| View previous topic :: View next topic |
| Author |
Message |
mel_82
Tux's lil' helper
Joined: 25 Oct 2004
Posts: 117
Location: Somewhere in Italy
|
 Posted: Wed Feb 08, 2006 11:43 am Post subject: (??) Qemu + openvpn + external proxy (??) |
 |
|
A quick explanation of the quest: I need to reach from a qemu VM an openvpn server on the host machine, and then to reach the internet through the openvpn tunnel and through the proxy that rules the local network..
It's a bit tangled, I know it, but I can't do nothing to find an easier solution (don't mind the vpn tunnel, that's the only thing I know how to do, and it's the main goal of the whole thing, for test/research pourpose).
Now, I immediatly stopped right on the first problem: I can't reach the local net from the qemu VM.
I've done the following:
- installed qemu (latest version form qemu site, not from portage) with kqemu
- installed vde (emerged)
- modified /etc/conf.d/net by adding following code and started net.tun0
| Code: | config_tun0=( "10.0.5.1" )
preup()
{
if [ "$IFACE" == "tun0" ]
then
if [ -S /tmp/vde.ctl ]
then
rm /tmp/vde.ctl
elseif [ -e /tmp/vde.ctl ]
eerror "/tmp/vde.ctl exists, but is not a socket"
return 1
fi
vde_switch -tap $IFACE -daemon
chmod 777 /tmp/vde.ctl
return 0
fi
return 0
}
postdown()
{
if [ "$IFACE" == "tun0" ]
then
if [ -S /tmp/vde.ctl ]
then
einfo "Removing /tmp/vde.ctl socket"
rm /tmp/vde.ctl
return 0
fi
fi
return 0
} |
| Code: | | # echo "1" >/proc/sys/net/ipv4/ip_forward |
| Code: | | # iptables -t nat -A POSTROUTING -o eth0 -s 10.0.5.0/8 -d 0/0 -j MASQUERADE |
| Code: | | # /usr/local/bin/qemu -hda qemu/test_client -cdrom /home/mel/install-x86-minimal-2005.1.iso -boot d |
Now I have, on the host machine: | Code: | test_machine ~ # iptables -t nat -L Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
MASQUERADE all -- 10.0.0.0/8 anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
test_machine ~ # cat /proc/sys/net/ipv4/ip_forward
1
test_machine ~ # ifconfig tun0
tun0 Link encap:Ethernet HWaddr A6:37:6D:82:60:71
inet addr:10.0.5.1 Bcast:10.255.255.255 Mask:255.0.0.0
inet6 addr: fe80::a437:6dff:fe82:6071/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:5 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 b) TX bytes:378 (378.0 b)
|
And the VM that, starting from gentoo installation cd, has gotten the followings (by dhcp, that i DON'T have installed, I soppose it's a qemu feature):
- ip eth0: 10.0.2.1
- gateway 10.0.2.2
- nameserver 10.0.2.3
From the VM I can ping 10.0.2.2, and it works (is it intended to be the host machine?). Name resolution also works, but only for site I already have visited from the host machine. Ping to external sites, instead, doesn't work.
I've tried to set on the VM an IP like 10.0.5.2 (On the host tun0 I have 10.0.5.1, even when running qemu), and to set 10.0.5.1 as default gateway and nameserver (I've also tried with a valid nameserver with B ip), but it seems that 10.0.5.1 is unracheable, and so nothing works..
HEEELP!!!!
_________________
http://www.feelingsofgreatness.net |
|
| Back to top |
|
 |
neonknight
Guru
Joined: 19 Jul 2003
Posts: 357
Location: Zurich, Switzerland
|
| Posted: Wed Feb 08, 2006 7:04 pm Post subject: |
|
|
| Why dont' you bridge eth0 and tun0, so qemu will be in the same network as your physical computer? |
|
| Back to top |
|
|
mel_82
Tux's lil' helper
Joined: 25 Oct 2004
Posts: 117
Location: Somewhere in Italy
|
| Posted: Wed Feb 08, 2006 7:20 pm Post subject: |
|
|
Beacuse I am not the lab admin, and the lab network is managed by a dhcp that assigns IPs only at certain MACs, that are known to be the only allowed machines.
ps: I'm sorry for my terrible spaghetti-english, but it's the best I can manage to do without a heavy use of the google translator 
_________________
http://www.feelingsofgreatness.net |
|
| Back to top |
|
|
mel_82
Tux's lil' helper
Joined: 25 Oct 2004
Posts: 117
Location: Somewhere in Italy
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
