Hi !
I am still struggling with bridging setup (script is attached at the bottom)
for 2-interface config on SuSE 10.2 and kernel 2.6.22
net -> eth1 - 83.xx.yy.zz
loc -> eth2 - 192.168.1.1 (also acts as router)
So, taking receipt from:
http://www1.shorewall.net/SimpleBridge.html
/etc/shorewall/interfaces:
#ZONE INTERFACE BROADCAST OPTIONS
net eth1 detect tcpflags,norfc1918,routefilter,nosmurfs,logmartians
loc br0 192.168.1.255 routeback,bridge,tcpflags,detectnets,nosmurfs
/etc/shorewall/masq: <--- what should be here?
eth1 br0
And finally, in Linux guest running under QEMU/KVM I could specify for example
its network card (qtap0) with IP for example 192.168.1.10, netmask
255.255.255.0 and default gateway 192.168.1.1.
Am I right or missing something?
******************************************************************************************
*** Bridging Script for QEMU/KVM from:
http://blog.cynapses.org/2007/07/12/qemu-kvm-internal-network-setup/
******************************************************************************************
#!/bin/bash
# id of the user running qemu (kvm)
USERID=1000
# number of TUN/TAP devices to setup
NUM_OF_DEVICES=2
case $1 in
start)
modprobe tun
echo -n "Setting up bridge device br0"
brctl addbr br0
ifconfig br0 192.168.1.254 netmask 255.255.255.0 up
for ((i=0; i < NUM_OF_DEVICES ; i++)); do
echo -n "Setting up "
tunctl -b -u $USERID -t qtap$i
brctl addif br0 qtap$i
ifconfig qtap$i up 0.0.0.0 promisc
done
;;
stop)
for ((i=0; i < NUM_OF_DEVICES ; i++)); do
ifconfig qtap$i down
brctl delif br0 qtap$i
tunctl -d qtap$i
done
ifconfig br0 down
brctl delbr br0
;;
*)
echo "Usage: $(basename $0) (start|stop)"
;;
esac
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2005.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Andrei Verovski (aka MacGuru) wrote:> Hi ! > > I am still struggling with bridging setup (script is attached at the bottom) > for 2-interface config on SuSE 10.2 and kernel 2.6.22 > > net -> eth1 - 83.xx.yy.zz > loc -> eth2 - 192.168.1.1 (also acts as router) > > So, taking receipt from: > http://www1.shorewall.net/SimpleBridge.html > > > /etc/shorewall/interfaces: > #ZONE INTERFACE BROADCAST OPTIONS > net eth1 detect tcpflags,norfc1918,routefilter,nosmurfs,logmartians > loc br0 192.168.1.255 routeback,bridge,tcpflags,detectnets,nosmurfs > > /etc/shorewall/masq: <--- what should be here? > eth1 br0 > > And finally, in Linux guest running under QEMU/KVM I could specify for example > its network card (qtap0) with IP for example 192.168.1.10, netmask > 255.255.255.0 and default gateway 192.168.1.1. > > > Am I right or missing something?If you are going to have one local IP network (which in your case appears to be 192.168.1.0/24), then you need to add eth2 to the bridge (br0); the bridge should have the IP address (192.168.1.1) rather than eth2. So you need to remove the IP configuration from eth2; the device still needs to be set in the UP state. See the bridge creation scripts at http://www.shorewall.net/3.0/bridge.html and/or http://www.shorewall.net/bridge-Shorewall-perl.html. So your bridge script needs changing to: a) Add eth2 as the first port on the bridge (or last); and b) The IP address of the bridge needs to be changed from 192.168.1.254 to 192.168.1.1 (either that or you need to use 192.168.1.254 as the default gateway for your internal/virtual systems). The internal interface in your Shorewall configuration is ''br0''. eth2 is not mentioned in that configuration. -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
Tom Eastep wrote:> Andrei Verovski (aka MacGuru) wrote:>> >> Am I right or missing something? > > If you are going to have one local IP network (which in your case appears to > be 192.168.1.0/24), then you need to add eth2 to the bridge (br0); the > bridge should have the IP address (192.168.1.1) rather than eth2. > > So you need to remove the IP configuration from eth2; the device still needs > to be set in the UP state. See the bridge creation scripts at > http://www.shorewall.net/3.0/bridge.html and/or > http://www.shorewall.net/bridge-Shorewall-perl.html. > > So your bridge script needs changing to: > > a) Add eth2 as the first port on the bridge (or last); and > b) The IP address of the bridge needs to be changed from 192.168.1.254 to > 192.168.1.1 (either that or you need to use 192.168.1.254 as the default > gateway for your internal/virtual systems). > > The internal interface in your Shorewall configuration is ''br0''. eth2 is not > mentioned in that configuration.Alternatively, you could use two local IP networks. a) Keep eth2 the way it is. b) Change all of the addresses associated with the bridge (including the IP addresses of the VMs) to use a second network (say 192.168.2.0/24). In /etc/shorewall/interfaces: loc eth2 ... loc br0 ... In /etc/shorewall/masq: eth1 eth2 eth1 br0 -Tom -- Tom Eastep \ Nothing is foolproof to a sufficiently talented fool Shoreline, \ http://shorewall.net Washington USA \ teastep@shorewall.net PGP Public Key \ https://lists.shorewall.net/teastep.pgp.key ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/