The setup is actually very simple and unobtrusive. It is only necessary to properly configure a local DNS server and then force 127.0.0.1 to be used as the only nameserver instead of the corporate DNS servers.

First you need to configure dnsmasq as follows:

/etc/dnsmasq.conf

# don't use the /etc/resolv.conf file anymore
no-resolv

# OpenDNS nameservers:
server=208.67.222.222
server=208.67.220.220

# Force corporate nameservers for corporate.domain.com lookups
# OpenDNS wouldn't be able to answer such queries correctly
# adjust to suit your network
server=/corporate.domain.com/10.1.1.1
server=/corporate.domain.com/10.1.1.2

# only respond to queries from the local machine
listen-address=127.0.0.1
bind-interfaces

conf-dir=/etc/dnsmasq.d

Then you need to go into NetworkManager and set 127.0.0.1 as the DNS server to be used:

This will result in the following important settings added to your network scripts:

DNS1=127.0.0.1
PEERDNS=no

I’ve noticed two minor problems with this setup:

1. the corporate DNS server names are hardcoded in the configuration. Usually they are determined automatically by the DHCP client.
2. restarting the dnsmasq service sometimes shows this error:

   dnsdomainname: Host name lookup failure

ifcfg-eth0

First, I changed the host’s (auto-generated) /etc/sysconfig/network-scripts/ifcfg-eth0 script from this:

# Attansic Technology Corp. L1 Gigabit Ethernet Adapter
DEVICE=eth0
BOOTPROTO=dhcp
HWADDR=00:1D:60:35:A7:64
ONBOOT=yes

to this:

# Attansic Technology Corp. L1 Gigabit Ethernet Adapter
DEVICE=eth0
TYPE=Ethernet
BRIDGE=br0
ONBOOT=yes

This turns off DHCP on the physical Ethernet device and just specifies that it will be connected to or a part of a bridge.

ifcfg-br0

Second, I created /etc/sysconfig/network-scripts/ifcfg-br0, which will be called to setup a bridge device:

DEVICE=br0
TYPE=Bridge
BOOTPROTO=dhcp
HWADDR=00:1D:60:35:A7:64
ONBOOT=yes
DELAY=0
STP=off

As you can see, most of this configuration is copied from eth0 plus the bridge configuration as per the Qemu Wikibook.

qemu-ifup/down

Third, I shortened the /etc/qemu-ifup and /etc/qemu-ifdown from Wikibooks to get this:

/etc/qemu-ifup:

#!/bin/sh
USER=$(id -un)
sudo /usr/sbin/openvpn --mktun --dev $1 --user "$USER"
sudo /sbin/ifconfig $1 0.0.0.0 promisc up
sudo /usr/sbin/brctl addif br0 $1

/etc/qemu-ifdown:

#!/bin/sh
sudo /sbin/ifconfig $1 down
sudo /usr/sbin/brctl delif br0 $1
sudo /usr/sbin/openvpn --rmtun --dev $1

Here I basically removed all of the configuration that is taken care of in the sysconfig scripts. I also made explicit use of sudo simply because that is my preference.

Final steps

Now I can simply run /etc/qemu-ifup tap0 once to create a TAP device, and use something like: qemu-kvm -hda /virtual-machines/fedora9.disk -m 512 -net nic -net tap,ifname=tap0,script=no to start a virtual machine. When I’m done running the virtual machine, I can run /etc/qemu-ifdown tap0 to remove the TAP device.

All this sounds simple now that it’s working, but initially it took a lot of guessing on my part so I’m documenting it here for the future.

I would appreciate it if someone can point me to the official Redhat/Fedora documentation on editing /etc/sysconfig/network-scripts/ scripts.