VM with another NIC in host-only network for NFS

[vonProteus]

hi

i'm trying to create vm with linux with 2 network interfaces

one for normal communication with the world (let's say 192.168.172.0/24)

and another to communicate between vm and unraid host only (let's say 10.1.1.0/24)

and i don't know how to do it

 

i want something like this because i don't want to give access ip's from my normal network (192.168.172.0/24) to nfs server

 

my vm xml

Spoiler

<?xml version='1.0' encoding='UTF-8'?>
<domain type='kvm' id='11'>
  <name>kalipso</name>
  <uuid>6821ccf5-736e-36d0-634a-1e676ffd82df</uuid>
  <metadata>
    <vmtemplate xmlns="unraid" name="Debian" icon="debian.png" os="debian"/>
  </metadata>
  <memory unit='KiB'>4194304</memory>
  <currentMemory unit='KiB'>4194304</currentMemory>
  <memoryBacking>
    <nosharepages/>
  </memoryBacking>
  <vcpu placement='static'>6</vcpu>
  <cputune>
    <vcpupin vcpu='0' cpuset='9'/>
    <vcpupin vcpu='1' cpuset='21'/>
    <vcpupin vcpu='2' cpuset='10'/>
    <vcpupin vcpu='3' cpuset='22'/>
    <vcpupin vcpu='4' cpuset='11'/>
    <vcpupin vcpu='5' cpuset='23'/>
  </cputune>
  <resource>
    <partition>/machine</partition>
  </resource>
  <os>
    <type arch='x86_64' machine='pc-q35-6.2'>hvm</type>
    <loader readonly='yes' type='pflash'>/usr/share/qemu/ovmf-x64/OVMF_CODE-pure-efi.fd</loader>
    <nvram>/etc/libvirt/qemu/nvram/6821ccf5-736e-36d0-634a-1e676ffd82df_VARS-pure-efi.fd</nvram>
  </os>
  <features>
    <acpi/>
    <apic/>
  </features>
  <cpu mode='host-passthrough' check='none' migratable='on'>
    <topology sockets='1' dies='1' cores='3' threads='2'/>
    <cache mode='passthrough'/>
    <feature policy='require' name='topoext'/>
  </cpu>
  <clock offset='utc'>
    <timer name='rtc' tickpolicy='catchup'/>
    <timer name='pit' tickpolicy='delay'/>
    <timer name='hpet' present='no'/>
  </clock>
  <on_poweroff>destroy</on_poweroff>
  <on_reboot>restart</on_reboot>
  <on_crash>restart</on_crash>
  <devices>
    <emulator>/usr/local/sbin/qemu</emulator>
    <disk type='block' device='disk'>
      <driver name='qemu' type='raw' cache='writeback'/>
      <source dev='/dev/zvol/hekapoo-speed/vms/kalipso/disk0' index='1'/>
      <backingStore/>
      <target dev='hdc' bus='virtio'/>
      <boot order='1'/>
      <alias name='virtio-disk2'/>
      <address type='pci' domain='0x0000' bus='0x05' slot='0x00' function='0x0'/>
    </disk>
    <controller type='usb' index='0' model='ich9-ehci1'>
      <alias name='usb'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x7'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci1'>
      <alias name='usb'/>
      <master startport='0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0' multifunction='on'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci2'>
      <alias name='usb'/>
      <master startport='2'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x1'/>
    </controller>
    <controller type='usb' index='0' model='ich9-uhci3'>
      <alias name='usb'/>
      <master startport='4'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x2'/>
    </controller>
    <controller type='pci' index='0' model='pcie-root'>
      <alias name='pcie.0'/>
    </controller>
    <controller type='pci' index='1' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='1' port='0x10'/>
      <alias name='pci.1'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0' multifunction='on'/>
    </controller>
    <controller type='pci' index='2' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='2' port='0x11'/>
      <alias name='pci.2'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x1'/>
    </controller>
    <controller type='pci' index='3' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='3' port='0x12'/>
      <alias name='pci.3'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x2'/>
    </controller>
    <controller type='pci' index='4' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='4' port='0x13'/>
      <alias name='pci.4'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x3'/>
    </controller>
    <controller type='pci' index='5' model='pcie-root-port'>
      <model name='pcie-root-port'/>
      <target chassis='5' port='0x14'/>
      <alias name='pci.5'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x4'/>
    </controller>
    <controller type='virtio-serial' index='0'>
      <alias name='virtio-serial0'/>
      <address type='pci' domain='0x0000' bus='0x02' slot='0x00' function='0x0'/>
    </controller>
    <controller type='sata' index='0'>
      <alias name='ide'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x1f' function='0x2'/>
    </controller>
    <interface type='bridge'>
      <mac address='52:54:00:ef:c1:6c'/>
      <source bridge='br0'/>
      <target dev='vnet10'/>
      <model type='virtio-net'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/>
    </interface>
    <serial type='pty'>
      <source path='/dev/pts/9'/>
      <target type='isa-serial' port='0'>
        <model name='isa-serial'/>
      </target>
      <alias name='serial0'/>
    </serial>
    <console type='pty' tty='/dev/pts/9'>
      <source path='/dev/pts/9'/>
      <target type='serial' port='0'/>
      <alias name='serial0'/>
    </console>
    <channel type='unix'>
      <source mode='bind' path='/var/lib/libvirt/qemu/channel/target/domain-11-kalipso/org.qemu.guest_agent.0'/>
      <target type='virtio' name='org.qemu.guest_agent.0' state='connected'/>
      <alias name='channel0'/>
      <address type='virtio-serial' controller='0' bus='0' port='1'/>
    </channel>
    <input type='tablet' bus='usb'>
      <alias name='input0'/>
      <address type='usb' bus='0' port='1'/>
    </input>
    <input type='mouse' bus='ps2'>
      <alias name='input1'/>
    </input>
    <input type='keyboard' bus='ps2'>
      <alias name='input2'/>
    </input>
    <graphics type='vnc' port='5902' autoport='yes' websocket='5702' listen='0.0.0.0' keymap='en-us'>
      <listen type='address' address='0.0.0.0'/>
    </graphics>
    <audio id='1' type='none'/>
    <video>
      <model type='qxl' ram='65536' vram='65536' vgamem='16384' heads='1' primary='yes'/>
      <alias name='video0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x0'/>
    </video>
    <memballoon model='virtio'>
      <alias name='balloon0'/>
      <address type='pci' domain='0x0000' bus='0x04' slot='0x00' function='0x0'/>
    </memballoon>
  </devices>
  <seclabel type='dynamic' model='dac' relabel='yes'>
    <label>+0:+100</label>
    <imagelabel>+0:+100</imagelabel>
  </seclabel>
</domain>

 

 

[ghost82]

Hi, how many physical nics do you have in the system?

Easiest and fastest way, if you have 2 nics (at least).

Configure both nics in unraid for bridge (br0 and br1).

Let's say you have eth0 and eth1: eth0 bridged to br0, eth1, bridged to br1.

eth0 having internet access, br0 will have internet access too, so use br0 in the vm; configure eth0/br0 (eth0 in the host, br0 in the vm) with dhcp from router, or assign manually ips in the network 192.168.172.0/24.

eth1 without internet access (no cable plugged in the adapter), br1 will not have internet access, use additional br1 in the vm; configure eth1/br1 (eth1 in the host, br1 in the vm) manually to have ips in the network 10.1.1.0/24.

 

If you have only one nic (eth0):

eth0 having internet access, br0 will have internet access too, so use br0 in the vm; configure eth0/br0 (eth0 in the host, br0 in the vm) with dhcp from router, or assign manually ips in the network 192.168.172.0/24.

 

For the second nic I think you can create a virtual network (vnet)?you could use also virbr0 which has ips 192.168.122.0/24; for custom ip addresses you need to define the new network in a new xml and enable it.

 

Or

For the second local network (10.1.1.0/24) you may create a dummy nic in the host (dummy1) and bridge it (br1), and assign manually the ips: I never tried in unraid (I don't know if unraid has included the dummy kernel module), but in other generic linux oses it's feasible.

Depending on your case I can try to see if it works in unraid too.

 

For this second case, in a generic linux host, it works like this with systemd-networkd:

 

in /etc/systemd/network/

 

file bridge1.netdev:

[NetDev]
Name=br1
Kind=bridge

 

file bridge1.network:

[Match]
Name=br1

[Link]
MACAddress=4e:c0:b1:12:13:a2

[Network]
Address=10.1.1.1/24

[Route]
Gateway=10.1.1.1
Metric=2048

 

file dummy1.netdev:

[NetDev]
Name=dummy1
Kind=dummy

 

file dummy1.network:

[Match]
Name=dummy1

[Network]
Bridge=br1
DHCP=No

 

Edited June 25, 2022 by ghost82

[vonProteus]

thanks for your help @ghost82

now in vm i have two nic

one connected to br0 (with internet) from ip in 192.168.172.0/24

second one connected to virbr0 (with internet) with ip in 192.168.122.0/24

 

which is good enough for me

because nfs server has restriction on ip in other subnet than normal one

Edited June 25, 2022 by vonProteus