Hello Berto, Thanks for the reply.
In the following, joule is the qemu host. From: Berto Furth Date: Tue, 16 Mar 2021 21:18:08 +1100 > I'm assuming you're also using dynamically created "tap" interfaces in your > setup. tap0 is created in the qemu host when it boots, by a line in /etc/crontab. I don't do anything to remove tap0. Therefore tap0 will exist until something catastrophic happens or the system shuts down. peter@joule:/home/peter$ grep tap0 /etc/crontab @reboot root ip tuntap add mode tap tap0 > That is, when QEMU starts it's creating a tap interface to funnel > Ethernet traffic to and from the guest...so a command line something like > > -netdev > type=tap,id=testnet,script="./qemu-tap-up",downscript="./qemu-tap-down" There is no file "./qemu-tap-up" or similar. There is no script option in the qemu command. /etc/network/interfaces has a stanza for tap0. tap0 exists and has an ip address. peter@joule:/home/peter$ ip addr show tap0 6: tap0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP gr oup default qlen 1000 link/ether 56:06:3e:f1:4e:13 brd ff:ff:ff:ff:ff:ff inet 172.23.6.1/24 brd 172.23.6.255 scope global tap0 valid_lft forever preferred_lft forever inet6 fe80::5406:3eff:fef1:4e13/64 scope link valid_lft forever preferred_lft forever > You can do routing, but you would still need to use a bridge interface for > the > dynamically created "tap" interface to connect to!! Accepted. Thanks. Incidental note. I have a LAN with a Linux router machine and a machine on a subnet. The router has Shorewall and dnsmasq. Routing from the subnetted machine to the router host and to the Internet works. No bridge is required for that. > It's just that rather than setting up the bridge interface to do > bridging between the tap and the "real" ethernet of the host, you'd > set up the bridge interface to be a separate routed interface on your > host. I don't really understand that distinction. According to https://en.wikipedia.org/wiki/Network_bridge "A network bridge is a computer networking device that creates a single, aggregate network from multiple communication networks or network segments. This function is called network bridging." Apparently qemu requires a bridge to connect the guest. Communication can not be routed between guest and host without a bridge. (?) br0 is created in the qemu host by another line in /etc/crontab. peter@joule:/home/peter$ grep br0 /etc/crontab @reboot root ip link add name br0 type bridge br0 exists analogous to tap0 but does not have an IP address. peter@joule:/home/peter$ ip addr show br0 7: br0: <BROADCAST,MULTICAST> mtu 1500 qdisc noop state DOWN group default qlen 1000 link/ether 76:da:52:dd:52:45 brd ff:ff:ff:ff:ff:ff > Routing is a bit more difficult to setup than simple bridging because > you have to first make sure your host is configured for routing (most > aren't by default) and then you have to make sure your "real" > networking infrastructure knows about the new QEMU guest subnet and > how to route to it (via your host). > > See the following URL for an example script to run when your QEMU tap > interface is created that allows routing and you'll see how much extra > effort it is to get routing (in this case with NAT) working compared > to simple bridging. > > https://wiki.qemu.org/Documentation/Networking/NAT This linux router has shorewall which has a configuration file /etc/shorewall/snat containing this line. MASQUERADE 172.23.6.0/24 $NET_IF Other subnets work that way. If tap0 is configured with address 172.23.6.2 in /etc/network/interfaces, SNAT should work for the qemu guest. > If you just want QEMU to do simple NAT between the guest and the > "real" network then just use "SLIRP" as per > > https://wiki.qemu.org/Documentation/Networking#User_Networking_.28SLIRP.29 Will use SLIRP if necessary. Not sure it's necessary. > (I haven't tested it...I always use tap and bridging) I want to do that also. From the above you see that tap0 and br0 exists in the qemu host here. dnsmasq provides DNS. Shorewall provides SNAT. The qemu command has this option. -nic tap,model=ne2k_pci Nevertheless no connection. peter@joule:/home/peter$ ping 172.23.6.1 PING 172.23.6.1 (172.23.6.1) 56(84) bytes of data. 64 bytes from 172.23.6.1: icmp_seq=1 ttl=64 time=0.043 ms --- 172.23.6.1 ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 0.043/0.043/0.043/0.000 ms peter@joule:/home/peter$ ping 172.23.6.2 PING 172.23.6.2 (172.23.6.2) 56(84) bytes of data. >From 172.23.6.1 icmp_seq=1 Destination Host Unreachable --- 172.23.6.2 ping statistics --- 1 packets transmitted, 0 received, +1 errors, 100% packet loss, time 0ms At least one ingredient is missing. br0 needs a configuration? tap0 needs to relate to br0? How? Ideas welcome. Thanks, ... P. -- cell: +1 236 464 1479 Bcc: peter at easthope. ca VoIP: +1 604 670 0140