Configuring KVM Network Bridge (Using Hetzner ISP)

Configuring Ubuntu 16.04 KVM Server for Bridged Networking
Network Configuration

Ubuntu 16.04 networking can be configured by modifying the /etc/network/interfaces file. It is necessary to generate a bridge for the virtual machine to route traffic through (virbr1).

#/etc/network/interfaces

auto lo
iface lo inet loopback
iface lo inet6 loopback

auto eth0
iface eth0 inet static
address 136.243.105.212
netmask 255.255.255.192
gateway 136.243.105.193
# route 136.243.105.192/26 via 136.243.105.193
up route add -net 136.243.105.192 netmask 255.255.255.192 gw 136.243.105.193 dev eth0

iface eth0 inet6 static
address 2a01:4f8:171:ed3::2
netmask 128
gateway fe80::1

auto virbr1
iface virbr1 inet static

#virbr1 has the same ip address as eth0
address 136.243.105.212
netmask 255.255.255.255
bridge_ports none
bridge_stp off
bridge_fd 0
pre-up brctl addbr virbr1

#add an IPV4 route through to the virtual machine's IP address
up ip route add 136.243.105.254/32 dev virbr1
down ip route del 136.243.105.254/32 dev virbr1

iface virbr1 inet6 static
address 2a01:4f8:171:ed3::2

#note that the IPV6 netmask is /64, 
#rather than the /128 used by eth0's  configuration
netmask 64

Modifying /etc/sysctl.cnf to enable packet forwarding

sysctl parameters need to be modified to allow IPV4 and IPV6 packets to be forwarded onto client virtual machines. These can be set temporarily with the sysctl command, or via the /etc/sysctl.cnf file.

The following parameters should be enabled in the /etc/sysctl.cnf file

net.ipv4.ip_forward=1

net.ipv6.conf.all.forwarding=1

Run sysctl -p to reload /etc/sysctl.cnf parameters

Firewall (UFW) Configuration

(If enabled), the UFW firewall will block traffic to machines connecting to the network bridge; The default forwarding policy will need to be modified.

This can be done by editing the /etc/default/ufw file and changing the DEFAULT_FORWARD_POLICY parameter to ACCEPT:

DEFAULT_FORWARD_POLICY=”ACCEPT”

Ufw must be reloaded after this file has been modified, with ufw reload
Configuring Ubuntu 18.04 Virtual Machine for Bridged Networking
Ubuntu 18.04 can no longer use /etc/network/interfaces to configure networking. Networking must be configured with the /etc/netplan/50-cloud-init.yaml file.

netplan generate will generate a set of backend configuration files based on the contents of /etc/netplan/50-cloud-init.yaml.

netplan apply will apply the set of generated backend rules

The below /etc/netplan//50-cloud-init.yaml file is set to configure the device ens3 with an IPV4 address of 136.243.105.254 (/26 subnet) to route through 136.243.105.212 (/64 subnet), and an IPV6 address of 2a01:4f8:171:ed3::4 to route through 2a01:4f8:171:ed3::2

# /etc/netplan/50-cloud-init.yaml
# This file is generated from information provided by
# the datasource. Changes to it will not persist across an instance.
# To disable cloud-init's network configuration capabilities, write a file
# /etc/cloud/cloud.cfg.d/99-disable-network-config.cfg with the following:
# network: {config: disabled}
network:
ethernets:
ens3:
addresses:
- 136.243.105.254/26
- 2a01:4f8:171:ed3::4/64
gateway4: 136.243.105.212
gateway6: 2a01:4f8:171:ed3::2
nameservers:
addresses:
- 8.8.8.8
- 8.8.4.4
search: []
optional: true
version: 2
Equivalent Ubuntu 16.04 Virtual Machine Configuration
Ubuntu 16.04 can be configured via /etc/network/interfaces. The below is the equivalent of 18.04's /etc/netplan/50-cloud-init.yaml configuration
#/etc/network/interfaces
auto ens3
iface ens3 inet static
address 136.243.105.254
netmask 255.255.255.255
pointtopoint 136.243.105.212
gateway 136.243.105.212
dns-nameserver 8.8.8.8 8.8.4.4

iface ens3 inet6 static
address 2a01:4f8:171:ed3::3
netmask 64
gateway 2a01:4f8:171:ed