Re: How to make a VM guest look like just another metal machine on my LAN?

2021-02-21 Thread Alok Prasad 
Just a simple Bridge configuration is too daunting to configure with QMEU.
serious some helper script /config is need to make this simpler for user of
qemu to use this.

On Sun, Feb 21, 2021 at 2:16 PM Steve Litt 
wrote:

> Hi all,
>
> My LAN at home is on 192.168.0.0/24, connected to the Internet via a
> cablemodem/firewall/router/gateway at 192.168.0.1. My Daily Driver
> Desktop (DDD), which will after this be referred to as the "host" or
> "metal host" is at 192.168.0.2. I have a printer with an http interface
> at 192.168.0.13. Throughout this post I'm careful to discriminate
> between the metal host and the VM guest, which is created on the metal
> host, for all config options.
>
> What I'm trying to accomplish is to launch a VM guest (Devuan) on my
> metal host (Void Linux), such that the VM guest performs as if it were
> just another physical computer on my LAN.
>
> I've been reading and experimenting for four days and still don't have
> what I need. Here are some of the documents I've used trying to get
> this done:
>
> https://wiki.qemu.org/Documentation/Networking#User_Networking_.28SLIRP.29
>
>
> https://ahelpme.com/linux/howto-do-qemu-full-virtualization-with-bridged-networking/
>
> http://www.mpaoli.net/~root/bin/TEMPLATE
>
>
> https://www.debian.org/doc/manuals/debian-handbook/sect.virtualization.en.html#sect.lxc.network
>
> I'm trying to do it purely with ip commands, although I could use brctl
> if necessary. I'm staying away from virt-manager and aqemu because they
> don't work on my Void Linux metal host, and would just add even more
> variables and ambiguity.
>
> Speaking of ambiguity, every document I've read (and I've read dozens)
> has the following ambiguities:
>
> 1) When discussing a setting, they don't indicate whether that setting
>should be on the metal host or the VM guest. Perhaps to a person who
>thoroughly understands virtual machines, such a distinction would be
>obvious via context, but it's not obvious to me.
>
> 2) When specifying an "id=whatever", they don't indicate how the id
>would be used, or what other references to that id need to be made.
>
> 3) They include no realistic steps for troubleshooting a "warning:
>netdev mybridge0 has no peer" type warning, nor even explain what it
>means more than a few guesses and "have you tried...".
>
> Based on the previously listed links, I deduce that the TAP is created
> by the guest VM, in such a way that it attaches to the bridge created on
> the metal host, and therefore I have no need to create a TAP on the
> metal host.
>
> Here's my progress so far, based on the links listed above and my
> other readings and experimentation:
>
> ***
>
> I build the bridge purely with ip commands. Also, I don't mess
> with the firewall (which perhaps has been my problem all along). I'll
> investigate the firewall aspect tomorrow.
>
> Below are some scripts and stuff I'm using. The following is
> upnet.sh, which I use to set up networking on the metal host, which
> happens to run Void Linux, which has no /etc/network/interfaces:
>
> =
> #!/bin/sh
>
> use_bridge=1
> use_tap=0
>
> dev="enp40s0"
> ipaddr_major="192.168.0.2"
> ipaddr_minor="192.168.0.102"
> gateway="192.168.0.1"
>
> error_tap_without_bridge(){
>echo -n "ERROR: Can\'t set TAP without "
>echo -n "BRIDGE! "
>echo Aborting...
>exit 1
> }
>
>
> enable_ip_forwarding(){
>echo 1 > /proc/sys/net/ipv4/ip_forward
> }
>
> unset_everything(){
>dev=$1
>ip_maj=$2
>ip_min=$3
>gateway=$4
>echo "Unsetting everything for $dev, $ip_maj and $ip_min"
>ip link set dev tap0 down
>brctl delif br0 tap0
>ip link del tap0
>ip link set dev br0 down
>ip addr del $ip_min/24 dev br0
>ip addr del $ip_maj/24 dev br0
>brctl delbr br0
>ip link set dev $dev down
>ip addr del $ip_min/24 dev $dev
>ip addr del $ip_maj/24 dev $dev
>echo ""
> }
>
> set_hostname_and_localhost(){
>echo "Setting hostname and localhost"
>hostname=`grep -v "^\s*#"  /etc/hostname | head -n1`
>ip link set dev lo up
>echo ""
> }
>
> create_phys_device_link(){
>dev=$1
>echo Creating device link for $dev
>ip link set dev $dev up
>echo ""
> }
>
> set_phys_device_addr(){
>dev=$1
>ip_maj=$2
>ip_min=$3
>gateway=$4
>echo -n "Setting physical device addresses "
>echo -n "$ip_maj "
>echo -n "and $ip_min "
>echo -n "for $physdev "
>echo "with gateway $gateway"
>ip link set dev $dev down
>ip addr add $ip_maj/24 dev $dev
>ip addr add $ip_min/24 dev $dev
>ip link set dev $dev up
>ip route add default via $gateway
>echo ""
> }
>
> set_bridge(){
>dev=$1
>ip_maj=$2
>ip_min=$3
>gateway=$4
>echo Setting bridge for $dev
>echo -n "Creating and setting bridge addresses "
>echo -n "$ip_maj "
>echo -n "and $ip_min "
>echo -n "for $physdev "
>echo "with gateway $gateway"
>
>ip link add

