Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[SOLVED] Home router and QEMU
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
umka69
Tux's lil' helper
Tux's lil' helper


Joined: 31 Mar 2013
Posts: 124

PostPosted: Sat Oct 25, 2014 5:37 pm    Post subject: [SOLVED] Home router and QEMU Reply with quote

Hello, gentoo people! Have an interesting idea for a home server.
There is a server with QEMU virtualization. It has three network interfaces:
1. enp3s0 is wired uplink configurated by DHCP and connected to the Internet
2. enp4s0 is wired interface to a PC
3. wlp5s0 is going to be wireless access point
It'll be ONE WAN for all my wireless devices (wlp5s0), the PC (enp4s0) and all of QEMU's VMs.
The WAN will have DHCP server and have connection to the Internet.
What softwere can help to do it and how it must be configured in Gentoo Linux?
_________________
Make a wish, this text is magic. :)


Last edited by umka69 on Sun Oct 04, 2015 9:04 pm; edited 3 times in total
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54801
Location: 56N 3W

PostPosted: Sat Oct 25, 2014 7:13 pm    Post subject: Reply with quote

umka69,

Your physical interfaces will need to be donated to three separate bridges in the bare metal hardware.
The KVM will attach to these bridges.
Then you need shorewall in the VM to take care of the routing.

I do something close to mhat you are suggesting but my AP is on the end of an ethernet cable.
my net file on the bare metal is

Code:
# eth interfaces for firewall
# we don't want them getting IP addresses
# as they are being donated to bridges

config_eth0="null"
config_eth1="null"
config_eth2="null"
config_eth3="null"
config_eth4="null"

# the big bad internet - we may not need an IP here as all trafic goes to the router.
config_br0="62.x.y.z/29"

# the DMZ
bridge_br1="eth2"
config_br1="192.168.10.254/24"

# wireless
bridge_br2="eth3"
config_br2="192.168.54.254/24"

# protected wired
bridge_br3="eth4"
config_br3="192.168.100.254/24"


The =null is important. You can't donate an interface with an IP to a bridge - its the bridge that must have the IP.
The bridge is the software equivelent of a hub. All packets sent to the bridge go to all interfaces donated to the bridge.

In the router VM you pick up the bridges again - my router net file is

Code:
modules="iproute2"

# One day udev messed all this up as it stopped renaming interfaces
# this may also make  a total pigs ear of shorewall as all the interfaces
# names change
# post udev mess
config_eth0="192.168.10.253/24 brd 192.168.10.255"
config_eth1="192.168.100.253/24 brd 192.168.100.255"
config_eth2="null"
config_eth3="192.168.54.253/24 brd 192.168.54.255"

# with BTs Box need to start ppp0
config_ppp0="ppp"
link_ppp0="eth2"
plugins_ppp0="pppoe"
pppd_ppp0="defaultroute"
#           usepeerdns"
dns_servers_ppp0="212.x.y.z
                  212.x.y.z"
username_ppp0='xxxxxxxxxxxxxxx'
password_ppp0='pppppppppppp'


My router is a PPPoE end point too, as thats what BT distribute, it saves another box.
This does not show how the ethX on the router get connected to the bridges.
virt-manager provides a nice GUI to create and configure KVMs.

Thats the hard bits. The rest is as you would do on bare metal.
shorewall is a good tool to set up iptables on the router.
The router also provides a dhcp service to wired and wireless.

One wrinkle ...
The bare hardware never finds an ntp server at boot time becase there is no internet connection until the router VM has started.

Giving you the two world files would make it too easy but ask for more help if you need it.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
umka69
Tux's lil' helper
Tux's lil' helper


Joined: 31 Mar 2013
Posts: 124

PostPosted: Sun Oct 26, 2014 11:54 am    Post subject: Reply with quote

As I understand your VM is a router.
It is interesting in case of stability but anyway all traffic will go thru the hostnode and it is not good for performance.
So i decided to give routing care to hostnode.
You see my VMs must be the same WAN clients as AP's clients.
And what software is necessary to create an access point.
_________________
Make a wish, this text is magic. :)


Last edited by umka69 on Sun Oct 26, 2014 12:09 pm; edited 1 time in total
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54801
Location: 56N 3W

PostPosted: Sun Oct 26, 2014 12:05 pm    Post subject: Reply with quote

umka69,

I wanted to do PCI passthrough so my VM router saw the ethernet interfaces directly but there is a bug in my network card hardware, so it dosent work.
Yes it hurts performance a little.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
umka69
Tux's lil' helper
Tux's lil' helper


Joined: 31 Mar 2013
Posts: 124

PostPosted: Mon Oct 27, 2014 10:51 pm    Post subject: Reply with quote

Ok, community. The answer is quite received... with great help of [profile=NeddySeagoon]NeddySeagoon[/profile].
There are steps of solution..
1.Configure the kernel according to hardware and Gentoo Home Router
2. Creat a wireless access point (AP) with hostapd demon by the Gentoo Wiki
3. Create a TUN/TAP interface (bridge) for WAN and QEMU interfaces by QEMU Options Wiki
4. Install and config DHCP server on bridge intrface (for my apinion the best one is dhcpd)
5. Enable NAT with help of iptables from WAN (bridge interface) to LAN (AP interface) by Gentoo Home Router Guide
_________________
Make a wish, this text is magic. :)
Back to top
View user's profile Send private message
madchaz
l33t
l33t


Joined: 01 Jul 2003
Posts: 995
Location: Quebec, Canada

PostPosted: Sat Nov 01, 2014 10:52 pm    Post subject: Reply with quote

My setup is relatively close to what you're talking about.

I use KVM and virt-manager to handle my virtual machines.

I just bridge the WAN network card to the VM's WAN interface (as defined during install) and it works quite well. People raised performance worries.

Well, here are some comparative numbers.

Using an ASUS hardware router, I was getting between 60 and 70 ms pings to google.com and around the same kind of round trips to a popular MMORPG's servers.

Using gentoo in a VM as a router, I get between 40-50ms to google and about the same improvement for the MMORPG. Oh and I can use QoS to (effectively, unlike the asus) control trafic so I get the same kind of performances even when I have torrents running on my download VM.

As for speed, I can get enough speed transfering files and such from virtual machines on the DMZ side of the network to the lan (so passing in the router) fast enough to basically floor the 1G lan network with the router's VM not even using a full CPU.

(you can see the specs of my machine on the site in my sig)
_________________
Someone asked me once if I suffered from mental illness. I told him I enjoyed every second of it.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 54801
Location: 56N 3W

PostPosted: Sun Nov 02, 2014 9:55 am    Post subject: Reply with quote

madchaz,

Thats much the same as my setup.
That could do with an update now.

Its become increasingly innacuarte with the passage of time, rather like the famous "trilogy in four parts".
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum