| View previous topic :: View next topic |
| Author |
Message |
umka69
Tux's lil' helper
Joined: 31 Mar 2013
Posts: 124
|
 Posted: Mon Sep 08, 2014 5:57 pm Post subject: [SOLVED] QEMU guest networking |
 |
|
Hello.
I already ran minimal cd in QEMU environment.
There is a problem with network configuration of hypervisor, I think.
Can you help me with its configuration?
Host configs
| Code: | den ~ # ifconfig
br0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST> mtu 1500
inet 192.168.1.4 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::813a:b125:254:c22d prefixlen 64 scopeid 0x20<link>
inet6 fe80::e23f:49ff:feae:c278 prefixlen 64 scopeid 0x20<link>
ether e0:3f:49:ae:c2:78 txqueuelen 0 (Ethernet)
RX packets 29433 bytes 4611240 (4.3 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1356 bytes 273143 (266.7 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet6 fe80::e23f:49ff:feae:c278 prefixlen 64 scopeid 0x20<link>
ether e0:3f:49:ae:c2:78 txqueuelen 1000 (Ethernet)
RX packets 29433 bytes 5023302 (4.7 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 1364 bytes 273791 (267.3 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 57673 bytes 21885826 (20.8 MiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 57673 bytes 21885826 (20.8 MiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
| Code: | den ~ # cat /etc/conf.d/net
config_enp3s0="null"
config_br0="dhcp"
brctl_br0="setfd 0
sethello 10
stp off"
bridge_br0="enp3s0"
|
Guest ifconfig
| Code: | lifecd ~ # ifconfig
enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 10.0.2.15 netmask 255.255.255.0 broadcast 10.0.2.255
inet6 fe80::5054:ff:fe12:3456 prefixlen 64 scopeid 0x20<link>
inet6 fe80::59c1:f175:aeb3:433 prefixlen 64 scopeid 0x20<link>
ether 52:54:00:12:34:56 txqueuelen 1000 (Ethernet)
RX packets 2 bytes 1180 (1.1 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 17 bytes 1979 (1.9 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 2 bytes 140 (140.0 B)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 2 bytes 140 (140.0 B)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
|
| Code: | lifecd ~ # ping -c3 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
--- 8.8.8.8 ping statistics ---
3 packets transmitted, 0 received, 100% packet loss, time 2015ms
|
_________________
Make a wish, this text is magic. 
Last edited by umka69 on Fri Sep 12, 2014 8:40 pm; edited 1 time in total |
|
| Back to top |
|
 |
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3489
|
| Posted: Mon Sep 08, 2014 8:21 pm Post subject: |
|
|
What do you want to do?
By default qemu runs network in user mode which means guest is a regular app accessing the internet the very same way any other app would do, but host is not aware of guest's network.
To get a more advanced setup you must tell qemu to bind virtual ethernet (TAP) devices instead. This would let you create bridged/routed virtual network you can configure pretty much the same way you would configure your lan. |
|
| Back to top |
|
|
umka69
Tux's lil' helper
Joined: 31 Mar 2013
Posts: 124
|
| Posted: Tue Sep 09, 2014 12:52 pm Post subject: |
|
|
Sorry. I need to set own IP address to each VM in my VLAN as well as to the hostnode.
But now network is not achievable from VM at all.
So, TUP/TUN can halp me?
But at first i think usermode must work.
_________________
Make a wish, this text is magic. |
|
| Back to top |
|
|
umka69
Tux's lil' helper
Joined: 31 Mar 2013
Posts: 124
|
| Posted: Tue Sep 09, 2014 6:17 pm Post subject: |
|
|
Ok. I've got TUN/TUP working.
But I cun't access to VM from my VLAN (network of host, my home VLAN) by SSH.
No SSH but it PINGing and i can see it in my router access list.
How to solve it?
_________________
Make a wish, this text is magic.
Last edited by umka69 on Tue Sep 09, 2014 6:28 pm; edited 1 time in total |
|
| Back to top |
|
|
szatox
Advocate
Joined: 27 Aug 2013
Posts: 3489
|
| Posted: Tue Sep 09, 2014 6:28 pm Post subject: |
|
|
| Quote: | | But at first i think usermode must work. |
No, it doesn't. If I get you well, and you want all those VMs to be accessible from the network (no matter what kind of network), user mode networking is NOT wat you want. User mode only allows you call the internet from VM, but not the other way. It does not require any guest-side configuration at all though, as quemu provides guest with dhcpd-based network you can't even see from host's side.
