:: Re: [DNG] Which qemu version is shi…
トップ ページ
このメッセージを削除
このメッセージに返信
著者: Mario Marietto
日付:  
To: Ralph Ronnquist
CC: dng
題目: Re: [DNG] Which qemu version is shipped by default with devuan 3 ?
Your way to configure the network seems to be a little bit limited. I would
like that the host and guest can communicate. What about using a bridge ? I
found this tutorial :

https://www.redhat.com/sysadmin/setup-network-bridge-VM

where at the end it says :

You can now ping your KVM host and guests.

So,it seems that I will reach what I want.

On Sun, Aug 20, 2023 at 1:24 PM Ralph Ronnquist <rrq@???> wrote:

> No, the host acts as a NAT router and none of the VM ports are
> accessible from "outside".
>
> Also, seen from the outside, all network traffic appear to be from/to
> the host.
>
> To provide services in that setup, you'll need to set up "DNAT"
> forwarding incoming packets for the service ports. I.e., let the host
> forward traffic incoming on the selected ports to the VM, for it to
> service it. E.g. to forward incoming tcp port 80 to the VM (assuming
> it's at 10.0.2.2)::
>
> # iptables -t nat -A PREROUTING -i eth0 -p tcp --dports 80 \
> -j DNAT --to-destination 10.0.2.2
>
> By that rule, incoming tcp packets destined for port 80 are forwarded
> to the VM. The remote computer should thus connect using the host IP
> (assuming that's reachable from outside) and it will forward the
> traffic to the VM and its port 80 service. Return packets from the VM
> will be NAT-ed like before, so the remote computer is unaware of the
> internal forwarding.
>
> If your host can have a second IP, you can also use the DNAT setup for
> all that traffic, and then the remote computer will "see" the VM as
> any another host.
>
> Ralph.
>
> On Sun, Aug 20, 2023 at 12:59:14PM +0200, Mario Marietto wrote:
> > Ok. It worked. Can I ask you if using this method,freebsd is reachable
> from
> > outside its network ? If for example I want to start a web server inside
> > FreeBSD,can I reach the web page that it hosts if I try to connect to it
> > from my workstation ? I have some doubts that I can because the IP
> assigned
> > to it seems to be private (10.0.2.1) :
> >
> > tap0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
> >        inet 10.0.2.1  netmask 255.255.255.0  broadcast 0.0.0.0
> >        ether 2a:00:9d:a5:77:07  txqueuelen 1000  (Ethernet)
> >        RX packets 0  bytes 0 (0.0 B)
> >        RX errors 0  dropped 0  overruns 0  frame 0
> >        TX packets 0  bytes 0 (0.0 B)
> >        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

> >
> >
> > On Sun, Aug 20, 2023 at 12:51 PM Ralph Ronnquist <rrq@???> wrote:
> >
> > > Should be "tap0" not "eth0" (of course). Sorry about that.
> > >
> > > On Sun, Aug 20, 2023 at 08:47:48PM +1000, Ralph Ronnquist wrote:
> > > > Ah, I forgot the "bring it up" command; you could verify this with
> > > >
> > > > # ipconfig -a
> > > >
> > > > That will present all interfaces; those that are down as well as
> those
> > > > that are up.
> > > >
> > > > The additional command is:
> > > >
> > > > # ip link set dev eth0 up
> > > >
> > > > .. usually to be done after adding it and setting its IP address, but
> > > > can be done after IP configuration as well.
> > > >
> > > > Ralph.
> > > >
> > > > You could verify beforhand with
> > > >
> > > > On Sun, Aug 20, 2023 at 12:27:30PM +0200, Mario Marietto wrote:
> > > > > Finally,after a lot of kernel recompilations,I've been able to
> issue
> > > all
> > > > > the commands suggested some time ago by @Ralph Ronnquist without
> > > getting
> > > > > errors :
> > > > >
> > > > > # ip tuntap add tap0 mode tap
> > > > > ok
> > > > >
> > > > > # ip address add 10.0.2.1/24 dev tap0
> > > > > ok
> > > > >
> > > > > # sysctl net.ipv4.ip_forward=1
> > > > > ok
> > > > >
> > > > > # net.ipv4.ip_forward = 1
> > > > > ok
> > > > >
> > > > > # iptables -t nat -A POSTROUTING -o mlan0 -j MASQUERADE
> > > > > ok
> > > > >
> > > > > Now,the problem is that I don't see any tap0 interface :
> > > > >
> > > > > # ifconfig
> > > > >
> > > > > docker0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
> > > > >        inet 172.17.0.1  netmask 255.255.0.0  broadcast
> 172.17.255.255
> > > > >        ether 02:42:c9:04:eb:64  txqueuelen 0  (Ethernet)
> > > > >        RX packets 0  bytes 0 (0.0 B)
> > > > >        RX errors 0  dropped 0  overruns 0  frame 0
> > > > >        TX packets 0  bytes 0 (0.0 B)
> > > > >        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

> > > > >
> > > > > lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
> > > > >        inet 127.0.0.1  netmask 255.0.0.0
> > > > >        inet6 ::1  prefixlen 128  scopeid 0x10<host>
> > > > >        loop  txqueuelen 1000  (Local Loopback)
> > > > >        RX packets 49  bytes 5414 (5.2 KiB)
> > > > >        RX errors 0  dropped 0  overruns 0  frame 0
> > > > >        TX packets 49  bytes 5414 (5.2 KiB)
> > > > >        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

> > > > >
> > > > > mlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
> > > > >        inet 192.168.1.6  netmask 255.255.255.0  broadcast
> 192.168.1.255
> > > > >        inet6 fe80::a200:9c1a:7783:969f  prefixlen 64  scopeid
> > > 0x20<link>
> > > > >        ether 60:21:c0:e9:44:63  txqueuelen 1000  (Ethernet)
> > > > >        RX packets 264  bytes 31934 (31.1 KiB)
> > > > >        RX errors 0  dropped 0  overruns 0  frame 0
> > > > >        TX packets 237  bytes 33545 (32.7 KiB)
> > > > >        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

> > > > >
> > > > > Is this normal ?
> > > > >
> > > > > On Thu, Aug 17, 2023 at 3:15 PM Mario Marietto <
> marietto2008@???
> > > >
> > > > > wrote:
> > > > >
> > > > > > Can someone help me,please,to understand how to fix it ?
> > > > > >
> > > > > > loziomario <https://www.reddit.com/user/loziomario/> :
> > > > > >
> > > > > > root@devuan:~# nft add table nat
> > > > > >
> > > > > > root@devuan:~# nft 'add chain nat postrouting { type nat hook
> > > postrouting
> > > > > > priority 100 ; }'
> > > > > >
> > > > > > Error: Could not process rule: No such file or directory
> > > > > >
> > > > > > deeseearr <https://www.reddit.com/user/deeseearr/> :
> > > > > >
> > > > > > Your table has no family.
> > > > > >
> > > > > > You are also trying to add a chain to a table called
> "postrouting"
> > > in the
> > > > > > "nat" family, which does not exist.
> > > > > >
> > > > > > All of your other rules are part of the "ip" family so this one
> > > should be
> > > > > > roo.
> > > > > >
> > > > > > On Wed, Aug 16, 2023 at 9:33 PM Mario Marietto <
> > > marietto2008@???>
> > > > > > wrote:
> > > > > >
> > > > > >> I've created a post on Reddit :
> > > > > >>
> > > > > >>
> > >
> https://www.reddit.com/r/devuan/comments/15swwij/neither_iptables_nor_nftable_are_working_for_me/
> > > > > >>
> > > > > >> where I tried to explain what my problem is. Unfortunately no
> one
> > > replied right now.
> > > > > >>
> > > > > >>
> > > > > >> On Wed, Aug 16, 2023 at 7:13 PM Mario Marietto <
> > > marietto2008@???>
> > > > > >> wrote:
> > > > > >>
> > > > > >>> They also suggest to check these kernel parameters :
> > > > > >>>
> > > > > >>> root@devuan:~# grep CONFIG_NF_TABLES_INET=
> /boot/config-`uname -r`
> > > > > >>> CONFIG_NF_TABLES_INET=y
> > > > > >>>
> > > > > >>> root@devuan:~# grep CONFIG_NFT_COUNTER= /boot/config-`uname
> -r`
> > > > > >>> CONFIG_NFT_COUNTER=y
> > > > > >>>
> > > > > >>> root@devuan:~# grep CONFIG_NFT_OBJREF= /boot/config-`uname -r`
> > > > > >>> CONFIG_NFT_OBJREF=y
> > > > > >>>
> > > > > >>> but they seem correct,right ?
> > > > > >>>
> > > > > >>>
> > > > > >>> On Wed, Aug 16, 2023 at 7:04 PM Mario Marietto <
> > > marietto2008@???>
> > > > > >>> wrote:
> > > > > >>>
> > > > > >>>> Reading from here :
> > >
> https://unix.stackexchange.com/questions/537912/nftables-rule-no-such-file-or-directory-error
> > > > > >>>>
> > > > > >>>> I tried to do the following :
> > > > > >>>>
> > > > > >>>> root@devuan:~# nft add table ip filter
> > > > > >>>>
> > > > > >>>> root@devuan:~# nft add chain ip filter INPUT { type filter
> hook
> > > input priority 0 \; } # create chain
> > > > > >>>> root@devuan:~# nft add rule ip nat POSTROUTING oifname
> "mlan0"
> > > counter masquerade
> > > > > >>>> Error: Could not process rule: No such file or directory
> > > > > >>>> add rule ip nat POSTROUTING oifname mlan0 counter masquerade
> > > > > >>>>             ^^^

> > > > > >>>>
> > > > > >>>> root@devuan:~# nft list ruleset
> > > > > >>>> table ip filter {
> > > > > >>>>         chain INPUT {
> > > > > >>>>                 type filter hook input priority filter; policy
> > > accept;
> > > > > >>>>         }
> > > > > >>>> }

> > > > > >>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>> On Wed, Aug 16, 2023 at 6:58 PM Mario Marietto <
> > > marietto2008@???>
> > > > > >>>> wrote:
> > > > > >>>>
> > > > > >>>>> root@devuan:~# iptables-translate -t nat -A POSTROUTING -o
> > > eth0 -j
> > > > > >>>>> MASQUERADE
> > > > > >>>>> nft add rule ip nat POSTROUTING oifname "eth0" counter
> masquerade
> > > > > >>>>>
> > > > > >>>>> root@devuan:~# ifconfig
> > > > > >>>>>
> > > > > >>>>> lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
> > > > > >>>>>        inet 127.0.0.1  netmask 255.0.0.0
> > > > > >>>>>        inet6 ::1  prefixlen 128  scopeid 0x10<host>
> > > > > >>>>>        loop  txqueuelen 1000  (Local Loopback)
> > > > > >>>>>        RX packets 28  bytes 3449 (3.3 KiB)
> > > > > >>>>>        RX errors 0  dropped 0  overruns 0  frame 0
> > > > > >>>>>        TX packets 28  bytes 3449 (3.3 KiB)
> > > > > >>>>>        TX errors 0  dropped 0 overruns 0  carrier 0
> collisions 0

> > > > > >>>>>
> > > > > >>>>> mlan0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
> > > > > >>>>>        inet 192.168.1.6  netmask 255.255.255.0  broadcast
> > > > > >>>>> 192.168.1.255
> > > > > >>>>>        inet6 fe80::47b1:6a1e:c9a8:5e73  prefixlen 64  scopeid
> > > > > >>>>> 0x20<link>
> > > > > >>>>>        ether 50:22:c1:e9:44:63  txqueuelen 1000  (Ethernet)
> > > > > >>>>>        RX packets 656  bytes 59350 (57.9 KiB)
> > > > > >>>>>        RX errors 0  dropped 0  overruns 0  frame 0
> > > > > >>>>>        TX packets 351  bytes 35970 (35.1 KiB)
> > > > > >>>>>        TX errors 0  dropped 0 overruns 0  carrier 0
> collisions 0

> > > > > >>>>>
> > > > > >>>>> root@devuan:~# nft add rule ip nat POSTROUTING oifname
> "mlan0"
> > > > > >>>>> counter masquerade
> > > > > >>>>>
> > > > > >>>>> Error: Could not process rule: No such file or directory
> > > > > >>>>> add rule ip nat POSTROUTING oifname mlan0 counter masquerade
> > > > > >>>>>            ^^^

> > > > > >>>>>
> > > > > >>>>>
> > > > > >>>>>
> > > > > >>>>> On Wed, Aug 16, 2023 at 1:03 PM wirelessduck--- via Dng <
> > > > > >>>>> dng@???> wrote:
> > > > > >>>>>
> > > > > >>>>>>
> > > > > >>>>>>
> > > > > >>>>>> > On 16 Aug 2023, at 20:13, Mario Marietto <
> > > marietto2008@???>
> > > > > >>>>>> wrote:
> > > > > >>>>>> >
> > > > > >>>>>> > 
> > > > > >>>>>> > It's too much out of my knowledge. I'm not able to
> understand
> > > > > >>>>>> what's the correct syntax to use.
> > > > > >>>>>>
> > > > > >>>>>> The manpage for iptables-translate says it takes the same
> > > arguments
> > > > > >>>>>> as iptables. You can try:
> > > > > >>>>>>
> > > > > >>>>>> iptables-translate -t nat -A POSTROUTING -o eth0 -j
> MASQUERADE
> > > > > >>>>>>
> > > > > >>>>>> and that should output the equivalent nftables command. I
> don’t
> > > have
> > > > > >>>>>> a terminal here to try that myself right now.
> > > > > >>>>>>
> > > > > >>>>>> Tom
> > > > > >>>>>> _______________________________________________
> > > > > >>>>>> Dng mailing list
> > > > > >>>>>> Dng@???
> > > > > >>>>>> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> > > > > >>>>>>
> > > > > >>>>>
> > > > > >>>>>
> > > > > >>>>> --
> > > > > >>>>> Mario.
> > > > > >>>>>
> > > > > >>>>
> > > > > >>>>
> > > > > >>>> --
> > > > > >>>> Mario.
> > > > > >>>>
> > > > > >>>
> > > > > >>>
> > > > > >>> --
> > > > > >>> Mario.
> > > > > >>>
> > > > > >>
> > > > > >>
> > > > > >> --
> > > > > >> Mario.
> > > > > >>
> > > > > >
> > > > > >
> > > > > > --
> > > > > > Mario.
> > > > > >
> > > > >
> > > > >
> > > > > --
> > > > > Mario.
> > > > _______________________________________________
> > > > Dng mailing list
> > > > Dng@???
> > > > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> > > _______________________________________________
> > > Dng mailing list
> > > Dng@???
> > > https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
> > >
> >
> >
> > --
> > Mario.
> _______________________________________________
> Dng mailing list
> Dng@???
> https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
>



--
Mario.