Transitioning between Operating Systems can be a challenge. Many aspects of what you’re used to work differently and you should expect a learning curve.
Well, that was a weird intro for a blog post that has Linux networking in the title! Actually I’m saying goodby to Windows as my primary system…. yes you read that correctly. It’s not that I don’t like the system anymore, it’s the direction Microsoft is taking with AI and the integration into the OS that made me take this decision.
I’m just not keen on having some intelligence (besides me) controlling my machine, besides I’m one of those people that are very reserved in using AI all together, it just seem to go too fast, too unregulated and we’re simply not prepared. Doomsday aside, I’m saying goodby to Windows and hello to Ubuntu Linux, at the time of writing version 23.10.1.
So I did have a couple of requirements for making the transition, one of them being a decent hypervisior for running my labs. Now I do have a bit of an emulated homelab running. Parts are running on my Synology server, the main bulk of servers run on a Intel NUC and my primary PC is used to run the VM’s that I need to figure out stuff, like malware analysis, pen testing or blue team configuration testing. For my new setup on Ubuntu I’ve decided on the Hypervisior QEMU/KVM, which works like a charm.
In my LAB setup I’ve configured several VLANs to separate the networks and just as in real life (at least hopefully) put firewalls in between. As I have a home network, I separate network traffic by putting a VLAN tag on the NIC of the VM and have them communicate by tag over the network.
Having Proxmox on the Intel NUC, it’s easy as defining the VLAN ID on the VM virtual NIC and off it goes, same with Hyper-V when I was stil running Windows 11.
During my initial testing I couldn’t find a setting in QEMU/KVM Virtual Machine Manager to set a VLAN tag. Apparently it works a bit differently, and it turned out that I needed to create a network bridge and connect a VM to that bridge. Next step was to define a VLAN tag on that bridge, so when a VM would connect to that bridge it would automatically use the correct VLAN. After many tries, I came up with the following configuration using netplan:
# Let NetworkManager manage all devices on this system
network:
version: 2
renderer: NetworkManager
ethernets:
eno1: # Replace with the name of your NIC
dhcp4: no
dhcp6: no
mtu: 9000
bridges:
br0:
interfaces: [eno1]
dhcp4: yes
dhcp6: no
br33:
interfaces: [br0.33]
dhcp4: no
dhcp6: no
br66:
interfaces: [br0.66]
dhcp4: no
dhcp6: no
br99:
interfaces: [br0.99]
dhcp4: no
dhcp6: no
vlans:
br0.33:
link: br0
id: 33
br0.66:
link: br0
id: 66
br0.99:
link: br0
id: 99In the code above “eno1” is my physical network interface, which you can enumerate with “ip a“. Under “bridges” there are 4 bridges defined, “br0“, “br33“, “br66” and “br99“. It’s just a naming scheme that I use, you can basically name them whatever you want. The bridges that need to use a VLAN connect to their respective VLAN interfaces as defined in the “vlans” section. These in turn are attached to the default bridge “br0“. “br0” is the interface that replaces the configuration on the physical NIC, my PC now connects to that bridge to get to the network/Internet. This is the only interface that gets an IP from my DHCP server, as this is the only interface that my PC is going to use to connect to the network. You could provide an IP to the bridges however! This would allow your PC to also use a specific bridge and associated VLAN to directly connect to the Virtual Machines on that network, really cool stuff.
To use this configuration, open up a terminal and paste the code into the “01-network-manager-all.yaml” file in “etc/netplan“. Execute “sudo netplan apply” after saving the file.
Note! You will temporally lose network connectivity while the systems creates the bridges and VLANs.
Note! I’ve initially tested this on Ubuntu running as a VM in Hyper-V and VMWare workstation. Both ended up in epic failures, well to be fair Hyper-V was the largest failure where the entire system would break, at least VMWare created a single bridge but eventually also broke. So moral of this story is, use this only on real hardware.
More info on configuration options for netplan can be located here.
Assigning the bridge and VLAN
The next step would be to configure the Virtual Machine to use the correct virtual bridge. It’s really easy to do that within QEMU/KVM, just start the wizard and select the configuration options, until you reach the final page, “Step 5 of 5“. Expand the “Network selection“, make sure the “Bridge device” is selected and enter the ID of the bridge the VM needs to communicate over. In the example below it’s “br66“.
Finally click “Finish” and see the magic happen! Hopefully this helps someone out there!
As always, let me know if you have any feedback or remarks.
Leave a Reply