Re: How to make a VM guest look like just another metal machine on my LAN?

2021-02-21 Thread Simon Becherer 
Hi,



Am 21.02.21 um 09:46 schrieb Steve Litt:
> Hi all,
> 
.
.
.

> 
> Steve Litt 
> Autumn 2020 featured book: Thriving in Tough Times
> http://www.troubleshooters.com/thrive
> 

i have only partly read your mail.
but i think it sounds like a problem similar to one i have had
with the "firewalld" and ssh from outside to a virtual machine.
(a year or so in past)

(i am here at host opensuse tumbleweed and different virtual machines startet 
by virtmanager.
so i have set inside yast (host) the bridge device "br0" and have permanent set
the hardware-network-card (host) as a slave to this bridge. the connection to 
the guest will
be done automaticaly by virt-manager. no need to write a script.)
BUT i run into a routing problem, solved here:

i was following this:
https://superuser.com/questions/990855/configure-firewalld-to-allow-bridged-virtual-machine-network-access
in detail:
firewall-cmd --permanent --direct --passthrough ipv4 -I FORWARD -i br0 -j ACCEPT
firewall-cmd --permanent --direct --passthrough ipv4 -O FORWARD -i br0 -j ACCEPT
firewall-cmd --reload
this will create a file: /etc/firewalld/direct.xml
with the above entries.
i tested also then:
iptables-save  -f dateiname
iptables-restore -f dateiname
iptables -L
now there is a line more inside: -A FORWARD -i br0 -j ACCEPT
but i do not recall why i have done this. my working configuration did not have 
the last "-A" line inside.

hope this  will help you.
for test purpose i would (if possible inside your enviorement) stop the 
firewall (host) completely and check
if its then running. if its running, you know for sure its a firewall problem.

simoN

-- 
www.becherer.de




signature.asc
Description: OpenPGP digital signature

How to make a VM guest look like just another metal machine on my LAN?

2021-02-21 Thread Steve Litt 
Hi all,

My LAN at home is on 192.168.0.0/24, connected to the Internet via a
cablemodem/firewall/router/gateway at 192.168.0.1. My Daily Driver
Desktop (DDD), which will after this be referred to as the "host" or
"metal host" is at 192.168.0.2. I have a printer with an http interface
at 192.168.0.13. Throughout this post I'm careful to discriminate
between the metal host and the VM guest, which is created on the metal
host, for all config options. 

What I'm trying to accomplish is to launch a VM guest (Devuan) on my
metal host (Void Linux), such that the VM guest performs as if it were
just another physical computer on my LAN.

I've been reading and experimenting for four days and still don't have
what I need. Here are some of the documents I've used trying to get
this done:

https://wiki.qemu.org/Documentation/Networking#User_Networking_.28SLIRP.29

https://ahelpme.com/linux/howto-do-qemu-full-virtualization-with-bridged-networking/

http://www.mpaoli.net/~root/bin/TEMPLATE

https://www.debian.org/doc/manuals/debian-handbook/sect.virtualization.en.html#sect.lxc.network

I'm trying to do it purely with ip commands, although I could use brctl
if necessary. I'm staying away from virt-manager and aqemu because they
don't work on my Void Linux metal host, and would just add even more
variables and ambiguity.

Speaking of ambiguity, every document I've read (and I've read dozens)
has the following ambiguities:

1) When discussing a setting, they don't indicate whether that setting
   should be on the metal host or the VM guest. Perhaps to a person who
   thoroughly understands virtual machines, such a distinction would be
   obvious via context, but it's not obvious to me.

2) When specifying an "id=whatever", they don't indicate how the id
   would be used, or what other references to that id need to be made.

3) They include no realistic steps for troubleshooting a "warning:
   netdev mybridge0 has no peer" type warning, nor even explain what it
   means more than a few guesses and "have you tried...".

Based on the previously listed links, I deduce that the TAP is created
by the guest VM, in such a way that it attaches to the bridge created on
the metal host, and therefore I have no need to create a TAP on the
metal host.

Here's my progress so far, based on the links listed above and my
other readings and experimentation:

***

I build the bridge purely with ip commands. Also, I don't mess
with the firewall (which perhaps has been my problem all along). I'll
investigate the firewall aspect tomorrow.

Below are some scripts and stuff I'm using. The following is
upnet.sh, which I use to set up networking on the metal host, which
happens to run Void Linux, which has no /etc/network/interfaces:

=
#!/bin/sh

use_bridge=1
use_tap=0

dev="enp40s0"
ipaddr_major="192.168.0.2"
ipaddr_minor="192.168.0.102"
gateway="192.168.0.1"

error_tap_without_bridge(){
   echo -n "ERROR: Can\'t set TAP without "
   echo -n "BRIDGE! "
   echo Aborting...
   exit 1
}


enable_ip_forwarding(){
   echo 1 > /proc/sys/net/ipv4/ip_forward
}

unset_everything(){
   dev=$1
   ip_maj=$2
   ip_min=$3
   gateway=$4
   echo "Unsetting everything for $dev, $ip_maj and $ip_min"
   ip link set dev tap0 down
   brctl delif br0 tap0
   ip link del tap0
   ip link set dev br0 down
   ip addr del $ip_min/24 dev br0
   ip addr del $ip_maj/24 dev br0
   brctl delbr br0
   ip link set dev $dev down
   ip addr del $ip_min/24 dev $dev
   ip addr del $ip_maj/24 dev $dev
   echo ""
}

set_hostname_and_localhost(){
   echo "Setting hostname and localhost"
   hostname=`grep -v "^\s*#"  /etc/hostname | head -n1`
   ip link set dev lo up
   echo ""
}

create_phys_device_link(){
   dev=$1
   echo Creating device link for $dev
   ip link set dev $dev up
   echo ""
}

set_phys_device_addr(){
   dev=$1
   ip_maj=$2
   ip_min=$3
   gateway=$4
   echo -n "Setting physical device addresses "
   echo -n "$ip_maj "
   echo -n "and $ip_min "
   echo -n "for $physdev "
   echo "with gateway $gateway"
   ip link set dev $dev down
   ip addr add $ip_maj/24 dev $dev
   ip addr add $ip_min/24 dev $dev
   ip link set dev $dev up
   ip route add default via $gateway
   echo ""
}

set_bridge(){
   dev=$1
   ip_maj=$2
   ip_min=$3
   gateway=$4
   echo Setting bridge for $dev
   echo -n "Creating and setting bridge addresses "
   echo -n "$ip_maj "
   echo -n "and $ip_min "
   echo -n "for $physdev "
   echo "with gateway $gateway"

   ip link add name br0 type bridge
   ip link set dev $dev master br0
   ip addr add $ip_maj/24 dev br0
   ip addr add $ip_min/24 dev br0
   ip link set dev br0 up
   ip route add default via $gateway
   echo ""
}

set_tap(){
   echo Setting tap
   ip tuntap add tap0 mode tap
   brctl addif br0 tap0
   #ip addr add 192.168.0.66/24 dev tap0
   ip link set dev tap0 up
   echo ""
}

show_networking(){
   echo -n "Networking follows in 3 seconds..."
   sleep 3
   echo "\n"
   echo