From owner-freebsd-questions@FreeBSD.ORG Sat Jul 29 17:51:43 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 3880A16A4E0 for ; Sat, 29 Jul 2006 17:51:43 +0000 (UTC) (envelope-from freebsd-listen@fabiankeil.de) Received: from smtprelay01.ispgateway.de (smtprelay01.ispgateway.de [80.67.18.13]) by mx1.FreeBSD.org (Postfix) with ESMTP id B716743D6E for ; Sat, 29 Jul 2006 17:51:38 +0000 (GMT) (envelope-from freebsd-listen@fabiankeil.de) Received: (qmail 12237 invoked from network); 29 Jul 2006 17:51:36 -0000 Received: from unknown (HELO localhost) (775067@[217.50.150.206]) (envelope-sender ) by smtprelay01.ispgateway.de (qmail-ldap-1.03) with SMTP for ; 29 Jul 2006 17:51:36 -0000 Date: Sat, 29 Jul 2006 19:51:29 +0200 From: Fabian Keil To: "mal content" , freebsd-questions@freebsd.org Message-ID: <20060729195129.15feb19b@localhost> In-Reply-To: <8e96a0b90607281232k216490d8l33e3261f6081124d@mail.gmail.com> References: <8e96a0b90607280942o7fb9d5e5s876ad7367379210@mail.gmail.com> <20060728212909.032e047c@localhost> <8e96a0b90607281232k216490d8l33e3261f6081124d@mail.gmail.com> X-Mailer: Sylpheed-Claws 2.3.1 (GTK+ 2.8.19; i386-portbld-freebsd6.1) X-PGP-KEY-URL: http://www.fabiankeil.de/gpg-keys/freebsd-listen-2006-08-19.asc Mime-Version: 1.0 Content-Type: multipart/signed; boundary="Sig_lk==40RPPismYJQTTvQezLr"; protocol="application/pgp-signature"; micalg=PGP-SHA1 Cc: Subject: Re: qemu with tap networking on FreeBSD 6.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Jul 2006 17:51:43 -0000 --Sig_lk==40RPPismYJQTTvQezLr Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable "mal content" wrote: > On 28/07/06, Fabian Keil wrote: > > Personally I prefer to use NAT to connect qemu > > (and jails) with the world outside. This way you can > > use pfctl -ss -r to see which connections come > > from the host system and which don't. > > >=20 > How does this work? In my PF default configuration there are "anchor" and "nat-anchor" lines for every device from tap0 to tap9. My qemu configuration script is:=20 |#!/bin/sh -x |tap_if=3D$1 |ext_if=3Diwi0 |number=3D`expr \`echo $tap_if | cut -c 4\` + 7` | |sudo ifconfig $tap_if 192.168.$number.49 |echo "nat pass on $ext_if from $tap_if:network to any -> $ext_if" | sudo p= fctl -N -a $tap_if -f - =20 |echo "pass quick on $tap_if flags S/SA keep state" | sudo pfctl -a $tap_if= -R -f - I start qemu with: sudo dd if=3D/dev/null of=3D/dev/tap0 sudo chown fk /dev/tap0 qemu -m 32 -net nic -net tap,script=3D/home/fk/scripts/qemu-config -hda ~/t= est/netbsd.img If I have to use other tap device I have to change the network settings in the guest system, but usually I only need one qemu process. if_tap is loaded on boot and net.link.tap.user_open is enabled in /etc/sysctl.conf. Fabian --=20 http://www.fabiankeil.de/ --Sig_lk==40RPPismYJQTTvQezLr Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.4 (FreeBSD) iD8DBQFEy6AmjV8GA4rMKUQRAoujAJ9vc8cbij7FVwOHy5Osd8uAKYs89ACgiLPS eGPhvL9iVyKMODqo/vTm97I= =6UtX -----END PGP SIGNATURE----- --Sig_lk==40RPPismYJQTTvQezLr--