Creating a private network for two VMs

linux kvm-virtualization bridge

I've seen iptables interfering with bridge traffic before (even though it shouldn't AFAIK). You certainly don't want any NAT related rules, but I think that the FORWARD chain needs to accept the packets. I would suggest testing this with no iptables rules and a default ACCEPT policy on the FORWARD chain.

A couple other things to check:

  • Does brctl show verify that tap1 and tap2 are in bridge?
  • Does brctl showmacs bridge show the MAC addresses for the two VMs?

Set your tap interfaces to promiscuous mode.

ifconfig tap1 promisc up
ifconfig tap2 promisc up

ARP requires routing to work also.

A common problem is that you have both an IP address assigned to both interfaces in the same subnet, on the host system's kernel. If you do this ARP replies will break - b/c only one interface will get replies. Make sure that you have a clean, single route back to the subnet.

In the example above, if the tap1 and tap2 interfaces both had IP address in the Linux host's kernel - in the same subnet (192.168.100.0/24) ARP replies would break. If the VM's did not require connectivity to the host, then neither would need an IP in the host kernel.

Related

text compression in postfix
sftp vs ftps, securing SSH and virtual users vsftpd
Setting passenger with Apache virtual hosts?
Disabling Specific Options in Outlook 2010 through Group Policy?
Can nginx be an mail proxy for a backend server that does not accept cleartext logins?
Sending content of a file in Expect
Nagios performance graphs
Hardware/topology recommendations for low latency UDP network
Postfix cleanup daemon access control
com.google.android.gms.common.internal.safe parcel.safe parcelable not found
What is the difference between a fluent interface and the Builder pattern?
The component does not have a resource identified by the uri