Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
qemu guest is client of NFS server on host [SOLVED]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
mounty1
l33t
l33t


Joined: 06 Jul 2006
Posts: 839
Location: Queensland

PostPosted: Sat Jun 05, 2010 4:38 pm    Post subject: qemu guest is client of NFS server on host [SOLVED] Reply with quote

Hello. I am running Gentoo on an Apple Powermac (ppc). This is running qemu with the following command:
Code:
$ qemu -hda linux.img -cdrom vault/install-x86-minimal-2010021.iso -net nic,vlan=0 -net user,vlan=0 -net nic,vlan=1 -net user,vlan=1,net=192.168.2.2/24,host=192.168.2.1
The host is running an NFS server and
cat /etc/exports:
/home/mounty    192.168.2.0/24(ro,async,no_subtree_check,insecure)
. In the guest, I am trying to mount the exported directory:
Code:
$ mkdir /tmp/V
$ mount -o ro 192.168.2.1:/home/mounty /tmp/V
mount.nfs: access denied by server while mounting 192.168.2.1:/home/mounty
Why is access denied ? Changing 192.168.2.0/24 to * (and restarting the server) works but I think access is via vlan0 which I don't want because it's insecure. I want to be able to mount via vlan1 only.
_________________
Michael Mounteney


Last edited by mounty1 on Sun Jun 06, 2010 11:13 am; edited 1 time in total
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 15991

PostPosted: Sat Jun 05, 2010 7:33 pm    Post subject: Reply with quote

Why are you using the user network stack? If you have privilege on the host, which it appears you do, you are better off using a tap device to connect the host and guest. This allows the guest and host to share a private network, giving you much more control over the guest's network access and over how the host sees it. It would also let you turn off the insecure mount option. Use -net tap instead of -net user to do this.
Back to top
View user's profile Send private message
mounty1
l33t
l33t


Joined: 06 Jul 2006
Posts: 839
Location: Queensland

PostPosted: Sun Jun 06, 2010 1:43 am    Post subject: I don't know how Reply with quote

Hu wrote:
Why are you using the user network stack? If you have privilege on the host, which it appears you do, you are better off using a tap device to connect the host and guest. This allows the guest and host to share a private network, giving you much more control over the guest's network access and over how the host sees it. It would also let you turn off the insecure mount option. Use -net tap instead of -net user to do this.
Well, I would like to do what you advise but
qemu -hda linux.img -cdrom vault/install-x86-minimal-20100216.iso -net nic,vlan=0 -net user,vlan=0 -net nic,vlan=1 -net tap,vlan=1:
warning: could not configure /dev/net/tun: no virtual network emulation
qemu: Could not initialize device 'tap'
There are plenty of references to this problem but they all involve running tunctl which I don't have. Can you advise on the next step forwards ?
_________________
Michael Mounteney
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 15991

PostPosted: Sun Jun 06, 2010 2:09 am    Post subject: Reply with quote

Install tunctl. It is in sys-apps/usermode-utilities.
Back to top
View user's profile Send private message
mounty1
l33t
l33t


Joined: 06 Jul 2006
Posts: 839
Location: Queensland

PostPosted: Sun Jun 06, 2010 3:05 am    Post subject: Still stuck Reply with quote

OK, thanks for that. The problem is, as far as I can tell, given a command, there is no general way of knowing what package provides it. I had to use ACCEPT_KEYWORDS="~x86" to install, but tunctl appears to work.

The problem is that no one has reported the situation in Gentoo yet. They are all using Fedora or Ubuntu and appear to be setting up much more complicated arrangements than I want. I already have vlan0 set up to talk to the outside world and want vlan1 just to talk to the host machine, for NFS and X. Surely I don't need all this stuff about bridging ? I am out of my depth here.
_________________
Michael Mounteney
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 15991

PostPosted: Sun Jun 06, 2010 4:56 am    Post subject: Re: Still stuck Reply with quote

mounty1 wrote:
OK, thanks for that. The problem is, as far as I can tell, given a command, there is no general way of knowing what package provides it.
Yes, that is a well known and generally frustrating problem. Unfortunately, since packages can vary what they install based on USE flags and automagic dependencies, building a correct and comprehensive database is quite hard.
mounty1 wrote:
The problem is that no one has reported the situation in Gentoo yet. They are all using Fedora or Ubuntu and appear to be setting up much more complicated arrangements than I want. I already have vlan0 set up to talk to the outside world and want vlan1 just to talk to the host machine, for NFS and X. Surely I don't need all this stuff about bridging?
What situation? You do not need bridging for your configuration. A tap device can be thought of as providing a crossover cable connecting the host and guest, with no other machines able to access that cable. The host can then bridge or NAT the guest if so desired. For your case, that is not needed. Just configure the host and guest with unique IP addresses on their private tap network and export your NFS share to the guest IP address. You can either configure the addresses statically or run a DHCP daemon on the tap device to dynamically configure the guest.
Back to top
View user's profile Send private message
mounty1
l33t
l33t


Joined: 06 Jul 2006
Posts: 839
Location: Queensland

PostPosted: Sun Jun 06, 2010 6:40 am    Post subject: It works ! Reply with quote

Thank you !

Just for others who are looking and hoping to do it the easy way, here's what you do. Here's the qemu command I used:
Code:
$ qemu -hda linux.img -cdrom vault/ubuntu-9.10-desktop-i386.iso -net nic,vlan=0 -net user,vlan=0 -net nic,vlan=1 -net tap,vlan=1,ifname=$(sudo /usr/bin/tunctl -b -u $(whoami)),script=bin/ifup,downscript=bin/ifdown
cat bin/ifup:
#!/bin/sh

sudo /sbin/ifconfig "$1" 192.168.2.1 up
and
cat bin/ifdown:
#!/bin/sh

sudo /sbin/ifconfig "$1" down
cat /etc/exports:
# /etc/exports: NFS file systems being exported.  See exports(5).
/home/mounty    192.168.2.0/24(rw,async,no_subtree_check)
Then when your guest has booted,
Code:
# ifconfig eth1 192.168.2.2
You should then be able to mount, ssh etc. from guest to host.
_________________
Michael Mounteney
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum