[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: KVM networking.

Thank You for Your time and answer, Arno:

>Sthu Deus (sthu.deus@gmail.com on 2011-11-15 20:12 +0700):
>qemu does not use sudo. -net tap,ifname=$(sudo tunctl -b) doesn't work?

/usr/bin/kvm -localtime -m 256 -no-reboot -boot c -hda /srv/vm/serv/da
-net nic,macaddr=$(printf 'DE:AD:BE:EF:%02X:%02X\n' $((RANDOM%256))
$((RANDOM%256))) -net tap,ifname=$(sudo /usr/sbin/tunctl -b)
kvm: -net tap,ifname=tap0: could not configure /dev/net/tun (tap0):
Operation not permitted
kvm: -net tap,ifname=tap0: Device 'tap' could not be initialized

/usr/bin/kvm -localtime -m 256 -no-reboot -boot c -hda /srv/vm/serv/da
-net nic,macaddr=$(printf 'DE:AD:BE:EF:%02X:%02X\n' $((RANDOM%256))
$((RANDOM%256))) -net tap,ifname=$(sudo /usr/sbin/tunctl
-b; /usr/bin/sudo /sbin/ip link set tap1 up; /usr/bin/sudo /sbin/brctl
addif br0 tap1)

kvm: -net tap,ifname=tap1: could not configure /dev/net/tun (tap1):
Operation not permitted
kvm: -net tap,ifname=tap1: Device 'tap' could not be initialized

But his works for host-guest connection as I have before said:

/usr/bin/kvm -localtime -m 256 -no-reboot -boot c -hda /srv/vm/serv/da
-net nic -net tap,ifname=$(sudo /usr/sbin/tunctl -b -u $(whoami);
sudo /sbin/ifconfig tap0 up; sudo /sbin/route add -host dev tap0),script=no,downscript=no; /usr/sbin/tunctl -d

Though they probably need to correct the KVM networking page. :) -
Some many additional movements are necessary to make it working under
nirmal user. :)

Now, Internet access is wanted for the guest. :)

So in this case which things do You recommend for ip table routing for
both (host and guest) and NAT rules? I do this as follows (w/o luck):

# for f in /proc/sys/net/bridge/bridge-nf-*; do echo 0 > $f; done

(manual advised that - did not test w/o it).

# sysctl -w net.ipv4.ip_forward=1

route add default gw

/sbin/iptables -t nat -A POSTROUTING -s ! -d -j SNAT --to-source

Giving all the local network (the host-guest one) Internet access (to
Internet router). The legend is:

host: eth0 w/ .0.2 address, tap0 w/ .1.2 address,

guest: eth0 w/ .1.10 address.

But it does not work - I can not ping .0.1 - the router from guest nor

>> By the way, to overrun the permission problem I have tried running it
>> under sudo (root) user when I got the following error:
>> No protocol specified
>> Could not initialize SDL(No available video device) - exiting
>> So it needs a screen for KVM window running. Do You know how I can
>> launch it in such case? - Except to allow root user. :)
>Most likely your sudo does not preserve $DISPLAY.

Hmm. Both (under t\a user and under the sudo su) the environment show

>> I've got such a problem w/ NATing:
>> /sbin/iptables -t nat -A POSTROUTING -s -d !
>> -j SNAT --to-source
>> Bad argument `'
>> Do You have any idea why iptables does not accept the ip nor the ip
>> net?
>You need to use ! -d addr, not -d ! addr

Oh! Again, in manual of iptables (by Oskar) sign "!" is used after,
"-s" or "--protocol", etc. 8?

Reply to: