You are not logged in.
- Topics: Active | Unanswered
#1 2026-06-18 11:17:07
- CryogEnix
- Member
- Registered: 2025-12-14
- Posts: 19
[SOLVED] Cannot connect VM to Network Bridge
After fiddling around with Network Manager's configuration, I've determined to be in need of guidance to solve the mess I've put myself into. If anyone thinks they can help, I would greatly appreciate.
My intention, if I understand what I'm even trying to do, is to setup my VM under a bridged network so that it doesn't use the VPN I have running in my Linux host.
Now, I think I managed to get the network going, but since the VM kept using my VPN connection I assumed that this wasn't the case...
At first, I've tried the following commands:
$ nmcli con add type bridge ifname br0 stp no
$ nmcli con add type bridge-slave ifname enp14s0 master br0
$ nmcli connection down Wired\ Connection\ 2
$ nmcli connection up bridge-br0
$ nmcli connection up bridge-slave-enp14s0which resulted in the following ("batless" is an alias for "bat --pager=less"):
$ nmcli connection show | batless
─────┬─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ STDIN
─────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │ NAME UUID TYPE DEVICE
2 │ bridge-slave-enp14s0 248eb93c-5278-44b4-a03a-74ab1f96300f ethernet enp14s0
3 │ bridge-br0 d4df0532-ebdf-43e1-a4e0-51d735a2f702 bridge br0
4 │ lo 7540fc88-032d-4685-b973-1799636bbec5 loopback lo
5 | virbr0 (I don't remember what UUID was here) bridge ???
6 │ Wired connection 1 9dc605f1-25d0-3b68-8c1f-1fe1bb2ac5cc ethernet --
7 │ Wired connection 2 b0423d7d-46b1-31dd-af67-f82e4b8a9c5c ethernet --
─────┴─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────Following the instructions of https://wiki.archlinux.org/title/Networ … orkManager:
$ nmcli connection modify Wired\ Connection\ 2 connection.autoconnect noAt this point, I wanted to add DHCP:
$ nmcli con mod bridge-slave-enp14s0 ipv4.method auto
$ nmcli con up bridge-slave-enp14s0This is where my confusion started.
For some reason, while I was getting normal ethernet connection, the VPN would no longer connect, so I went in circles connecting and disconnecting while checking to see if anything changed with the "batless" command earlier. Eventually, I found a solution in the troubleshooting section of the Arch manual's article by running the following commands in sequence:
1. $ nmcli connection up Wired\ connection\ 2
2. activate my VPN
3. $ nmcli connection up bridge-slave-enp14s0
This would be required every time I wanted to connect with my VPN on the bridge slave.
I then created an xml file:
$ batless ~/My_VMs/bridge-network.xml
─────┬──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ File: /home/nocia/My_VMs/bridge-network.xml
─────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │ <network>
2 │ <name>br0net</name>
3 │ <forward mode='bridge'/>
4 │ <bridge name='br0'/>
5 │ </network>
─────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── $ virsh net-define bridge-network.xml
$ virsh net-start br0net
$ virsh net-autostart br0netIn Virt-Manager, a new bridge network would show up as "(inactive)" in the NIC Network source, so I relaunched Virt-Manager which updated it to no longer be listed as inactive. I switched from "Virtual network 'default' : NAT" (which I had setup with "firewall_backend = "iptables"" in "/etc/libvirt/network.conf") to the new "Virtual network 'br0net' : BRIDGE network". I launched the VM, but upon checking the IP address in browserleak.com, it was still the same as the one in my Linux host, so I thought the bridge wasn't working as I intended. I powered down the VM...and from what I recall, this is where it all went south.
I thought the default "virbr0" bridge that showed up with
$ ip addrwas preventing the VM from properly connecting to the new "bridge-br0"ーat that point, I had two virtual networks up and running:
$ virsh net-list
Name State Autostart Persistent
-------------------------------------------
br0net active yes yes
default active yes yesSo I ran the following:
$ nmcli connection down virbr0After that, the network "virbr0" was replaced by "vnet5" in Glances; "enp14s0" was also replaced by "br0".
I relaunch the VM...
This time, there was no ethernet connection at all in the VM.
I closed the VM again. When I checked "$ ip addr", "virbr0" had disappeared. It would no longer show up with either "$ ip addr" or "$ nmcli connection show | batless". Only "vnet5" was up and running and it had no inet IPv4 address.
I relaunched the VM. Again, no ethernet connection in the VM.
At some point, I manage to get "virbr0" back up with:
$ sudo ip link set virbr0 uponly it had no IP addressーon the other hand, "vnet5", which had appeared the first time I launched the VM after autostarting the "br0net" BRIDGE network, only had an IPv6 in the output of "$ ip addr", its status was "UNKNOWN" and its master was "virbr0".
I kept going in circles again to try to make sense of what was going on until I eventually ran:
$ virsh net-autostart br0net --disableand rebooted the PC.
Once I got back into my display compositor, I changed the Virt-Manager NIC back to the default NAT, ran the same sequence of two commands and activating my VPN between both as I mentioned earlier to get a connection running again and relaunched the VM once more...
Now I'm back at square one...with the VM having a NAT connection again and my journal indicating that ntpd is unable to remove some kind of self-restriction for fe80::fb50:ec50:8b88:4e84%10:
$ journalctl -p 3 -xb
Jun 18 05:02:26 archlinux kernel: amdgpu: Overdrive is enabled, please disable it before reporting any bugs unrelated to overdrive.
Jun 18 05:02:29 Markury kernel: Bluetooth: hci0: Opcode 0x0c03 failed: -16
Jun 18 05:02:49 Markury kernel: xhci_hcd 0000:7a:00.0: PM: suspend_common(): xhci_pci_suspend returns -110
Jun 18 05:02:49 Markury kernel: xhci_hcd 0000:7a:00.0: can't suspend (hcd_pci_runtime_suspend returned -110)
Jun 18 05:03:14 Markury polkit-agent-helper-1[1382]: pam_unix(polkit-1:auth): conversation failed
Jun 18 05:03:14 Markury polkit-agent-helper-1[1382]: pam_unix(polkit-1:auth): auth could not identify password for [nocia]
Jun 18 05:05:38 Markury ntpd[1075]: unable to remove self-restriction for fe80::fb50:ec50:8b88:4e84%10
Jun 18 05:07:33 Markury polkit-agent-helper-1[12233]: pam_unix(polkit-1:auth): conversation failed
Jun 18 05:07:33 Markury polkit-agent-helper-1[12233]: pam_unix(polkit-1:auth): auth could not identify password for [nocia]
Jun 18 05:07:33 Markury polkit-agent-helper-1[12247]: pam_unix(polkit-1:auth): conversation failed
Jun 18 05:07:33 Markury polkit-agent-helper-1[12247]: pam_unix(polkit-1:auth): auth could not identify password for [nocia]
Jun 18 05:07:33 Markury polkit-agent-helper-1[12247]: pam_faillock(polkit-1:auth): Error sending audit message: Address family not supported by protocol
Jun 18 05:07:33 Markury polkit-agent-helper-1[12247]: pam_faillock(polkit-1:auth): Error sending audit message: Address family not supported by protocol
Jun 18 05:15:05 Markury ntpd[1075]: unable to remove self-restriction for fe80::fb50:ec50:8b88:4e84%14
Jun 18 05:22:16 Markury ntpd[1075]: unable to remove self-restriction for fe80::fb50:ec50:8b88:4e84%17
Jun 18 05:29:19 Markury ntpd[1075]: unable to remove self-restriction for fe80::fb50:ec50:8b88:4e84%24
Jun 18 05:38:05 Markury ntpd[1075]: unable to remove self-restriction for fe80::fb50:ec50:8b88:4e84%28
Jun 18 05:43:54 Markury ntpd[1075]: unable to remove self-restriction for fe80::fb50:ec50:8b88:4e84%34As you can see, after shutting down the VM again, I've made it so that only "br0net" gets autostarted on boot, rebooted the PC, then tried to repeat steps 1, 2 and 3, but now every time I want to reconnect while using the "bridge-slave-enp14s0", it just stops trying to connect. Now, I'm stuck between this:
$ nmcli connection show | batless
─────┬─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ STDIN
─────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │ NAME UUID TYPE DEVICE
2 │ bridge-slave-enp14s0 248eb93c-5278-44b4-a03a-74ab1f96300f ethernet enp14s0
3 │ bridge-br0 d4df0532-ebdf-43e1-a4e0-51d735a2f702 bridge br0
4 │ lo 7540fc88-032d-4685-b973-1799636bbec5 loopback lo
5 │ Wired connection 1 9dc605f1-25d0-3b68-8c1f-1fe1bb2ac5cc ethernet --
6 │ Wired connection 2 b0423d7d-46b1-31dd-af67-f82e4b8a9c5c ethernet --
─────┴─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────and this:
$ nmcli connection show | batless
─────┬─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ STDIN
─────┼─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │ NAME UUID TYPE DEVICE
2 │ lo 7540fc88-032d-4685-b973-1799636bbec5 loopback lo
3 │ bridge-br0 d4df0532-ebdf-43e1-a4e0-51d735a2f702 bridge --
4 │ bridge-slave-enp14s0 248eb93c-5278-44b4-a03a-74ab1f96300f ethernet --
5 │ Wired connection 1 9dc605f1-25d0-3b68-8c1f-1fe1bb2ac5cc ethernet --
6 │ Wired connection 2 b0423d7d-46b1-31dd-af67-f82e4b8a9c5c ethernet --
─────┴─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────As of right now, I can only have a working ethernet on "Wired Connection 2" in Linux, which updates its device to "enp14s0" every time I turn its status back UP, which, when starting the 'default' NAT for the VM, reactivates "virbr0" and giving it an IPv4 again.
$ nmcli connection show | batless
─────┬──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ STDIN
─────┼──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │ NAME UUID TYPE DEVICE
2 │ Wired connection 2 b0423d7d-46b1-31dd-af67-f82e4b8a9c5c ethernet enp14s0
3 │ pvpn-killswitch-ipv6 ab810b6c-8675-4249-931b-883420b9d69c dummy ipv6leakintrf0
4 │ ProtonVPN 26cf901d-3c35-4186-9e37-12af839cc2fb wireguard proton0
5 │ bridge-br0 d4df0532-ebdf-43e1-a4e0-51d735a2f702 bridge br0
6 │ lo 7540fc88-032d-4685-b973-1799636bbec5 loopback lo
7 │ virbr0 acfe83ee-a326-42b3-b020-bfd4e615e3da bridge virbr0
8 │ vnet0 9a11cda4-fc89-48f1-a77c-95d200019e78 tun vnet0
9 │ bridge-slave-enp14s0 248eb93c-5278-44b4-a03a-74ab1f96300f ethernet --
10 │ Wired connection 1 9dc605f1-25d0-3b68-8c1f-1fe1bb2ac5cc ethernet --
─────┴────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────── This "vnet0" connection was not there until I started the "br0net" network...so my guess is that this connection + "bridge-slave-enp14s0" holds the key to what I want, but there's something I'm missing, here...
Maybe I should try connecting the "vnet0" tunnel to "bridge-br0" in some way?
Oh, and I have already installed the Virtio Windows drivers in the VM.
So now, I have three questions:
1. How do I get the VM to connect directly to my router without using my host's connection?
2. How do I solve ntpd's self-restriction?
3. Is there a way to make it so that I don't have to go through steps 1, 2 and 3 to get my VPN to work with this configuration? At least, as far as Network Manager is concerned.
Last edited by CryogEnix (2026-06-19 03:25:43)
Offline
#2 2026-06-18 15:30:55
- -thc
- Member
- Registered: 2017-03-15
- Posts: 1,147
Re: [SOLVED] Cannot connect VM to Network Bridge
Disclaimer: I did not read your post in full (every detail). I cannot help you with libvirt - I don't use it. But I use bridged VMs and VPNs.
Since a bridge works on OSI level 2 and a VPN on OSI level 3 your concept is valid. You can attach a VM to a bridge that also hosts a (default gateway) VPN and the VMs network stays "outside".
When you attach any device (virtual or physical) to a bridge it becomes a bridge slave without any kind of IP configuration. The bridge device itself can have an IP configuration (but doesn't need to. See: Transparent bridge) and in your own bridge's (br0) environment that would be the IP of the Ethernet slave.
This article: https://linuxconfig.org/how-to-use-brid … rt-and-kvm describes the necessary steps involved.
Offline
#3 2026-06-19 01:49:21
- CryogEnix
- Member
- Registered: 2025-12-14
- Posts: 19
Re: [SOLVED] Cannot connect VM to Network Bridge
Thanks for the advice, -thc. I have read through your article to the end, and I keep getting stuck at the same point: assigning a physical interface to the "br0" bridge.
# ip link set enp14s0 up
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp14s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether bc:fc:e7:e9:69:b0 brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969b0
inet 192.168.2.35/24 brd 192.168.2.255 scope global dynamic noprefixroute enp14s0
valid_lft 216316sec preferred_lft 216316sec
inet6 fe80::c85a:17ba:febc:4400/64 scope link noprefixroute
valid_lft forever preferred_lft forever
3: enp13s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether bc:fc:e7:e9:69:af brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969af
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:cb:16:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
12: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether f6:42:32:f5:a7:5c brd ff:ff:ff:ff:ff:ffVPN is turned off, "br0" is still DOWN, so I run:
# ip link set enp14s0 down
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp14s0: <BROADCAST,MULTICAST> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether bc:fc:e7:e9:69:b0 brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969b0
inet 192.168.2.35/24 brd 192.168.2.255 scope global dynamic noprefixroute enp14s0
valid_lft 216248sec preferred_lft 216248sec
inet6 fe80::c85a:17ba:febc:4400/64 scope link tentative noprefixroute
valid_lft forever preferred_lft forever
3: enp13s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether bc:fc:e7:e9:69:af brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969af
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:cb:16:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
12: br0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether f6:42:32:f5:a7:5c brd ff:ff:ff:ff:ff:ff
$ nmcli connection show | batless
─────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ STDIN
─────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │ NAME UUID TYPE DEVICE
2 │ bridge-br0 d4df0532-ebdf-43e1-a4e0-51d735a2f702 bridge br0
3 │ lo de1afdb2-470b-4139-9643-485982aff267 loopback lo
4 │ virbr0 464e2a91-8395-4c59-a260-05d5848ea8b3 bridge virbr0
5 │ bridge-slave-enp14s0 248eb93c-5278-44b4-a03a-74ab1f96300f ethernet --
6 │ Wired connection 1 9dc605f1-25d0-3b68-8c1f-1fe1bb2ac5cc ethernet --
7 │ Wired connection 2 b0423d7d-46b1-31dd-af67-f82e4b8a9c5c ethernet --
─────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
$ nmcli connection up bridge-slave-enp14s0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/34)
$ nmcli connection show | batless
─────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ STDIN
─────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │ NAME UUID TYPE DEVICE
2 │ bridge-slave-enp14s0 248eb93c-5278-44b4-a03a-74ab1f96300f ethernet enp14s0
3 │ bridge-br0 d4df0532-ebdf-43e1-a4e0-51d735a2f702 bridge br0
4 │ lo de1afdb2-470b-4139-9643-485982aff267 loopback lo
5 │ virbr0 464e2a91-8395-4c59-a260-05d5848ea8b3 bridge virbr0
6 │ Wired connection 1 9dc605f1-25d0-3b68-8c1f-1fe1bb2ac5cc ethernet --
7 │ Wired connection 2 b0423d7d-46b1-31dd-af67-f82e4b8a9c5c ethernet --
─────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
# ip address add dev br0 192.168.0.90/24
$ ip addr show br0
12: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether f6:42:32:f5:a7:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.0.90/24 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::fb50:ec50:8b88:4e84/64 scope link noprefixroute
valid_lft forever preferred_lft forever
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp14s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
link/ether bc:fc:e7:e9:69:b0 brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969b0
3: enp13s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether bc:fc:e7:e9:69:af brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969af
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:cb:16:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
12: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether f6:42:32:f5:a7:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.0.90/24 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::fb50:ec50:8b88:4e84/64 scope link noprefixroute
valid_lft forever preferred_lft forever Still no internet even though the bridge-slave and its master are both UP.
Then, after like 30s:
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp14s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 1000
link/ether bc:fc:e7:e9:69:b0 brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969b0
3: enp13s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether bc:fc:e7:e9:69:af brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969af
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:cb:16:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
$ ip addr show br0
Device "br0" does not exist.
$ nmcli connection show | batless
─────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ STDIN
─────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │ NAME UUID TYPE DEVICE
2 │ lo de1afdb2-470b-4139-9643-485982aff267 loopback lo
3 │ virbr0 464e2a91-8395-4c59-a260-05d5848ea8b3 bridge virbr0
4 │ bridge-br0 d4df0532-ebdf-43e1-a4e0-51d735a2f702 bridge --
5 │ bridge-slave-enp14s0 248eb93c-5278-44b4-a03a-74ab1f96300f ethernet --
6 │ Wired connection 1 9dc605f1-25d0-3b68-8c1f-1fe1bb2ac5cc ethernet --
7 │ Wired connection 2 b0423d7d-46b1-31dd-af67-f82e4b8a9c5c ethernet --
─────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────And then I have to set "Wired Connection 2"'s state back UP to get ethernet.
I wonder if there's a specific IP that I need to assign... DHCP doesn't seem to work.
...
If I get what you mean by "transparent bridge", then...maybe it might work if I manually set the IP to the bridge-slave?
I forgot about you mentioning that while I was reading the article. I guess it's worth a try, though it would just error out when I tried:
$ nmcli con mod bridge-slave-enp14s0 ipv4.method autoLast edited by CryogEnix (2026-06-19 02:50:38)
Offline
#4 2026-06-19 03:24:01
- CryogEnix
- Member
- Registered: 2025-12-14
- Posts: 19
Re: [SOLVED] Cannot connect VM to Network Bridge
Well...it looks like doing it to the bridge itself changed something.
$ nmcli connection down Wired\ connection\ 2
Connection 'Wired connection 2' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/41)
$ sudo ip address add dev br0 192.168.66.66/24
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp14s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
link/ether bc:fc:e7:e9:69:b0 brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969b0
3: enp13s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether bc:fc:e7:e9:69:af brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969af
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:cb:16:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
33: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether f6:42:32:f5:a7:5c brd ff:ff:ff:ff:ff:ff
inet6 fe80::fb50:ec50:8b88:4e84/64 scope link noprefixroute
valid_lft forever preferred_lft forever
$ sudo ip address add dev br0 192.168.66.66/24
br0
$ sudo ip address add dev br0 192.168.66.66/24
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp14s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
link/ether bc:fc:e7:e9:69:b0 brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969b0
3: enp13s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether bc:fc:e7:e9:69:af brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969af
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:cb:16:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
33: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether f6:42:32:f5:a7:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.66.66/24 scope global br0
valid_lft forever preferred_lft forever
inet6 fe80::fb50:ec50:8b88:4e84/64 scope link noprefixroute
valid_lft forever preferred_lft forever
$ nmcli connection modify bridge-slave-enp14s0 ipv4.method auto
Error: invalid or not allowed setting 'ipv4': port connections cannot have IP configuration.
$ nmcli connection modify bridge-br0 ipv4.method auto
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp14s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
link/ether bc:fc:e7:e9:69:b0 brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969b0
3: enp13s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether bc:fc:e7:e9:69:af brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969af
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:cb:16:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
35: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether f6:42:32:f5:a7:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.2.36/24 brd 192.168.2.255 scope global dynamic noprefixroute br0
valid_lft 259197sec preferred_lft 259197sec
inet6 fe80::fb50:ec50:8b88:4e84/64 scope link noprefixroute
valid_lft forever preferred_lft forever With that, I now have internet.
Briefly setting "Wired Connection 2 back up:
$ nmcli connection up Wired\ connection\ 2
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/57)then activating the VPN before getting back on the bridge-slave:
$ nmcli connection up bridge-slave-enp14s0
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/62)
$ ip addr
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host noprefixroute
valid_lft forever preferred_lft forever
2: enp14s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq master br0 state UP group default qlen 1000
link/ether bc:fc:e7:e9:69:b0 brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969b0
3: enp13s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 1000
link/ether bc:fc:e7:e9:69:af brd ff:ff:ff:ff:ff:ff
altname enxbcfce7e969af
5: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
link/ether 52:54:00:cb:16:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0
valid_lft forever preferred_lft forever
35: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether f6:42:32:f5:a7:5c brd ff:ff:ff:ff:ff:ff
inet 192.168.2.36/24 brd 192.168.2.255 scope global dynamic noprefixroute br0
valid_lft 259116sec preferred_lft 259116sec
inet6 fe80::fb50:ec50:8b88:4e84/64 scope link noprefixroute
valid_lft forever preferred_lft forever
38: proton0: <POINTOPOINT,NOARP,UP,LOWER_UP> mtu 1420 qdisc noqueue state UNKNOWN group default qlen 1000
link/none
inet 10.2.0.2/32 scope global noprefixroute proton0
valid_lft forever preferred_lft forever
39: ipv6leakintrf0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default qlen 1000
link/ether 06:b9:43:fa:c7:81 brd ff:ff:ff:ff:ff:ff
inet6 ------------------/64 scope global noprefixroute
valid_lft forever preferred_lft forever
inet6 ------------------/64 scope link noprefixroute
valid_lft forever preferred_lft forever
$ nmcli connection show | batless
─────┬───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
│ STDIN
─────┼───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
1 │ NAME UUID TYPE DEVICE
2 │ bridge-br0 d4df0532-ebdf-43e1-a4e0-51d735a2f702 bridge br0
3 │ pvpn-killswitch-ipv6 e20e78a2-c79f-4f64-8ae6-1743edee0448 dummy ipv6leakintrf0
4 │ ProtonVPN ef23f187-ea9c-4bb8-ba2e-e9c4f6dbe30d wireguard proton0
5 │ bridge-slave-enp14s0 248eb93c-5278-44b4-a03a-74ab1f96300f ethernet enp14s0
6 │ lo de1afdb2-470b-4139-9643-485982aff267 loopback lo
7 │ virbr0 464e2a91-8395-4c59-a260-05d5848ea8b3 bridge virbr0
8 │ Wired connection 1 9dc605f1-25d0-3b68-8c1f-1fe1bb2ac5cc ethernet --
9 │ Wired connection 2 b0423d7d-46b1-31dd-af67-f82e4b8a9c5c ethernet --
─────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────Now the question remains...does the VM still use the host system's connection?
$ virsh net-start br0net
Network br0net started--> SOLUTION
Omg, I'm such a klutz.
This is why I triple-check on every little thing.
Here's the big answer to my problem: I initially forgot to click "Apply" in Virt-manager after setting the NIC to the new bridge.
Last edited by CryogEnix (2026-06-21 05:26:01)
Offline