qemu with tap networking on FreeBSD 6.1

Fabian Keil freebsd-listen at fabiankeil.de
Sat Jul 29 17:51:43 UTC 2006


"mal content" <artifact.one at googlemail.com> wrote:

> On 28/07/06, Fabian Keil <freebsd-listen at fabiankeil.de> wrote:

> > Personally I prefer to use NAT to connect qemu
> > (and jails) with the world outside. This way you can
> > use pfctl -ss -r to see which connections come
> > from the host system and which don't.
> >
> 
> How does this work?

In my PF default configuration there are "anchor"
and "nat-anchor" lines for every device from tap0 to tap9.

My qemu configuration script is: 

|#!/bin/sh -x
|tap_if=$1
|ext_if=iwi0
|number=`expr \`echo $tap_if | cut -c 4\` + 7`
|
|sudo ifconfig $tap_if 192.168.$number.49
|echo "nat pass on $ext_if from $tap_if:network to any -> $ext_if" | sudo pfctl -N -a $tap_if -f -   
|echo "pass quick on $tap_if flags S/SA keep state" | sudo pfctl -a $tap_if -R -f -

I start qemu with:

sudo dd if=/dev/null of=/dev/tap0
sudo chown fk /dev/tap0
qemu -m 32 -net nic -net tap,script=/home/fk/scripts/qemu-config -hda ~/test/netbsd.img

If I have to use other tap device I have to change the network settings
in the guest system, but usually I only need one qemu process.

if_tap is loaded on boot and net.link.tap.user_open is
enabled in /etc/sysctl.conf.

Fabian
-- 
http://www.fabiankeil.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20060729/e2fb0538/signature.pgp


More information about the freebsd-questions mailing list