Introduction
In this tutorial, you'll learn how to set up a network configuration where the host and a virtual machine (guest) are connected through a shared bridge on the same subnet. At the end, the configuration should look like this:
HOST:
|
GUEST:
|
To achieve this, we will setup one virtual bridge that takes control of the main interface (bridged to enp7s0).
For a routed setup (host and guest in different subnets), see this tutorial.
Prerequisites
- Server has 1 physical uplink interface -
enp7s0with MAC addressAA:BB:CC:DD:EE:FF - Server has main IPv4 (
enp7s0) - Server has 1x additional single IPv4 (virtual MAC address
00:50:56:00:11:22was already assigned via Robot account) - Server has a
/64IPv6 subnet for the HOST - We use regular qemu in console for this example scenario
Example terminology
2001:db8:1234:: # Placeholder for public IPv6 network of the server
10.0.0.168 # Placeholder for main IPv4
10.0.10.135 # Placeholder for additional single IPv4
10.10.10.128/29 # Placeholder for additional IPv4 Network
AA:BB:CC:DD:EE:FF # Placeholder for MAC address of physical interface and main IPv4
00:50:56:00:11:22 # Placeholder for virtual MAC address of additional single IP addressNote: The start command shown in the example is for illustrative purposes only and does not constitute instructions. Unfortunately, we cannot offer support for setting up or operating a virtualization environment.
Step 1 - Configure Netplan on HOST
nano /etc/netplan/01-netcfg.yamlnetwork:
version: 2
renderer: networkd
ethernets:
enp7s0:
dhcp4: no
dhcp6: no
bridges:
vibr0:
interfaces: [enp7s0]
macaddress: AA:BB:CC:DD:EE:FF # MAC address of the physical network interface of the HOST uplink
addresses:
- 10.0.0.168/32 # Main IPv4 for the HOST
- 2001:db8:1234::2/64 # Main IPv6/64 subnet for the HOST
# Additional IP for the VM is not configured on HOST
routes:
- on-link: true
to: 0.0.0.0/0
via: 10.0.0.129 # Gateway IPv4 of the main IPv4 address
- to: default
via: fe80::1 # Default Hetzner IPv6 gateway
nameservers:
addresses:
- 185.12.64.2 # Nameservers from installimage process
- 2a01:4ff:ff00::add:1 # Nameservers from installimage process
- 185.12.64.1 # Nameservers from installimage process
- 2a01:4ff:ff00::add:2 # Nameservers from installimage processStep 2 - Configure tap interface on HOST
Run the following commands to connect HOST and GUEST.
This is not persistent across reboots.
ip tuntap add dev tap0 mode tap user $(whoami)
ip link set tap0 up
ip link set tap0 master vibr0To make this persistent, you can utilize a service file:
nano /etc/systemd/system/tap0.service[Unit]
Description=Persistent tap0 interface
After=network-pre.target
Before=network.target
Wants=network.target
[Service]
Type=oneshot
ExecStart=/usr/sbin/ip tuntap add dev tap0 mode tap user root
ExecStartPost=/usr/sbin/ip link set tap0 up
ExecStartPost=/usr/sbin/ip link set tap0 master vibr0
ExecStop=/usr/sbin/ip link set tap0 down
ExecStopPost=/usr/sbin/ip tuntap del dev tap0 mode tap
RemainAfterExit=yes
[Install]
WantedBy=multi-user.targetsystemctl daemon-reload
systemctl enable tap0.serviceImportant note: The service example defines the user root. Please adjust the user to match the user who will later run the VM in production use.
Possible change:? Please change the user to the person who should be root for the future.
Step 3 - Start VM
qemu-system-x86_64 \
-enable-kvm \
-smp 4 `### 4 CPU cores` \
-m 4096 `### 4GB RAM` \
-cpu host `### Use the native CPU architecture` \
-hda vm0.vpc `### Virtual HDD file for the OS in this case` \
-usbdevice tablet `### Emulate USB tablet for HID input (optional)` \
-k en-us `### Keyboard layout (optional)` \
-vnc 127.0.0.1:1 `### Launch VNC for visualistation (optional) - Please set up an encrypted tunnel to not expose the unencrypted VNC connection!` \
-monitor stdio `### Launch qemu in interactive mode - Allow adjustments to the VM on the fly)` \
-netdev tap,id=net0,ifname=tap0,script=no,downscript=no `### Assign a network device to the VM via the tap0 you created earlier` \
-device virtio-net-pci,netdev=net0,mac=00:50:56:00:11:22 `### Directly start the VM with the correct virtual MAC to prevent abuse due to unallowed mac`Step 4 - Configure netplan of GUEST
nano /etc/netplan/01-netcfg.yamlnetwork:
version: 2
renderer: networkd
ethernets:
ens3: # Network identifier of the VM according to predictable naming scheme
macaddress: 00:50:56:00:11:22 # MAC address of the physical network interface of the HOST uplink
addresses:
- 10.0.10.135/32 # The single IPv4 dddress for the GUEST
# No IPv6 - IPv6 net is assigned to physical mac address
routes:
- to: default # Default 0.0.0.0/0 route
via: 10.0.0.129 # Gateway of the single IPv4
on-link: true # Required for IPv4/32 configuration
nameservers:
addresses:
- 185.12.64.1 # Nameservers from installimage process
- 185.12.64.2 # Nameservers from installimage processThe bridged setup does not allow the use of the main IPv6 /64 subnet in both the host and the VM. The IPv6 subnet is routed to exactly one IPv4 via its unique MAC address. You can change the routing target on your Robot account.
Log onto to your Hetzner Robot account. Then go to Servers > [select your server] > IPs
As soon as you have at least 2 IPv4 addresses with an assigned MAC address, you can see a small button after the IPv6 subnet, which allows you to set a target mac address. If you adjust it to your additional IPv4, you can use your IPv6 subnet in your GUEST, but no longer on the HOST.
Conclusion
After completing these steps, the host and virtual machine are successfully connected via a bridge and share the same subnet. The host keeps its main IPv4 address and receives an individual IPv6 address from the /64 subnet, while the guest uses its dedicated IPv4 address through the bridge. This setup allows direct communication between host and guest without requiring any additional routing configuration.