Slackware64 14.1 host; kvm modules loaded; qemu 2.3.0
Some years ago I successfully set up a qemu-kvm host with bridged networking. My setup was a little unusual: instead of bridging to a physical adapter I created a dummy interface on the host and bridged to that; I also created a tap interface for the guest and connected that tap interface to the same bridge. The bridge got an address like 10.40.40.1; ip forwarding was set up and iptables masqueraded connections from 10.50.50.0 to the physical adapter, which was something like 192.168.1.100, and then on to the router. Don't ask me why I prefer this setup; I just don't like bridging to the external adapter.
I used brctl and tunctl to bring up the interfaces.
It worked well, but I had to invoke qemu as root user, which always left me uncomfortable.
I am now trying to implement a similar setup with the iproute2 suite, hoping to invoke qemu this time as a regular user. Here's how I bring the virtual network up as root user:
Code:
# create bridge br0 and bring it up
ip link add br0 type bridge
ip link set br0 up
# create tap adapter tap0 and allow regular user to attach it to guest
ip tuntap add tap0 mode tap user gerard group users
ip link set tap0 promisc on
ip link set tap0 up
ip link set tap0 master br0
# create dummy adapter dummy0
ip link add dummy0 type dummy
ip link set dummy0 promisc on
ip link set dummy0 up
ip link set dummy0 master br0
# assign address to br0
ip address add 10.40.40.1/32 dev br0
Here's how I invoke qemu as a regular user (irrelevant portions snipped):
Code:
/usr/local/bin/qemu-system-x86_64 -enable-kvm \
-net nic \
-net tap,ifname=tap0,script=no,downscript=no \
-drive ... etc
Here's what
ip link show reports when the virtual network is up:
Code:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:22:15:4b:cb:39 brd ff:ff:ff:ff:ff:ff
122: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 7e:ea:f6:8d:ef:ed brd ff:ff:ff:ff:ff:ff
123: tap0: <NO-CARRIER,BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc pfifo_fast master br0 state DOWN mode DEFAULT group default qlen 500
link/ether d6:b8:f6:df:58:61 brd ff:ff:ff:ff:ff:ff
124: dummy0: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UNKNOWN mode DEFAULT group default
link/ether 7e:ea:f6:8d:ef:ed brd ff:ff:ff:ff:ff:ff
And here's what the same shows when the guest is started:
Code:
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN mode DEFAULT group default
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
2: eth0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP mode DEFAULT group default qlen 1000
link/ether 00:22:15:4b:cb:39 brd ff:ff:ff:ff:ff:ff
122: br0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP mode DEFAULT group default
link/ether 7e:ea:f6:8d:ef:ed brd ff:ff:ff:ff:ff:ff
123: tap0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast master br0 state UP mode DEFAULT group default qlen 500
link/ether d6:b8:f6:df:58:61 brd ff:ff:ff:ff:ff:ff
124: dummy0: <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 qdisc noqueue master br0 state UNKNOWN mode DEFAULT group default
link/ether 7e:ea:f6:8d:ef:ed brd ff:ff:ff:ff:ff:ff
Here's what
bridge link show br0 reports:
Code:
123: tap0 state UP : <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
124: dummy0 state UNKNOWN : <BROADCAST,NOARP,PROMISC,UP,LOWER_UP> mtu 1500 master br0 state forwarding priority 32 cost 100
I assign a fixed address to the guest - 10.40.40.100, 255.255.255.0 and gw 10.40.40.1 with nameserver 8.8.8.8. However, I am unable to get a connection to the outside world, or even to the gateway for that matter. ping 10.40.40.1 returns host unreachable. Since I am not too well up on iptables and netfilter I generate the firewall script using Eric Hameleer's
easy firewall generator for Slackware, setting eth0 to my external interface and br0 to the LAN side, with gateway enabled.
Is this a permissions issue, or have I something wrong in the configuration above?