From owner-freebsd-questions@FreeBSD.ORG Sat Jul 29 18:37:25 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id C33BF16A4DA for ; Sat, 29 Jul 2006 18:37:25 +0000 (UTC) (envelope-from artifact.one@googlemail.com) Received: from ug-out-1314.google.com (ug-out-1314.google.com [66.249.92.172]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1DD7643D49 for ; Sat, 29 Jul 2006 18:37:24 +0000 (GMT) (envelope-from artifact.one@googlemail.com) Received: by ug-out-1314.google.com with SMTP id m2so199990uge for ; Sat, 29 Jul 2006 11:37:23 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=googlemail.com; h=received:message-id:date:from:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=hhm+ppWFcF2Nq4ZNGGPdFuow+A2JFLBgQkJL6ABgrK3YYd2jHz4dHgzw+a7PdWHatW6R0300yswtx2jL6LauUVy1fN73ygLYDLSlkymZ52JXfuhFRCzpJVbxdTKxOKHl0NEMzcv1EoK0cwW0C3pMUxIiUuFE5A+hd4BxxuHw/Mk= Received: by 10.78.178.5 with SMTP id a5mr148619huf; Sat, 29 Jul 2006 11:37:23 -0700 (PDT) Received: by 10.78.43.9 with HTTP; Sat, 29 Jul 2006 11:37:23 -0700 (PDT) Message-ID: <8e96a0b90607291137j3808df1dj759ab773319c250@mail.gmail.com> Date: Sat, 29 Jul 2006 19:37:23 +0100 From: "mal content" To: "Fabian Keil" In-Reply-To: <20060729195129.15feb19b@localhost> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline References: <8e96a0b90607280942o7fb9d5e5s876ad7367379210@mail.gmail.com> <20060728212909.032e047c@localhost> <8e96a0b90607281232k216490d8l33e3261f6081124d@mail.gmail.com> <20060729195129.15feb19b@localhost> Cc: freebsd-questions@freebsd.org Subject: Re: qemu with tap networking on FreeBSD 6.1 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 29 Jul 2006 18:37:25 -0000 On 29/07/06, Fabian Keil wrote: > "mal content" wrote: > > > On 28/07/06, Fabian Keil wrote: > > > > Personally I prefer to use NAT to connect qemu > > > (and jails) with the world outside. This way you can > > > use pfctl -ss -r to see which connections come > > > from the host system and which don't. > > > > > > > How does this work? > > In my PF default configuration there are "anchor" > and "nat-anchor" lines for every device from tap0 to tap9. > > My qemu configuration script is: > > |#!/bin/sh -x > |tap_if=$1 > |ext_if=iwi0 > |number=`expr \`echo $tap_if | cut -c 4\` + 7` > | > |sudo ifconfig $tap_if 192.168.$number.49 > |echo "nat pass on $ext_if from $tap_if:network to any -> $ext_if" | sudo pfctl -N -a $tap_if -f - > |echo "pass quick on $tap_if flags S/SA keep state" | sudo pfctl -a $tap_if -R -f - > > I start qemu with: > > sudo dd if=/dev/null of=/dev/tap0 > sudo chown fk /dev/tap0 > qemu -m 32 -net nic -net tap,script=/home/fk/scripts/qemu-config -hda ~/test/netbsd.img > > If I have to use other tap device I have to change the network settings > in the guest system, but usually I only need one qemu process. > > if_tap is loaded on boot and net.link.tap.user_open is > enabled in /etc/sysctl.conf. > Very interesting, I wouldn't have thought of doing it like that. I'll try it. thanks! MC