Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
QEMU (winxp) + wireless + tap ?
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
xaviermiller
Administrator
Administrator


Joined: 23 Jul 2004
Posts: 8039
Location: ~Brussels - Belgique

PostPosted: Mon Sep 15, 2014 5:18 pm    Post subject: QEMU (winxp) + wireless + tap ? Reply with quote

Hello,

I have QEMU running a Windows XP VM. It can access to internet, but I would like to access to it from my Gentoo host, and vice-versa.

The difficult thing is that the working physical network interface is wireless and I've read bridging cannot be done with wireless interfaces.

I don't find a simple HOWTO on that subject... how can I achieve this ?

I've tried by creating a tap interface for my user, but without luck...

For now, my QEMU command-line is:
Code:
#!/bin/sh
ROOT=/data/winxp

export SPICE_PORT=5924
qemu-system-i386 \
   -smp 2 \
   -daemonize \
   -enable-kvm \
        -cpu host \
        -drive file=${ROOT}/WindowsVM.img,if=virtio \
        -net nic,model=rtl8139 -net user,hostname=windowsvm \
   -smb /data \
        -m 2G \
        -name Windows \
   -vga qxl \
   -spice port=${SPICE_PORT},disable-ticketing \
   -usbdevice tablet \
   -device virtio-serial \
   -chardev spicevmc,id=vdagent,name=vdagent \
   -device virtserialport,chardev=vdagent,name=com.redhat.spice.0 \
   -rtc base=localtime \
        "$@"

exec spicec --title "QEMU - Windows XP" -h localhost -p ${SPICE_PORT}

_________________
Kind regards,
Xavier Miller
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1753

PostPosted: Mon Sep 15, 2014 8:59 pm    Post subject: Reply with quote

this topic is poping again and again and again, one of those was like last week.
Anyway, don't use usermode networking. Go for bridge instead.

Long time ago I wrote a launcher like this. I don't say it's perfect, but it does what I wanted it to do.

Code:
#! /bin/bash

# HELP: This script is intended to be ran by user with limited priviliges.
# HELP: User must be allowed to run 'sudo tunctl', 'sudo brctl' and 'sudo ifconfig' in order to work.
# HELP: Intended invocation of this script is:
# HELP: "cmd=<params you want to append to qemu command line> <THIS FILE'S NAME> <virtual machines name> [name of the bridge to bind]"
# HELP: Multiple bridges are allowed. Bridges must already exist and be configured before this script is started (e.g. configured by init scripts).
# HELP: Feel free to edit contents of "static_params" near the end of this file to define set of options you want always active.

# FUNCTIONS

add_ifaces ()
{
i=1
USER=$(whoami)
while [ ${#1} -gt 0 ]
   do sudo /usr/bin/tunctl -u $USER -t "${name}-${i}" > /dev/null
   sudo /sbin/brctl addif $1 "${name}-${i}" > /dev/null
   sudo /bin/ifconfig "${name}-${i}" up promisc > /dev/null
   params="${params} -net nic,macaddr=$( printf 'DE:AD:BE:EF:%02X:%02X\n' $((RANDOM%256)) $((RANDOM%256)) ),vlan=$i -net tap,ifname=$name-$i,script=no,downscript=no,vlan=$i"
   shift
   i=$(($i+1))
done
echo $params
}

del_ifaces ()
{
i=1
while [ ${#1} -gt 0 ]
        do sudo /bin/ifconfig "${name}-${i}" down > /dev/null
        sudo /sbin/brctl delif $1 "${name}-${i}" > /dev/null
        sudo /usr/bin/tunctl -d "${name}-${i}" > /dev/null
        shift
        i=$(($i+1))
done
}

main ()
{
name=$1
shift
bridges="$@"
networking="$(add_ifaces ${bridges})"
RUN="qemu-system-x86_64 -name ${name} ${static_params} ${networking} ${cmd}"
echo starting machine $name with command
echo $RUN
$RUN
del_ifaces ${bridges}
}

static_params="-enable-kvm"
main $@
Back to top
View user's profile Send private message
xaviermiller
Administrator
Administrator


Joined: 23 Jul 2004
Posts: 8039
Location: ~Brussels - Belgique

PostPosted: Mon Sep 15, 2014 9:49 pm    Post subject: Reply with quote

Thanks, I will take a look at your script :)
_________________
Kind regards,
Xavier Miller
Back to top
View user's profile Send private message
xaviermiller
Administrator
Administrator


Joined: 23 Jul 2004
Posts: 8039
Location: ~Brussels - Belgique

PostPosted: Tue Sep 16, 2014 5:24 pm    Post subject: Reply with quote

OK, the tap interface is created and the bridge, but I don't see how to patch all that stuff to the physical network...

