can't ssh into KVM VM despite using bridged network


I had set up my bridge targeting the virbr0 interface, which (as described here) is just a virtual bridge, so it wasn't giving me an IP address on the physical network.

Sure enough, creating a bridge which attached to my physical network interface fixed the issue -- I did this by using virt-install ... --network bridge=br0,model=virtio, where br0 was set up like this:

$ brctl show
bridge name  bridge id          STP enabled    interfaces
br0          8000.ecf4bbcabb04  no             em3

(Where em3 is my physical network interface and vnet3 is the VM's interface which was created by virt-install.)


Related videos on Youtube

Author by


Currently a lead in EC2 virtual networking. Former lead on network-attached block storage for GCE (a.k.a. "Persistent Disk"). Former OpenZFS developer. Before that, built infrastructure for an enterprise Java app.

Updated on September 18, 2022


  • Dan
    Dan over 1 year

    I'm trying to access a KVM virtual machine running inside my company's network. I am VPN'ed into the network from my laptop and can ssh into other VMs, and I set up my VM to use a bridged network for my VM using virt-install ... --network bridge=virbr0,model=virtio. The KVM host config for the network is:

    # virsh dumpxml test-vm
    <interface type='bridge'>
      <mac address='52:54:00:d6:4f:f8'/>
      <source bridge='virbr0'/>
      <target dev='vnet3'/>                    <------
      <model type='virtio'/>
      <alias name='net0'/>
      <address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
    # ifconfig
    virbr0    Link encap:Ethernet  HWaddr fe:54:00:3f:e1:8d  
          inet addr:  Bcast:  Mask:
          RX packets:1119495 errors:0 dropped:0 overruns:0 frame:0
          TX packets:698753 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0 
          RX bytes:105580752 (105.5 MB)  TX bytes:2718266918 (2.7 GB)
    vnet3     Link encap:Ethernet  HWaddr fe:54:00:d6:4f:f8            <-----
          inet6 addr: fe80::fc54:ff:fed6:4ff8/64 Scope:Link
          RX packets:1062543 errors:0 dropped:0 overruns:0 frame:0
          TX packets:1900765 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500 
          RX bytes:80152674 (80.1 MB)  TX bytes:2667837704 (2.6 GB)

    The IP address my VM was given through DHCP is 192.168.X.X, but I noticed that for VMs not running on this KVM host the IP addresses are more like 172.16.X.X. If I SSH into the physical host, then I am able to ping my VM, but from any other machine I cannot.

    Given these symptoms, what have I failed to configure to allow myself to SSH directly into the VM from anywhere machine in the network?

    • mdpc
      mdpc over 9 years
      One serious question here, is this action allowed by your company? If so, have you discussed this with your company's systems administration staff for assistance? There could be firewall problems here that you will not be able to resolve.
    • Dan
      Dan over 9 years
      Yes, it is allowed by my company. I would ask our staff but (a) it's the weekend, (b) both the VM and the host it's running on are empty and are were set up solely for my benefit, and (c) I just want to learn more about networking and VMs. I can sort of get by without doing this by pushing the code I'm testing to a different machine in the network and then pulling from there into my VM (painful, though), but then I can't run our test framework against the VM because it doesn't run on the KVM host (and therefore can't see the VM it needs to run tests against).