Sandbox99 Chronicles

How to Create a Host-Only Network in Libvirt

Written by Jose Mendez

Hi, I’m Jose Mendez, the creator of sandbox99.cc. with a passion for technology and a hands-on approach to learning, I’ve spent more than fifteen years navigating the ever-evolving world of IT.



Linux Tips | Networking Fundamentals | Virtualization



host-only | isolated network | KVM | libvirt | network configuration | qemu | virsh | virt-manager



Published Aug 8, 2025 | Last updated on Aug 26, 2025 at 11:55PM



Follow me on LinkedIn

Reading Time: 3 minutes

Table of Contents show

Introduction

Virtualization is a powerful tool, but configuring the network to meet your specific needs can sometimes be a challenge. If you’ve ever used VirtualBox, you’re likely familiar with the “Host-only” network—a private, isolated environment where your virtual machines can communicate with each other and the host machine, but have no access to the outside world. This setup is perfect for development, testing, or creating closed lab environments. If you’re a libvirt user and want to achieve the same isolation, you might have struggled with the correct configuration. In this post, we’ll walk through the process of creating a libvirt network that functions exactly like a VirtualBox Host-only network, ensuring your VMs are securely isolated while maintaining internal connectivity.

Step by Step Walkthrough

1. Create the Network Definition File

First, you need to create an XML file that defines the network’s properties. This file specifies the name of the network, the bridge device, and the IP addressing scheme.

Create a new file, for example, hostonly-network.xml, with the following content.

<network>
  <name>hostonly-bridge-55</name>
  <forward mode='none'/>
  <bridge name='virbr55' stp='on' delay='0'/>
  <ip address='10.10.55.1' netmask='255.255.255.0'>
    <dhcp>
      <range start='10.10.55.101' end='10.10.55.199'/>
    </dhcp>
  </ip>
</network>

Network Configuration Setup

Network Name: hostonly-bridge-55
Network Type: Host-only network (isolated)
<forward mode='none'/> means no packet forwarding – VMs can communicate with each other and the host, but cannot reach external networks or the internet

Bridge Configuration:
Bridge name: virbr55 – This is the virtual bridge interface that will be created on the host
STP (Spanning Tree Protocol): Enabled (stp=’on’) – Prevents network loops
Delay: 0 – No delay for port state transitions

IP Configuration:
Host IP: 10.10.55.1 – The host system will have this IP on the bridge interface
Netmask: 255.255.255.0 (equivalent to /24 CIDR notation)
Network range: 10.10.55.0/24 (256 addresses total)

DHCP Configuration:
DHCP range: 10.10.55.101 to 10.10.55.199 (99 available IP addresses for VMs)
Reserved IPs: 10.10.55.1 (host), 10.10.55.2-10.10.55.100 (available for static assignment)

2. Define and Start the Network

With the XML file created, use the virsh command-line tool to define the network in libvirt.

Step 2.1 Define the network:

sudo virsh net-define hostonly-network.xml

Step 2.2 Start the network:

sudo virsh net-start hostonly-bridge-55

Step 2.3 Set the network to autostart on boot:

sudo virsh net-autostart hostonly-bridge-55

Step 2.4 You can now verify that the network is running with

sudo virsh net-list --all

3. Attach a Virtual Machine to the Network

Once the network is running, you can connect a virtual machine to it. You can do this by editing the virtual machine’s XML configuration.

Edit the VM’s (Guest OS) XML:

sudo virsh edit your-vm-name

Add a network interface: Find the <devices> section and add the following <interface> block, which connects the VM’s virtual NIC to the new hostonly-bridge network.

Via virt-manager GUI

What this network provides:

Isolated environment – VMs can communicate with each other and the host but not with external networks
Automatic IP assignment – VMs will get IPs between .101-.199 via DHCP
Host accessibility – The host is reachable at 10.10.55.1
VM-to-VM communication – All VMs on this network can communicate with each other

Use Cases:

Testing environments that need isolation from the internet
Lab setups where you want controlled networking
Development environments with multiple VMs that need to communicate
Security testing where you want contained network

Final Thoughts

By using libvirt‘s isolated network mode (forward mode='none'), you can easily replicate the Host-only networking experience from VirtualBox. This approach provides a powerful and secure way to create development and testing environments where you have full control over the network without any external interference. The key is understanding that libvirt‘s network definitions are flexible and can be tailored to various use cases, from simple isolated labs to more complex bridged setups. With this configuration, you now have a robust, private virtual network for your guests to communicate with each other and your host, all while staying safely disconnected from the public internet.

Calendar

September 2025
S	M	T	W	T	F	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30

Nala: A Smarter Frontend for APT on Debian-Based Systems

by Jose Mendez | Published Sep 7, 2025 | Last updated on Sep 7, 2025 at 4:18PM | Linux Tips, Linux Tools

Introduction For decades, Debian and its derivatives such as Ubuntu, Linux Mint, and Pop!_OS have relied on the tried-and-tested APT (Advanced Package Tool) as their default package manager. While APT is reliable and powerful, its user interface and output formatting...

Essential Virsh Commands: Managing VMs with VNC, SPICE & Remote Viewers

by Jose Mendez | Published Sep 5, 2025 | Last updated on Sep 5, 2025 at 6:29AM | Cheat Sheet, Virtualization

Introduction Virsh (Virtual Shell) is the command-line interface for managing virtual machines and hypervisors through libvirt. This cheatsheet provides essential commands for daily VM management tasks, from basic operations like listing and controlling VMs to...

Samba Server Auto-Setup: Simplify File Sharing on Linux

by Jose Mendez | Published Aug 27, 2025 | Last updated on Aug 27, 2025 at 4:47AM | DevOps, Networking Fundamentals, Python Scripting

Setting up a Samba server can be a repetitive and time-consuming task—especially if you manage multiple systems or need to redeploy often. To solve this, I recently published an open-source project on GitHub:👉 samba-server-autosetup 🔧 What is Samba? Samba is a free...