Overview
| Comment: | More info on bridge configuration |
|---|---|
| Downloads: | Tarball | ZIP archive | SQL archive |
| Timelines: | family | ancestors | descendants | both | trunk |
| Files: | files | file ages | folders |
| SHA1: |
46b8264cac7786b85da9e59a7bdae24b |
| User & Date: | vitus on 2019-10-03 07:27:15 |
| Other Links: | manifest | tags |
Context
|
2019-10-03
| ||
| 07:54 | Make vws list --stated distinguish between stopped and hyberated (by vws save) machines check-in: a51866b638 user: vitus tags: trunk | |
| 07:27 | More info on bridge configuration check-in: 46b8264cac user: vitus tags: trunk | |
| 07:19 | Fix some unnoticed problems introduced by python3 switch check-in: e54cffda53 user: vitus tags: trunk | |
Changes
Modified debian/README.Debian from [4db7afcc2b] to [1684a3ea1e].
| ︙ | ︙ | |||
8 9 10 11 12 13 14 | qemu-bridge-helper ------------------ As bridge is a network interface, root access is needed to manipulate it. QEMU includes small utility qemu-bridge-helper which is designed to be installed setuid root and perform just necessary operations. Unfortunately, Debian package doesn't install this utility setuid root. So first thing you'll need to use bridge networking from qemu, started as normal user, is to make this utility setuid root. | | > < | | | < | < | > > | > > | | | | | | | > > > > > > > > > > > > > < < < < | | 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 |
qemu-bridge-helper
------------------
As bridge is a network interface, root access is needed to manipulate it. QEMU includes small utility qemu-bridge-helper which is designed to be installed setuid root and perform just necessary operations.
Unfortunately, Debian package doesn't install this utility setuid root. So first thing you'll need to use bridge networking from qemu, started as normal user, is to make this utility setuid root.
We use dpkg-statoverride mechanism to make utility from other package
setuid root and executable only by kvm group members
May be some capability would suffice.
Note, that also you need line
allow br0
where br0 is your bridge name in the /etc/qemu/brdige.conf (this file is
not exist on debian systems by default)
You have to create bridge using some mechanism provided by other means
(i.e. system network configuration.). If you system is configured by
ifupdown package, add following lines to your /etc/network/interfaces
(or some file in /etc/network/interfaces.d)
# bridge for virtual machines
auto br0
iface br0 inet static
address 192.168.199.1
network 192.168.199.0
netmask 255.255.255.0
bridge_ports none
bridge_hw 52:54:00:7d:7f:fc
post-up iptables -t nat -A POSTROUTING -s 192.168.9.0/24 -j MASQUERADE
post-up iptables -t mangle -A POSTROUTING -p udp -j CHECKSUM --checksum-fill
Note that if you dont' specify hw address for your bridge interface,
windows guests would think they are connected to new network on each
start.
Last line is needed because some picky dhcp clients expect valid
IP checksum on dhcp replies, and linux kernel doesn't it by default
leaving it to network hardware (and we have no hardware on virtual
interface).
(of course you can peek any number from 0 to 255 instead of 9 here for third octet of the IP. You can also use addresses from 10.0.0.0/8 or 172.16.0.0/12 instead of 192.168.0.0/16)
You need bridge_hw line (peek any unused mac address you want) because some recent versions of windows recognize bridge interface without static MAC as new network each time they boot.
Don't forget to enable ipv4 forwaring in the kernel.
Really it is enough for bridge configuration, if you don't mind to setup static IP for each of your VM manually. But using dnsmasq would save you great deal of effort if you have more then 2-3 virtual machine.
dnsmasq
-------
dnsmasq is a small dhcp and DNS server. If you would run it, it would act as caching DNS for your host machine and also provide IP Addresses for virtual machines and resolve their names.
|
| ︙ | ︙ |