowing every connection on that network.

Sorry for the late response, been down with a nasty bug.

@Toolybird For some my reason, my version of virt-manager has no network configuration options, so I had to use “virsh net-create”. Connecting the virtual network with pfSense is exactly what I wanted to do with KVM, and had previously accomplished with ESXi. I used the .xml file you linked from libvirt.org. This is working, but libvirt appears to be providing DHCP on the isolated net. Is there any way to turn this off?

EDIT: Looked at the .xml file and saw the dhcp reference. Do I just need to remove the 3 dhcp lines? Guess I’ll have to delete the network and recreate it…

You can also configure the network interfaces manually in /etc/network/interfaces, like any other network interface configuration in linux, and virt-manager will be able to use them.

If you are not set on KVM this is very simplistic to do with VirtualBox utilizing the internal networking option. For more information refer here.

because you want a home lab
secondhand managed switches don’t cost a lot, i got a netgear prosafe GS728TPS off craigslist for $30