For now, I don't see good explanations on how to achieve it; I see only mantras and magical stuff that don't work in my case.
_________________
Kind regards,
Xavier Miller
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1753

PostPosted: Tue Sep 16, 2014 6:57 pm    Post subject: Reply with quote

ok, so there are 2 ways to do it. Bridged network and routed network.
I'm using routed network, which goes exacly the same way you would follow to use your VM host as LAN router. This means, simply enable IP forwarding in kernel and set iptables rules for forwarding
you can enable forwarding in runtime using sysctl. To make it permament make sure you have such a line:
Quote:
# grep forward /etc/sysctl.conf
net.ipv4.ip_forward = 1

Allow forwarding on firewall (unless you use policy accept)
Quote:

# iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
# iptables -A FORWARD -i vn0 -j ACCEPT

vn0 is my VirtualNetwork0 bridge

You might also need address translation:
Quote:
# iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE

eth0 obviously is the connection to the outer world

The other way, birdged networking goes like this:
Quote:
# brctl addif vn0 eth0

This way your VM host will act as a network switch.

Obviously you can just as well go for both ways at the same time if you want. Bridge yor physical LAN with VMLAN and route it to WAN :]

Tips and tricks:
* some programs might listen on vn0, eth0, tap0, and a few other interfaces stuffed together and missbehave due to the same packets arriving on multiple devices. You might want to bind those programs to bridge only.
* if you have dhcpd, make it depend on bridge rather than physical/tap devices. This will let you start dhcpd even if ethernet/wifi is not configured yet and VMs are not running. This will laso allow you share IP pool between physical segments.

Is it not magic enough to work for you? :D
Back to top
View user's profile Send private message
xaviermiller
Administrator
Administrator


Joined: 23 Jul 2004
Posts: 8039
Location: ~Brussels - Belgique

PostPosted: Tue Sep 16, 2014 7:22 pm    Post subject: Reply with quote

Yeah, but adding a wirelss interface to br0 won't work...
_________________
Kind regards,
Xavier Miller
Back to top
View user's profile Send private message
szatox
Veteran
Veteran


Joined: 27 Aug 2013
Posts: 1753

PostPosted: Tue Sep 16, 2014 8:19 pm    Post subject: Reply with quote

Code:
# brctl show
bridge name   bridge id       STP enabled   interfaces
br0       8000.000000000000   no      
lan0      8000.00e04ceb8d77   no            eth1
                                            wlan0
tmp0      8000.000000000000   no      
vn0       8000.000000000000   no      

# grep -v '^[[:space:]]*#\|^$' /etc/hostapd/hostapd.conf
interface=wlan0
bridge=lan0
~~ snip ~~


Trust me on this, wlan0 is a wireless interface :lol:

I think wifi must already be configured before it can be attached to a bridge. It's also possible that it depends on driver used. Example above is a hostapd-configured, old atheros wifi. Hostapd also attaches it to already configured bridge. However, since I can detach and reattach it manualy, it doesn't seem to be important. It does fail in some use scenarios that I expect to be relatively common while testing for this, so I'm not surprised you were impressed this way. (Yes, 'ifconfig wlan0 up; brctl addif lan0 wlan0', it's you I'm thinking about!) Take a good news that it works when launched in some particular way and is usable ;) However, since it's out of scope of qemu and networking, we better leave it at this point.
Back to top
View user's profile Send private message
xaviermiller
Administrator
Administrator


Joined: 23 Jul 2004
Posts: 8039
Location: ~Brussels - Belgique

PostPosted: Tue Sep 16, 2014 8:23 pm    Post subject: Reply with quote

I trust you ;)

I will try again, but tomorrow ;)
_________________
Kind regards,
Xavier Miller
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum