Documentation/Networking/NAT

From QEMU

Configuring Network Address Translation (NAT) is a useful way to network virtual machines in a desktop environment (particularly, when using wireless networking). A NAT network will allow your guests to fully access the network, allow networking between your host and guests, but prevent the guests from being directly visible on the physical network.

Overview

To configure a NAT network, first create an /etc/qemu-ifup script that creates a bridge without any physical ports. Configure that bridge with a static IP address as the gateway for your virtual network. Using iptables, create rules that will masquerade traffic from that bridge to the host network. Finally, run dnsmasq on that bridge interface to act as a DHCP and DNS server for the virtual network.

See the script below for an example of such a script.

Using

First, install the bridge utilities, iptables, and dnsmasq:

On Fedora:


yum install bridge-utils iptables dnsmasq

Copy the qemu-ifup script from this wiki, save it to /etc/qemu-ifup, and make sure that the file has execute permission/


chmod 755 /etc/qemu-ifup

Now launch qemu with tap networking configuring your guests to use DHCP. They should get a valid IP address and be able to access the network.


qemu -net tap -net nic linux.img

Troubleshooting

  • I get an error about /dev/net/tun permissions

Currently, you need to run qemu as root to use tun/tap networking