What you do want is runing quemu with parameters binding it to TAP device, for example:
-net nic,macaddr="$MAC1",vlan=1 -net tap,ifname="$IFNAME",script="no",downscript="no",vlan=1
This line assumes yout $IFNAME is already configured host-side TAP device that will be assigned $MAC1 address.
You can also skip the part about scripts and have qemu's own scripts handle that, but this requires you to run qemu as root. Otherwise it won't be able to create TAP.
From this point, you can either go with bridged network (you're going to need brctl for this) or with routed network (iptables is sufficient).
Deppends on what you want to do. Either way will allow you assign a host-visible IP to your VMs
The guest config goes exacly the same way as it would in case of physical machine. E.g. you must run some services you want to use  |
|
| Back to top |
|
|
umka69
Tux's lil' helper
Joined: 31 Mar 2013
Posts: 124
|
| Posted: Tue Sep 09, 2014 8:52 pm Post subject: |
|
|
Thank you! Now it is clear about network.
Guys, for all who need it! Here is useful man to the TUN/TUP approach. http://wiki.gentoo.org/wiki/QEMU/Options
I got SSH from VLAN, but still no VNC. Sorry, I'm quiet noob. 
I'm starting VM with this script:
| Code: | den ~ # cat GentooVM
#!/bin/sh
exec qemu-system-x86_64 \
-enable-kvm \
-boot d \
-cdrom install-amd64-minimal-20140828.iso \
-net tap,ifname=tap0,script=no,downscript=no -net nic,model=virtio \
-cpu host -smp 2 \
-drive file=/root/GentooVM.img,if=virtio \
-m 2G \
-vnc :0 \
-k en-us \
-monitor stdio \
-name "Gentoo VM" \
$@
|
It woks perfect. But no VNC form VLAN.
I'm connecting to "<HOST-IP>:5900". No result. Where is a mistake?
_________________
Make a wish, this text is magic. |
|
| Back to top |
|
|
umka69
Tux's lil' helper
Joined: 31 Mar 2013
Posts: 124
|
| Posted: Wed Sep 10, 2014 1:22 pm Post subject: |
|
|
Ok. The problem with external connection to VNC goes from security configuration.
It could be solved by adding VNC password. It can be made by this option:
| Code: | | qemu-system-x86_64 [...] -vnc :0,password [...] |
QEMU monitor must be started too, so adding an option.
| Code: | | qemu-system-x86_64 [...] -monitor stdio [...] |
Also it is necessary to setup VNC password by monitor command
| Code: | | (qemu) change vnc password |
BUT it is not comfortable to reset password every booting.
Is there another way to set password?
PS: I know about qemu.config but it cause an error.
| Code: | den ~ # sh GentooVM
qemu-system-x86_64:/etc/qemu/qemu.conf:1: no group defined |
| Code: | den ~ # cat GentooVM
#!/bin/sh
exec qemu-system-x86_64 \
-enable-kvm \
-boot d \
-cdrom install-amd64-minimal-20140828.iso \
-net tap,ifname=tap0,script=no,downscript=no -net nic,model=virtio \
-cpu host -smp 2 \
-drive file=/root/GentooVM.img,if=virtio \
-m 2G \
-vnc :0,password \
-k en-us \
-monitor stdio \
-name "Gentoo VM" \
$@
|
| Code: | den ~ # cat /etc/qemu/qemu.conf
vnc_listen = "0.0.0.0"
vnc_password = "PASSWORD"
|
_________________
Make a wish, this text is magic. |
|
| Back to top |
|
|
fargred
n00b
Joined: 19 Oct 2010
Posts: 67
|
| Posted: Wed Sep 10, 2014 3:17 pm Post subject: |
|
|
| SPICE > VNC |
|
| Back to top |
|
|
vaxbrat
l33t
Joined: 05 Oct 2005
Posts: 731
Location: DC Burbs
|
| Posted: Wed Sep 10, 2014 7:32 pm Post subject: one other thing |
|
|
| Your /etc/conf.d/net has the bridge defaulting the spanning tree protocol setting (stp) to "off". This is meant to limit bridge to bridge traffic in larger networks. However it can block certain types of broadcast message traffic between the vm and hosts on another lan segment. For example if you have a dhcp server running in another host as a vm (eg Windows AD domain controller in VM on top of qemu hypervisor), your guest on this host will not be able to use it without stp turned "on" on both hypervisors bridges. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Networking & Security
