Re: Virtual Firewall
- Original Message - From: Phil Daws ux...@splatnix.net To: kvm@vger.kernel.org Sent: Thursday, March 14, 2013 10:53:43 AM Subject: Virtual Firewall Hello, have been trying to build a virtual firewall as a POC but having some difficulty with the networking aspect. On the physical server I have a single NIC that is connected to the Internet with the IP XXX.XXX.XXX.10 and is bound to bridge0. I created the first guest, as the firewall, and added a virtio interface with source type Host device vnet (bridge0). At the guest OS level I assigned the NIC another public IP XXX.XXX.XXX.20 and was able to route quite happily to the Internet. I then proceeded to add a second NIC to the firewall guest but this time using the default NAT network and gave it the address 192.168.1.1. I then created another guest with the IP 192.168.1.2 with its default route being 192.168.1.1 and that could get out to the Internet as-well once the FORWARD+SNAT rules were added to iptables. Now here in lies the problem. I wish to add another network so that I end up with: XXX.XXX.XXX.20 Public Facing 192.168.1.1Private LAN 192.168.2.1DMZ So using virtual-manager I created two brand new networks called PrivateLAN and DMZ with the networks above. I then removed the secondary interface from the firewall and added two new NICs, one being on the PrivateLAN and the other on the DMZ. When I fired up the firewall and attempted to assign those IP addresses to the interfaces the response was: [root@fw1 ~]# ifup eth1 Error, some other host already uses address 192.168.1.1. [root@fw1 ~]# ifup eth2 Error, some other host already uses address 192.168.2.1. Running an arping showed that the MAC for bridge0 already had those IPs registered ?!?!? I am obviously missing a networking fundamental here and really would like some help. If you have only one physical NIC how do you create multiple networks as above; that allows IPtables to control the traffic flow. Any help gratefully appreciated. This is well supported in libvirt [1] If you don't want to use libvirt then you can at least run to test the rules that are created or look at the code. [1] http://libvirt.org/firewall.html Thanks. -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [user question] Opinions about running Windows in KVM
- Original Message - From: Marc Haber mh+...@zugschlus.de To: KVM kvm@vger.kernel.org Sent: Saturday, December 15, 2012 7:47:11 AM Subject: [user question] Opinions about running Windows in KVM Hi, I am a heavy user of virtualization in my private zoo of systems. My main Operating System is Debian, and I am running a multitude of other Linuxen inside KVM, and also a handful of Windows systems that are still using VirtualBox. However, VirtualBox has losing attractivity since there are issues that prevent current VirtualBox from being packaged for Debian (VirtualBox 4.2 needing the non-free OpenWatcom compiler to build), and the latest VirtualBox in Debian (4.1.18) does not build its kernel module with Linux 3.7. I would therefore like to migrate my Windows guests to KVM as well. Judging from what one finds on the net, this is possible thanks to Fedora/Red Hat's work on virtio-win, which has not been updated since july 2012. The documentation on http://www.linux-kvm.org/page/WindowsGuestDrivers/Download_Drivers has also not been touched in a while. I'll check to see if there are newer drivers available but they don't change that often. http://alt.fedoraproject.org/pub/alt/virtio-win/latest/images/bin/ I proceeded to do a test install of Windows 7 in a KVM VM which only worked after configuring a second virtual CD-ROM drive and giving the Windows 7 installer access to the virtio-win.iso from the very beginning (the dreaded F6 option). If it's important, the VM is configured with libvirt 0.9.15, has two virtual cores off a Core i7 Quad Core host and 2 Gigs of RAM. libvirt's Virtual Machine Manager is used to get access to the VM's graphics console. Another approach is the put those drivers in a virtual floppy drive After the install and the resulting patch orgy finished, I noticed that the KVM-based Windows install was running much slower than an existing Windows 7 guest running under VirtualBox (on the same hardware and a similiarly configured VM), which is odd since sparkling new Windows installs usually tend to run much better than an Where you using virtio-blk or emulated IDE? install that has been used for months. A few benchmarks showed that the KVM-based Windows suffers from I/O performance that is almost an order of magnitude slower than the one running based on VirtualBox. I would like to know whether I did something wrong, or if there is another way to achieve compareable I/O performance in a Windows VM on KVM than it is reachable with a trivial VirtualBox installation. On another point: The VirtualBox graphics drivers for Windows have an option to couple the Windows desktop size to the size of the guest Window. That is, when I resize the X11 Window that shows the VM desktop, the desktop is automatically resized to fill the window completely. Try using spice with the windows guest tools which will give you copy and paste, cursor handling, resolution matching etc. http://www.spice-space.org/download.html On KVM, I understand that the canonical way to run Windows in a VM is to use the graphics drivers from VMWare as the graphics card emulated by qemu-kvm is VMWare compatible. But it looks like this doesn't work since Windows claims to have a Standard VGA graphics adapter which is rather slow and only offers a list of standard screen resolutions which also does not adapt to window size. I guess this is an issue that I better address on a LibVirt mailing list, right? I would appreciate any comments, and - if appropriate - pointers to other mailing lists that may help with getting Windows 7 to run better under KVM. Greetings Marc -- - Marc Haber | I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things.Winona Ryder | Fon: *49 621 31958061 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 31958062 -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: live migration problems.
- Original Message - From: Riccardo Veraldi riccardo.vera...@cnaf.infn.it To: kvm@vger.kernel.org Sent: Friday, March 30, 2012 5:45:47 PM Subject: live migration problems. Hello, I have problems with live migration. I have several VMs in a CentOS 6.2 cluster environment. When I migrate one virtual machine from nodeA to nodeB the migration goes smoothly but in the same time the VM is migrated an external ping cannot reach the VM. I ping the VM before migration and after the migration is done ping stops to work. This happens for some VM and does not happen for other VM. Apparently the VM are configured the same way so I can't understand why this is happening. If I migrate the VM back to the original physical node the ping start working again like if the switch did not realize the VM mac address changed switch port. To make things work always I Should make a ping from the VM console to whatever host and in this case the arp table is updated on the switch. The strange thing as I said is that some VM seems to always work after migration while other seems never to work untl they are migrated back to original cluster node. Any hints or suggestions ? Make sure you have DELAY=0 set in the ifcfg file for the bridge on both hosts. thank you very much Rick -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: balloon drivers missing in virtio-win-1.1.16.vfd
- Original Message - From: Onkar N Mahajan kern...@gmail.com To: kvm@vger.kernel.org, qemu-de...@nongnu.org Sent: Thursday, September 29, 2011 6:03:26 AM Subject: balloon drivers missing in virtio-win-1.1.16.vfd virtio_balloon drivers are missing in the virtio-win floppy disk image found at http://alt.fedoraproject.org/pub/alt/virtio-win/latest/images/bin/ whereas they are present in the ISO image , any specific reason for this ? Shouldn't they be ideally present ? You probably want to be asking this on the Fedora virt list rather than the kvm qemu developer list. Regards, Onkar -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: [Qemu-devel] [fedora-virt] balloon drivers missing in virtio-win-1.1.16.vfd
- Original Message - From: Justin M. Forbes jmfor...@linuxtx.org To: Andrew Cathrow acath...@redhat.com Cc: v...@lists.fedoraproject.org, Onkar N Mahajan kern...@gmail.com, qemu-de...@nongnu.org, kvm@vger.kernel.org Sent: Thursday, October 6, 2011 9:35:44 AM Subject: Re: [Qemu-devel] [fedora-virt] balloon drivers missing in virtio-win-1.1.16.vfd On Thu, 2011-10-06 at 02:33 -0400, Andrew Cathrow wrote: - Original Message - From: Onkar N Mahajan kern...@gmail.com To: kvm@vger.kernel.org, qemu-de...@nongnu.org Sent: Thursday, September 29, 2011 6:03:26 AM Subject: balloon drivers missing in virtio-win-1.1.16.vfd virtio_balloon drivers are missing in the virtio-win floppy disk image found at http://alt.fedoraproject.org/pub/alt/virtio-win/latest/images/bin/ whereas they are present in the ISO image , any specific reason for this ? Shouldn't they be ideally present ? The vfd is not supposed to contain the full set of drivers, it is meant to be the bare minimum drivers required to install (and fit in 1.44mb). The vfd only contains network and block drivers so that you can install the system and grab the full set of drivers from the ISO or another location. Later versions of Windows can install using the ISO for drivers and do not need the vfd at all. Makes sense, thanks Aic Justin -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html
Re: DMI BIOS String
- Original Message - From: Derek li...@stuntkiwi.com To: kvm@vger.kernel.org Sent: Sunday, August 21, 2011 11:52:19 PM Subject: DMI BIOS String Hi Folks, I could not track down any solid info on modifying the DMI BIOS string. qemu-kvm -help | grep bios -smbios file=binary -smbios type=0[,vendor=str][,version=str][,date=str][,release=%d.%d] -smbios type=1[,manufacturer=str][,product=str][,version=str][,serial=str] or if you're using libvirt http://libvirt.org/formatdomain.html#elementsSysinfo For example, in VirtualBox you can use 'vboxmanage setsextradata' to set the BIOS product and vendor string per VM. Any ideas if this is possible with KVM? Thanks, Derek-- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html -- To unsubscribe from this list: send the line unsubscribe kvm in the body of a message to majord...@vger.kernel.org More majordomo info at http://vger.kernel.org/majordomo-info.html