Virtual Machine routing On Ubuntu

Mike Lovell mike at
Sat Jun 19 01:40:32 MDT 2010

Charles Curley wrote:
> On Thu, 17 Jun 2010 19:45:50 -0600
> Richard Esplin <richard-lists at> wrote:
>> What virtualization software (hypervisor) are you using? VMWare,
>> VirtualBox, KVM, Xen?
> qemu
>> How did you set up the NIC in the hypervisor? NAT vs bridged vs
>> host-only?
> It says here, "Forwarding: NAT to any physical device".
>> In Virtualbox I set up two NICs, one as NAT and one as host-only in
>> order to make my VM available to other VMs, the host, and enable
>> access to the outside world while still protecting it from the host's
>> physical network.
> What's the difference between NAT and host-only?
> I assume that in this context NAT means Network Address Translation,
> i.e. the host acts as a firewall and does NATting.
> The software I'm using is libvirt 0.7.0.
> I also see that from a VM I can ping the host's virtual interface, i.e.
> the IF on the virtual network. I can also ping its physical IF, which
> is on a separate network
>> Richard
>> On Thursday, June 17, 2010 18:32:17 Charles Curley
>> <charlescurley at> wrote:
>>> I have several VMs on a Ubuntu 9.10 host, and they have networking
>>> set up. I can ssh in to them from the host, but not from other
>>> machines, in spite of having the route set up correctly on the
>>> other machines.
>>> I also notice that I can get updates on the VMs (yum, apt, etc.) but
>>> not web pages from the outside world. But I can get web pages from
>>> the host.
>>> So something is filtering the virtual network. What is it and how
>>> do I control it?
are you using a gui or wrapper around libvirt to manage your VMs or are 
you using the libvirt tools directly? can you see the XML domain 
definitions for the VMs? if so, how is the networking configured for the 
VMs and on the host? what is the full command line that was used to 
invoke the qemu process? `cat /proc/<pid of vm qemu process>/cmdline` to 
get that.

as i understand it, the difference between a 'NAT' configuration and a 
'host-only' configuration is that the necessary stuff for the host to 
perform NAT is done during the network configuration where host-only 
doesn't. so in host-only, there are no routes configured for the vms to 
reach outside networks automatically.

from your description, it almost sounds like you are configuring 
multiple networks. one for each vm and then doing routing on the host 
between the vms. if this is how it is done, is ip forwarding enabled on 
the host? `cat /proc/sys/net/ipv4/ip_forward` to check. it sounds like 
it might not be since you are having trouble getting to the outside 
world from your vms. my next guess would be that there are rules in the 
iptables firewall that are preventing FORWARD traffic from getting 
between the hosts.

these links may also help you in your quest.

hope that helps


More information about the PLUG mailing list