View previous topic :: View next topic |
Author |
Message |
lalebarde Guru
Joined: 03 Sep 2006 Posts: 464 Location: France, Haute-Garonne
|
Posted: Sun Sep 02, 2012 9:25 pm Post subject: my kvm guest don't reach the Web |
|
|
Hi all,
Thought I read all of this :
and made numerous trials, I cannot manage to join the network from my xp guest. I have roughly the same configuration than nordic bro in (2), mainly except I use wlan0 with dhcp instead of eth0 with static ip :
Code: | # uname -a
Linux PCCARO 3.3.8-gentoo #16 SMP PREEMPT Sun Sep 2 13:49:27 CEST 2012 x86_64 Intel(R) Core(TM) i7 CPU 870 @ 2.93GHz GenuineIntel GNU/Linux |
Versions : net-firewall/shorewall-4.4.23.2, app-emulation/qemu-kvm-1.1.1-r1
Running : Host (of course), kvm_intel, kvm, tun, guest (windows xp)
Fails : ping guest gateway at 192.168.99.1 or any web server like www.google.fr, http through Internet Explorer. If I stop shorewall, and perform a iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE, repear the guest connection from the windows control panel, nothing is changed.
I launch the guest with : Code: | qemu-kvm -hda /var/virtual/WindowsXP.img -cdrom /dev/cdrom -m 1024 -name xp -net nic,macaddr=00:00:00:00:00:22 -net tap,ifname=qtap0,script=no,downscript=no |
ifconfig : Code: | br0 Link encap:Ethernet HWaddr 52:54:00:12:34:56
inet addr:192.168.99.1 Bcast:192.168.99.255 Mask:255.255.255.0
inet6 addr: fe80::5054:ff:fe12:3456/64 Scope:Link
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:4 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:328 (328.0 B)
eth0 Link encap:Ethernet HWaddr 00:25:64:f3:d0:e6
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:467 errors:0 dropped:0 overruns:0 frame:0
TX packets:467 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:43349 (42.3 KiB) TX bytes:43349 (42.3 KiB)
qtap0 Link encap:Ethernet HWaddr 52:54:00:12:34:56
inet6 addr: fe80::5054:ff:fe12:3456/64 Scope:Link
UP BROADCAST PROMISC MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:5 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
wlan0 Link encap:Ethernet HWaddr 00:e0:4c:82:08:8a
inet addr:192.168.0.101 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::2e0:4cff:fe82:88a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4767 errors:0 dropped:0 overruns:0 frame:0
TX packets:4921 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4598616 (4.3 MiB) TX bytes:655624 (640.2 KiB) |
/etc/resolv.conf : Code: | nameserver 212.27.40.241
nameserver 212.27.40.240 |
/etc/conf.d/net : Code: | dns_domain_lo="MAISON"
bridge_br0="qtap0"
brctl_br0="setfd 0" "stp off"
rc_need_br0="net.qtap0"
config_eth0="192.168.0.99/24"
routes_eth0="default via 192.168.0.1"
dns_servers_eth0="212.27.40.240 212.27.40.241"
config_br0="192.168.99.1/24"
config_qtap0="null"
tuntap_qtap0="tap"
tunctl_qtap0="-u common"
mac_qtap0="52:54:00:12:34:56"
modules="wpa_supplicant"
wpa_supplicant_eth0="-Dwext"
config_wlan0=( "dhcp" ) |
/etc/init.d/kvm - from (1) - just changed br0 IP address and the tap interface name, qtap0 : Code: | #!/sbin/runscript
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
NUM_OF_DEVICES=1
USERID="common"
depend() {
need net
}
start() {
ebegin "Loading the kvm module"
/sbin/modprobe kvm
eend $? "Failed to load the kvm module"
ebegin "Loading the kvm_intel module"
/sbin/modprobe kvm_intel
eend $? "Failed to load the kvm_intel module"
ebegin "Loading the tun module"
/sbin/modprobe tun
eend $? "Failed to load the tun module"
ebegin "Setting up the bridge device (br0)"
/sbin/brctl addbr br0
/sbin/ifconfig br0 192.168.99.1 netmask 255.255.255.0 up
eend $? "Failed to create the bridge interface"
for ((i=0; i < NUM_OF_DEVICES; i++)); do
ebegin "Setting up the tap interface: qtap$i"
/usr/bin/tunctl -b -u $USERID -t qtap$i >/dev/null
eend $? "Failed to create the tap interface: qtap$i"
ebegin "Linking the bridge interface with qtap$i"
/sbin/brctl addif br0 qtap$i
eend $? "Failed to link the bridge interface to qtap$i"
ebegin "Bring qtap$i interface up"
/sbin/ifconfig qtap$i up 0.0.0.0 promisc
eend $? "Failed to bring qtap$i up"
done
ebegin "Allowing Internet access"
echo "1" > /proc/sys/net/ipv4/ip_forward
eend $? "Failed to allow forwarding"
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
eend $? "Failed to allow masquerade (eth0)"
eend 0
}
stop() {
for ((i=0; i < NUM_OF_DEVICES; i++)); do
ebegin "Bring qtap$i interface down"
/sbin/ifconfig qtap$i down
eend $? "Failed to bring qtap$i down"
ebegin "Unlinking the bridge interface with qtap$i"
/sbin/brctl delif br0 qtap$i
eend $? "Failed to unlink the bridge interface to qtap$i"
ebegin "Removing the tap interface: qtap$i"
/usr/bin/tunctl -d qtap$i >/dev/null
eend $? "Failed to remove the tap interface: qtap$i"
done
ebegin "Stopping the bridge device (br0)"
/sbin/ifconfig br0 down
/sbin/brctl delbr br0
eend $? "Failed to stop the bridge interface"
ebegin "Unloading the tun module"
/sbin/modprobe -r tun
eend $? "Failed to unload the tun module"
ebegin "Unloading the kvm_intel module"
/sbin/modprobe -r kvm_intel
eend $? "Failed to unload the kvm_intel module"
ebegin "Unloading the kvm module"
/sbin/modprobe -r kvm
eend $? "Failed to unload the kvm module"
ebegin "Stopping Internet access"
echo "0" > /proc/sys/net/ipv4/ip_forward
eend $? "Failed to cancel forwarding"
iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE
eend $? "Failed to remove masquerade (eth0)"
eend 0
}
restart() {
stop
start
} |
/etc/init.d/bridge_forward - from (1) : Code: | #!/sbin/runscript
# Copyright 1999-2012 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $
depend() {
need net.br0
}
start() {
ebegin "Turning on forwarding for bridge interface"
/sbin/sysctl net.ipv4.conf.br0.forwarding=1 >/dev/null 2>&1
eend $?
}
stop() {
ebegin "Turning off forwarding for bridge interface"
/sbin/sysctl net.ipv4.conf.br0.forwarding=0 >/dev/null 2>&1
eend $?
}
restart() {
stop
start
} |
/etc/sysctl.conf - from (1) : Code: | net.ipv4.ip_forward = 0
net.ipv4.conf.default.rp_filter = 1
net.ipv4.conf.all.rp_filter = 1
net.bridge.bridge-nf-call-arptables=0
net.bridge.bridge-nf-call-iptables=0
net.bridge.bridge-nf-call-ip6tables=0 |
rc-update show : Code: | acpid | default
alsasound | boot
bootmisc | boot
bridge_forward | default
consolefont | boot
cupsd | default
dbus | default
devfs | sysinit
dmesg | sysinit
fsck | boot
gpm | default
hddtemp | default
hostname | boot
hwclock | boot
keymaps | boot
killprocs | shutdown
kvm | default
local | default
localmount | boot
modules | boot
mount-ro | shutdown
mtab | boot
net.eth0 | default
net.lo | boot
net.wlan0 | default
netmount | default
ntpd | default
procfs | boot
root | boot
savecache | shutdown
shorewall | default
swap | boot
sysctl | boot
syslog-ng | default
termencoding | boot
udev | sysinit
udev-postmount | default
urandom | boot
vixie-cron | default
wicd | default
xdm | default |
I also tried after having suppressed eth0 and wlan0 since they are re-created thanks to dependencies, but it changes nothing, thought it may be more clean.
/etc/conf.d/modules : Code: | modules="tg3"
modules="usblp"
modules="coretemp" |
On the guest :
IP : 192.168.99.20
Mask : 255.255.255.0
Gateway : 192.168.99.1 |
|
Back to top |
|
|
_______0 Guru
Joined: 15 Oct 2012 Posts: 521
|
Posted: Mon Oct 15, 2012 6:12 pm Post subject: still there?? |
|
|
undo ALL crap u did, networking, etc. And with a clean, normal and proper net config on the host start ur vm like dis:
qemu-kvm -hda /var/virtual/WindowsXP.img -m 1G
bingo! intrawebz automagically working! |
|
Back to top |
|
|
Mad Merlin Veteran
Joined: 09 May 2005 Posts: 1155
|
Posted: Mon Oct 15, 2012 11:21 pm Post subject: |
|
|
You say you're using wlan0 for your network connection, but your iptables rule is natting out to eth0 (and I see 0 bytes in and out on eth0, so I can only assume it's not plugged in).
In your /etc/init.d/kvm script try changing this to wlan0 instead of eth0:
Code: |
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
eend $? "Failed to allow masquerade (eth0)"
|
_________________ Game! - Where the stick is mightier than the sword! |
|
Back to top |
|
|
lalebarde Guru
Joined: 03 Sep 2006 Posts: 464 Location: France, Haute-Garonne
|
Posted: Sun Nov 04, 2012 7:08 pm Post subject: |
|
|
Thanks Mad Merlin, and sorry to answer so late.
YES, I have replaced now eth0 by wlan0 - what have happenned is that I moved my box and my eth0 is not available anymore - I had to buy a wifi interface - and of course, I forgot to adapt my script.
Still it does not work.
Studying details, I read from the tunctl man pages that : Quote: | -p
Create a TAP type interface with Ethernet header. Automatically selected if the desired interface starts with "tap" or if no interface name is given. | I assume this has importance since the last tuto I got information from use tap0 and not qtap0 (from other tuto).
Still it does not work.
Additional information : Code: | iptables -t nat -L
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
Chain INPUT (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain POSTROUTING (policy ACCEPT)
target prot opt source destination
eth0_masq all -- anywhere anywhere
wlan0_masq all -- anywhere anywhere
MASQUERADE all -- anywhere anywhere
Chain eth0_masq (1 references)
target prot opt source destination
MASQUERADE all -- 192.168.99.0/24 anywhere
Chain wlan0_masq (1 references)
target prot opt source destination
MASQUERADE all -- 192.168.99.0/24 anywhere |
|
|
Back to top |
|
|
cach0rr0 Bodhisattva
Joined: 13 Nov 2008 Posts: 4123 Location: Houston, Republic of Texas
|
Posted: Sun Nov 04, 2012 10:16 pm Post subject: |
|
|
in your host's /etc/conf.d/net, you only have qtap0 added to the bridge
which is not correct
the bridge should have both qtap0 *and* your actual NIC (eth0, wlan0, whichever)
that assumes your wireless NIC supports bridging - some do not.
have a look at my config here to see a working example _________________ Lost configuring your system?
dump lspci -n here | see Pappy's guide | Link Stash |
|
Back to top |
|
|
lalebarde Guru
Joined: 03 Sep 2006 Posts: 464 Location: France, Haute-Garonne
|
Posted: Mon Nov 05, 2012 8:46 am Post subject: |
|
|
Thanks a lot for your answer cach0rr0,
cach0rr0 wrote: | in your host's /etc/conf.d/net, you only have qtap0 added to the bridge which is not correct the bridge should have both qtap0 *and* your actual NIC (eth0, wlan0, whichever) |
This is because I want to use MASQUERADE, as explained [url="http://en.gentoo-wiki.com/wiki/KVM#Enabling_the_access_to_Internet"]here[/url]. When I compare direct linking with masquerading, the first use bridge_br0="eth0 tap0" and the second bridge_br0="tap0". My understanding is that masquerading stealves tap0 with some netfilter magic so the link between eth0/wlan0 and tap0 does not appear in the net configuration. BTW, if you can post me a link that explains the internals of MASQUARADE, I am interested. I am very puzzled with how it works.
I made two things and now my VM can access the web :
1) change brctl_br0="setfd 0" "stp off" to brctl_br0="setfd 0 sethello 0 stp off"
2) remove shorewall, set all policies to ACCEPT in netfilter
I am not sure which one made it work..... I will come back and EDIT.
So, here is my full working configuration and call command :
Code: | # cat /etc/conf.d/net | nocomment
dns_domain_lo="MAISON"
bridge_br0="tap0"
brctl_br0="setfd 0 sethello 0 stp off"
rc_need_br0="net.tap0"
config_eth0="192.168.0.99/24"
routes_eth0="default via 192.168.0.1"
dns_servers_eth0="212.27.40.240 212.27.40.241"
config_br0="192.168.99.1/24"
config_tap0="null"
tuntap_tap0="tap"
tunctl_tap0="-u common"
mac_tap0="52:54:00:12:34:56"
modules="wpa_supplicant"
wpa_supplicant_eth0="-Dwext"
config_wlan0=( "dhcp" ) |
Code: | # cat /etc/init.d/kvm | nocomment | grep -v ebegin | grep -v eend
NUM_OF_DEVICES=1
USERID="common"
DEV="wlan0"
depend() {
need net
}
start() {
/sbin/modprobe kvm
/sbin/modprobe kvm_intel
/sbin/modprobe tun
/sbin/brctl addbr br0
/sbin/ifconfig br0 192.168.99.1 netmask 255.255.255.0 up
for ((i=0; i < NUM_OF_DEVICES; i++)); do
/usr/bin/tunctl -b -u $USERID -t tap$i >/dev/null
/sbin/brctl addif br0 tap$i
/sbin/ifconfig tap$i up 0.0.0.0 promisc
done
echo "1" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A POSTROUTING -o $DEV -j MASQUERADE
}
stop() {
for ((i=0; i < NUM_OF_DEVICES; i++)); do
/sbin/ifconfig tap$i down
/sbin/brctl delif br0 tap$i
/usr/bin/tunctl -d tap$i >/dev/null
done
/sbin/ifconfig br0 down
/sbin/brctl delbr br0
/sbin/modprobe -r tun
/sbin/modprobe -r kvm_intel
/sbin/modprobe -r kvm
echo "0" > /proc/sys/net/ipv4/ip_forward
iptables -t nat -D POSTROUTING -o $DEV -j MASQUERADE
}
restart() {
stop
start
} |
Code: | # ifconfig
br0 Link encap:Ethernet HWaddr 0e:b0:98:70:ad:2f
inet addr:192.168.99.1 Bcast:192.168.99.255 Mask:255.255.255.0
inet6 addr: fe80::6495:9aff:fe42:e6c6/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:7413 errors:0 dropped:0 overruns:0 frame:0
TX packets:10056 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:457416 (446.6 KiB) TX bytes:14418532 (13.7 MiB)
eth0 Link encap:Ethernet HWaddr 00:25:64:f3:d0:e6
UP BROADCAST MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
Interrupt:17
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:16436 Metric:1
RX packets:5580 errors:0 dropped:0 overruns:0 frame:0
TX packets:5580 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:452919 (442.3 KiB) TX bytes:452919 (442.3 KiB)
tap0 Link encap:Ethernet HWaddr 0e:b0:98:70:ad:2f
inet6 addr: fe80::cb0:98ff:fe70:ad2f/64 Scope:Link
UP BROADCAST RUNNING PROMISC MULTICAST MTU:1500 Metric:1
RX packets:7413 errors:0 dropped:0 overruns:0 frame:0
TX packets:10071 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:500
RX bytes:561198 (548.0 KiB) TX bytes:14419418 (13.7 MiB)
wlan0 Link encap:Ethernet HWaddr 00:e0:4c:82:08:8a
inet addr:192.168.0.100 Bcast:192.168.0.255 Mask:255.255.255.0
inet6 addr: fe80::2e0:4cff:fe82:88a/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:20184 errors:0 dropped:0 overruns:0 frame:0
TX packets:18426 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:23615078 (22.5 MiB) TX bytes:2833311 (2.7 MiB) |
In a user common shell : Code: | $ qemu-kvm -hda /var/virtual/WindowsXP.img -cdrom /dev/cdrom -m 1024 -name xp -net nic,macaddr=00:00:00:00:00:22 -net tap,ifname=tap0,script=no,downscript=no |
After a xhost + in my own shell to accept X requests from the user common.
I have now and again to study netfilter to have a working configuration. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
|