Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
my kvm guest don't reach the Web
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
lalebarde
Guru
Guru


Joined: 03 Sep 2006
Posts: 464
Location: France, Haute-Garonne

PostPosted: Sun Sep 02, 2012 9:25 pm    Post subject: my kvm guest don't reach the Web Reply with quote

Hi all,

Thought I read all of this :



and made numerous trials, I cannot manage to join the network from my xp guest. I have roughly the same configuration than nordic bro in (2), mainly except I use wlan0 with dhcp instead of eth0 with static ip :

Code:
# uname -a
Linux PCCARO 3.3.8-gentoo #16 SMP PREEMPT Sun Sep 2 13:49:27 CEST 2012 x86_64 Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz GenuineIntel GNU/Linux


Versions : net-firewall/shorewall-4.4.23.2, app-emulation/qemu-kvm-1.1.1-r1

Running : Host (of course), kvm_intel, kvm, tun, guest (windows xp)

Fails : ping guest gateway at 192.168.99.1 or any web server like www.google.fr, http through Internet Explorer. If I stop shorewall, and perform a iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE, repear the guest connection from the windows control panel, nothing is changed.

I launch the guest with :
Code:
qemu-kvm -hda /var/virtual/WindowsXP.img -cdrom /dev/cdrom -m 1024 -name xp -net nic,macaddr=00:00:00:00:00:22 -net tap,ifname=qtap0,script=no,downscript=no


ifconfig :
Code:
br0       Link encap:Ethernet  HWaddr 52:54:00:12:34:56 
          inet addr:192.168.99.1  Bcast:192.168.99.255  Mask:255.255.255.0
          inet6 addr: fe80::5054:ff:fe12:3456/64 Scope:Link
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:0 (0.0 B)  TX bytes:328 (328.0 B)

eth0      Link encap:Ethernet  HWaddr 00:25:64:f3:d0:e6 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:17

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:467 errors:0 dropped:0 overruns:0 frame:0
          TX packets:467 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:43349 (42.3 KiB)  TX bytes:43349 (42.3 KiB)

qtap0     Link encap:Ethernet  HWaddr 52:54:00:12:34:56 
          inet6 addr: fe80::5054:ff:fe12:3456/64 Scope:Link
          UP BROADCAST PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:5 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

wlan0     Link encap:Ethernet  HWaddr 00:e0:4c:82:08:8a 
          inet addr:192.168.0.101  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:4cff:fe82:88a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:4767 errors:0 dropped:0 overruns:0 frame:0
          TX packets:4921 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:4598616 (4.3 MiB)  TX bytes:655624 (640.2 KiB)


/etc/resolv.conf :
Code:
nameserver 212.27.40.241
nameserver 212.27.40.240


/etc/conf.d/net :
Code:
dns_domain_lo="MAISON"
bridge_br0="qtap0"
brctl_br0="setfd 0" "stp off"
rc_need_br0="net.qtap0"
config_eth0="192.168.0.99/24"
routes_eth0="default via 192.168.0.1"
dns_servers_eth0="212.27.40.240 212.27.40.241"
config_br0="192.168.99.1/24"
config_qtap0="null"
tuntap_qtap0="tap"
tunctl_qtap0="-u common"
mac_qtap0="52:54:00:12:34:56"
modules="wpa_supplicant"
wpa_supplicant_eth0="-Dwext"
config_wlan0=( "dhcp" )


/etc/init.d/kvm - from (1) - just changed br0 IP address and the tap interface name, qtap0 :
Code:
#!/sbin/runscript
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
NUM_OF_DEVICES=1
USERID="common"

depend() {
        need net
}

start() {
        ebegin "Loading the kvm module"
        /sbin/modprobe kvm
        eend $? "Failed to load the kvm module"
        ebegin "Loading the kvm_intel module"
        /sbin/modprobe kvm_intel
        eend $? "Failed to load the kvm_intel module"
        ebegin "Loading the tun module"
        /sbin/modprobe tun
        eend $? "Failed to load the tun module"
        ebegin "Setting up the bridge device (br0)"
        /sbin/brctl addbr br0
        /sbin/ifconfig br0 192.168.99.1 netmask 255.255.255.0 up
        eend $? "Failed to create the bridge interface"
        for ((i=0; i < NUM_OF_DEVICES; i++)); do
                ebegin "Setting up the tap interface: qtap$i"
                /usr/bin/tunctl -b -u $USERID -t qtap$i >/dev/null
                eend $? "Failed to create the tap interface: qtap$i"
                ebegin "Linking the bridge interface with qtap$i"
                /sbin/brctl addif br0 qtap$i
                eend $? "Failed to link the bridge interface to qtap$i"
                ebegin "Bring qtap$i interface up"
                /sbin/ifconfig qtap$i up 0.0.0.0 promisc
                eend $? "Failed to bring qtap$i up"
        done
        ebegin "Allowing Internet access"
        echo "1" > /proc/sys/net/ipv4/ip_forward
        eend $? "Failed to allow forwarding"
        iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
        eend $? "Failed to allow masquerade (eth0)"
        eend 0
}

stop() {
        for ((i=0; i < NUM_OF_DEVICES; i++)); do
                ebegin "Bring qtap$i interface down"
                /sbin/ifconfig qtap$i down
                eend $? "Failed to bring qtap$i down"
                ebegin "Unlinking the bridge interface with qtap$i"
                /sbin/brctl delif br0 qtap$i
                eend $? "Failed to unlink the bridge interface to qtap$i"
                ebegin "Removing the tap interface: qtap$i"
                /usr/bin/tunctl -d qtap$i >/dev/null
                eend $? "Failed to remove the tap interface: qtap$i"
        done
        ebegin "Stopping the bridge device (br0)"
        /sbin/ifconfig br0 down
        /sbin/brctl delbr br0
        eend $? "Failed to stop the bridge interface"
        ebegin "Unloading the tun module"
        /sbin/modprobe -r tun
        eend $? "Failed to unload the tun module"
        ebegin "Unloading the kvm_intel module"
        /sbin/modprobe -r kvm_intel
        eend $? "Failed to unload the kvm_intel module"
        ebegin "Unloading the kvm module"
        /sbin/modprobe -r kvm
        eend $? "Failed to unload the kvm module"
        ebegin "Stopping Internet access"
        echo "0" > /proc/sys/net/ipv4/ip_forward
        eend $? "Failed to cancel forwarding"
        iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
        eend $? "Failed to remove masquerade (eth0)"
        eend 0
}

restart() {
        stop
        start
}


/etc/init.d/bridge_forward - from (1) :
Code:
#!/sbin/runscript
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

depend() {
        need net.br0
}

start() {
        ebegin "Turning on forwarding for bridge interface"
        /sbin/sysctl net.ipv4.conf.br0.forwarding=1 >/dev/null 2>&1
        eend $?
}

stop() {
        ebegin "Turning off forwarding for bridge interface"
        /sbin/sysctl net.ipv4.conf.br0.forwarding=0 >/dev/null 2>&1
        eend $?
}

restart() {
        stop
        start
}


/etc/sysctl.conf - from (1) :
Code:
net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.bridge.bridge-nf-call-arptables=0
net.bridge.bridge-nf-call-iptables=0
net.bridge.bridge-nf-call-ip6tables=0


rc-update show :
Code:
                acpid |      default                 
            alsasound | boot                         
             bootmisc | boot                         
       bridge_forward |      default                 
          consolefont | boot                         
                cupsd |      default                 
                 dbus |      default                 
                devfs |                       sysinit
                dmesg |                       sysinit
                 fsck | boot                         
                  gpm |      default                 
              hddtemp |      default                 
             hostname | boot                         
              hwclock | boot                         
              keymaps | boot                         
            killprocs |              shutdown       
                  kvm |      default                 
                local |      default                 
           localmount | boot                         
              modules | boot                         
             mount-ro |              shutdown       
                 mtab | boot                         
             net.eth0 |      default                 
               net.lo | boot                         
            net.wlan0 |      default                 
             netmount |      default                 
                 ntpd |      default                 
               procfs | boot                         
                 root | boot                         
            savecache |              shutdown       
            shorewall |      default                 
                 swap | boot                         
               sysctl | boot                         
            syslog-ng |      default                 
         termencoding | boot                         
                 udev |                       sysinit
       udev-postmount |      default                 
              urandom | boot                         
           vixie-cron |      default                 
                 wicd |      default                 
                  xdm |      default       

I also tried after having suppressed eth0 and wlan0 since they are re-created thanks to dependencies, but it changes nothing, thought it may be more clean.

/etc/conf.d/modules :
Code:
modules="tg3"
modules="usblp"
modules="coretemp"


On the guest :
IP : 192.168.99.20
Mask : 255.255.255.0
Gateway : 192.168.99.1
Back to top
View user's profile Send private message
_______0
Guru
Guru


Joined: 15 Oct 2012
Posts: 521

PostPosted: Mon Oct 15, 2012 6:12 pm    Post subject: still there?? Reply with quote

undo ALL crap u did, networking, etc. And with a clean, normal and proper net config on the host start ur vm like dis:

qemu-kvm -hda /var/virtual/WindowsXP.img -m 1G

bingo! intrawebz automagically working!
Back to top
View user's profile Send private message
Mad Merlin
Veteran
Veteran


Joined: 09 May 2005
Posts: 1155

PostPosted: Mon Oct 15, 2012 11:21 pm    Post subject: Reply with quote

You say you're using wlan0 for your network connection, but your iptables rule is natting out to eth0 (and I see 0 bytes in and out on eth0, so I can only assume it's not plugged in).

In your /etc/init.d/kvm script try changing this to wlan0 instead of eth0:

Code:

iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
eend $? "Failed to allow masquerade (eth0)"

_________________
Game! - Where the stick is mightier than the sword!
Back to top
View user's profile Send private message
lalebarde
Guru
Guru


Joined: 03 Sep 2006
Posts: 464
Location: France, Haute-Garonne

PostPosted: Sun Nov 04, 2012 7:08 pm    Post subject: Reply with quote

Thanks Mad Merlin, and sorry to answer so late.

:oops: YES, I have replaced now eth0 by wlan0 - what have happenned is that I moved my box and my eth0 is not available anymore - I had to buy a wifi interface - and of course, I forgot to adapt my script.

Still it does not work.

Studying details, I read from the tunctl man pages that :
Quote:
-p

Create a TAP type interface with Ethernet header. Automatically selected if the desired interface starts with "tap" or if no interface name is given.
I assume this has importance since the last tuto I got information from use tap0 and not qtap0 (from other tuto).

Still it does not work.

Additional information :
Code:
iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
eth0_masq  all  --  anywhere             anywhere           
wlan0_masq  all  --  anywhere             anywhere           
MASQUERADE  all  --  anywhere             anywhere           

Chain eth0_masq (1 references)
target     prot opt source               destination         
MASQUERADE  all  --  192.168.99.0/24      anywhere           

Chain wlan0_masq (1 references)
target     prot opt source               destination         
MASQUERADE  all  --  192.168.99.0/24      anywhere       
Back to top
View user's profile Send private message
cach0rr0
Bodhisattva
Bodhisattva


Joined: 13 Nov 2008
Posts: 4123
Location: Houston, Republic of Texas

PostPosted: Sun Nov 04, 2012 10:16 pm    Post subject: Reply with quote

in your host's /etc/conf.d/net, you only have qtap0 added to the bridge

which is not correct

the bridge should have both qtap0 *and* your actual NIC (eth0, wlan0, whichever)

that assumes your wireless NIC supports bridging - some do not.

have a look at my config here to see a working example
_________________
Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash
Back to top
View user's profile Send private message
lalebarde
Guru
Guru


Joined: 03 Sep 2006
Posts: 464
Location: France, Haute-Garonne

PostPosted: Mon Nov 05, 2012 8:46 am    Post subject: Reply with quote

Thanks a lot for your answer cach0rr0,

cach0rr0 wrote:
in your host's /etc/conf.d/net, you only have qtap0 added to the bridge which is not correct the bridge should have both qtap0 *and* your actual NIC (eth0, wlan0, whichever)

This is because I want to use MASQUERADE, as explained [url="http://en.gentoo-wiki.com/wiki/KVM#Enabling_the_access_to_Internet"]here[/url]. When I compare direct linking with masquerading, the first use bridge_br0="eth0 tap0" and the second bridge_br0="tap0". My understanding is that masquerading stealves tap0 with some netfilter magic so the link between eth0/wlan0 and tap0 does not appear in the net configuration. BTW, if you can post me a link that explains the internals of MASQUARADE, I am interested. I am very puzzled with how it works.

I made two things and now my VM can access the web :

1) change brctl_br0="setfd 0" "stp off" to brctl_br0="setfd 0 sethello 0 stp off"
2) remove shorewall, set all policies to ACCEPT in netfilter

I am not sure which one made it work..... I will come back and EDIT.

So, here is my full working configuration and call command :

Code:
# cat /etc/conf.d/net | nocomment
dns_domain_lo="MAISON"
bridge_br0="tap0"
brctl_br0="setfd 0 sethello 0 stp off"
rc_need_br0="net.tap0"
config_eth0="192.168.0.99/24"
routes_eth0="default via 192.168.0.1"
dns_servers_eth0="212.27.40.240 212.27.40.241"
config_br0="192.168.99.1/24"
config_tap0="null"
tuntap_tap0="tap"
tunctl_tap0="-u common"
mac_tap0="52:54:00:12:34:56"
modules="wpa_supplicant"
wpa_supplicant_eth0="-Dwext"
config_wlan0=( "dhcp" )

Code:
# cat /etc/init.d/kvm | nocomment | grep -v ebegin | grep -v eend
NUM_OF_DEVICES=1
USERID="common"
DEV="wlan0"
depend() {
        need net
}
start() {
        /sbin/modprobe kvm
        /sbin/modprobe kvm_intel
        /sbin/modprobe tun
        /sbin/brctl addbr br0
        /sbin/ifconfig br0 192.168.99.1 netmask 255.255.255.0 up
        for ((i=0; i < NUM_OF_DEVICES; i++)); do
                /usr/bin/tunctl -b -u $USERID -t tap$i >/dev/null
                /sbin/brctl addif br0 tap$i
                /sbin/ifconfig tap$i up 0.0.0.0 promisc
        done
        echo "1" > /proc/sys/net/ipv4/ip_forward
        iptables -t nat -A POSTROUTING -o $DEV -j MASQUERADE
}
stop() {
        for ((i=0; i < NUM_OF_DEVICES; i++)); do
                /sbin/ifconfig tap$i down
                /sbin/brctl delif br0 tap$i
                /usr/bin/tunctl -d tap$i >/dev/null
        done
        /sbin/ifconfig br0 down
        /sbin/brctl delbr br0
        /sbin/modprobe -r tun
        /sbin/modprobe -r kvm_intel
        /sbin/modprobe -r kvm
        echo "0" > /proc/sys/net/ipv4/ip_forward
        iptables -t nat -D POSTROUTING -o $DEV -j MASQUERADE
}
restart() {
        stop
        start
}

Code:
# ifconfig
br0       Link encap:Ethernet  HWaddr 0e:b0:98:70:ad:2f 
          inet addr:192.168.99.1  Bcast:192.168.99.255  Mask:255.255.255.0
          inet6 addr: fe80::6495:9aff:fe42:e6c6/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:7413 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10056 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:457416 (446.6 KiB)  TX bytes:14418532 (13.7 MiB)

eth0      Link encap:Ethernet  HWaddr 00:25:64:f3:d0:e6 
          UP BROADCAST MULTICAST  MTU:1500  Metric:1
          RX packets:0 errors:0 dropped:0 overruns:0 frame:0
          TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)
          Interrupt:17

lo        Link encap:Local Loopback 
          inet addr:127.0.0.1  Mask:255.0.0.0
          inet6 addr: ::1/128 Scope:Host
          UP LOOPBACK RUNNING  MTU:16436  Metric:1
          RX packets:5580 errors:0 dropped:0 overruns:0 frame:0
          TX packets:5580 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:0
          RX bytes:452919 (442.3 KiB)  TX bytes:452919 (442.3 KiB)

tap0      Link encap:Ethernet  HWaddr 0e:b0:98:70:ad:2f 
          inet6 addr: fe80::cb0:98ff:fe70:ad2f/64 Scope:Link
          UP BROADCAST RUNNING PROMISC MULTICAST  MTU:1500  Metric:1
          RX packets:7413 errors:0 dropped:0 overruns:0 frame:0
          TX packets:10071 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:500
          RX bytes:561198 (548.0 KiB)  TX bytes:14419418 (13.7 MiB)

wlan0     Link encap:Ethernet  HWaddr 00:e0:4c:82:08:8a 
          inet addr:192.168.0.100  Bcast:192.168.0.255  Mask:255.255.255.0
          inet6 addr: fe80::2e0:4cff:fe82:88a/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:20184 errors:0 dropped:0 overruns:0 frame:0
          TX packets:18426 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:23615078 (22.5 MiB)  TX bytes:2833311 (2.7 MiB)

In a user common shell :
Code:
$ qemu-kvm -hda /var/virtual/WindowsXP.img -cdrom /dev/cdrom -m 1024 -name xp -net nic,macaddr=00:00:00:00:00:22 -net tap,ifname=tap0,script=no,downscript=no


After a xhost + in my own shell to accept X requests from the user common.


I have now and again to study netfilter to have a working configuration.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum