This descibes useful things for /etc/network/interfaces
auto theory iface theory inet dhcp bridge_ports eth2 eth0.11
auto reichman iface reichman inet dhcp pre-up ip link add link eth0 name reichman type vlan id 14 || true post-down ip link del reichman
Create a private virtual LAN which you can connect `tap` devices to
This creates an automatically-made lan interface, which is a bridge. It starts off with no actual devices connected to it. It gives it a static address and netmask. It then sets makes iptables rules and enables forwarding.
auto lan iface lan inet static address 192.168.12.1 netmask 255.255.255.0 bridge_ports none up iptables -P FORWARD DROP up sysctl net.ipv4.ip_forward=1 up iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT up sudo iptables -A FORWARD -i lan -j ACCEPT up iptables -t nat -A POSTROUTING -s 192.168.12.0/24 -j MASQUERADE
How can you use this device? Well, you can have kvm great a tap device for its machines and add them to a given bridge device.
Create this script named add-iface-to_lan. If you name it add-iface-to_DEVICE it will bridge the interface given on $1 with the bridge specified in the filename.
iface="$1" bridge=`echo $0 | cut -f 2 -d _` sudo brctl addif $bridge $iface sudo ip link set up $iface
Start kvm with these options (the macaddress part is optional, otherwise it'll be random):
kvm -net tap,script=/path/to/add-iface-to-lan -net nic,macaddr=52:54:00:12:34:56