3.6. Virtual Networking
libvirt's virtual network configuration. The host therefore acts as a virtual network switch, which can be configured in a number of different ways to fit the guest's networking needs.
default. Guests on this network can make the following connections:
- With each other and with the virtualization host
- Both inbound and outbound traffic is possible, but is affected by the firewalls in the guest operating system's network stack and by libvirt network filtering rules attached to the guest interface.
- With other hosts on the network beyond the virtualization host
- Only outbound traffic is possible, and is affected by Network Address Translation (NAT) rules, as well as the host system's firewall.
- Isolated mode
- The guests are connected to a network that does not allow any traffic beyond the virtualization host.
- Routed mode
- The guests are connected to a network that routes traffic between the guest and external hosts without performing any NAT. This enables incoming connections but requires extra routing-table entries for systems on the external network.
- Bridged mode
- The guests are connected to a bridge device that is also connected directly to a physical ethernet device connected to the local ethernet. This makes the guest directly visible on the physical network, and thus enables incoming connections, but does not require any extra routing-table entries.
defaultnetwork is installed along with the libvirt package, and automatically started when the
libvirtdservice is started. If more advanced functionality is needed, additional networks can be created and configured using either virsh or virt-manager, and the guest XML configuration file can be edited to use one of these new networks.