# [SOLVED] QEMU guest networking

## umka69

Hello.

I already ran minimal cd in QEMU environment.

There is a problem with network configuration of hypervisor, I think.

Can you help me with its configuration?

Host configs

```
den ~ # ifconfig

br0: flags=4419<UP,BROADCAST,RUNNING,PROMISC,MULTICAST>  mtu 1500

        inet 192.168.1.4  netmask 255.255.255.0  broadcast 192.168.1.255

        inet6 fe80::813a:b125:254:c22d  prefixlen 64  scopeid 0x20<link>

        inet6 fe80::e23f:49ff:feae:c278  prefixlen 64  scopeid 0x20<link>

        ether e0:3f:49:ae:c2:78  txqueuelen 0  (Ethernet)

        RX packets 29433  bytes 4611240 (4.3 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 1356  bytes 273143 (266.7 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

enp3s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet6 fe80::e23f:49ff:feae:c278  prefixlen 64  scopeid 0x20<link>

        ether e0:3f:49:ae:c2:78  txqueuelen 1000  (Ethernet)

        RX packets 29433  bytes 5023302 (4.7 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 1364  bytes 273791 (267.3 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 0  (Local Loopback)

        RX packets 57673  bytes 21885826 (20.8 MiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 57673  bytes 21885826 (20.8 MiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

```

```
den ~ # cat /etc/conf.d/net

config_enp3s0="null"

config_br0="dhcp"

brctl_br0="setfd 0

sethello 10

stp off"

bridge_br0="enp3s0"

```

Guest ifconfig

```
lifecd ~ # ifconfig

        enp0s3: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500

        inet 10.0.2.15  netmask 255.255.255.0  broadcast 10.0.2.255

        inet6 fe80::5054:ff:fe12:3456  prefixlen 64  scopeid 0x20<link>

        inet6 fe80::59c1:f175:aeb3:433  prefixlen 64  scopeid 0x20<link>

        ether 52:54:00:12:34:56  txqueuelen 1000  (Ethernet)

        RX packets 2  bytes 1180 (1.1 KiB)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 17  bytes 1979 (1.9 KiB)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536

        inet 127.0.0.1  netmask 255.0.0.0

        inet6 ::1  prefixlen 128  scopeid 0x10<host>

        loop  txqueuelen 0  (Local Loopback)

        RX packets 2  bytes 140 (140.0 B)

        RX errors 0  dropped 0  overruns 0  frame 0

        TX packets 2  bytes 140 (140.0 B)

        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

```

```
lifecd ~ # ping -c3 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.

--- 8.8.8.8 ping statistics ---

3 packets transmitted, 0 received, 100% packet loss, time 2015ms

```

----------

## szatox

What do you want to do?

By default qemu runs network in user mode which means guest is a regular app accessing the internet the very same way any other app would do,  but host is not aware of guest's network.

To get a more advanced setup you must tell qemu to bind virtual ethernet (TAP) devices instead. This would let you create bridged/routed virtual network you can configure pretty much the same way you would configure your lan.

----------

## umka69

Sorry. I need to set own IP address to each VM in my VLAN as well as to the hostnode.

But now network is not achievable from VM at all.

So, TUP/TUN can halp me?

But at first i think usermode must work.

----------

## umka69

Ok. I've got TUN/TUP working.

But I cun't access to VM from my VLAN (network of host, my home VLAN) by SSH. 

No SSH but it PINGing and i can see it in my router access list.

How to solve it?

----------

## szatox

 *Quote:*   

> But at first i think usermode must work.

 

No, it doesn't. If I get you well, and you want all those VMs to be accessible from the network (no matter what kind of network), user mode networking is NOT wat you want. User mode only allows you call the internet from VM, but not the other way. It does not require any guest-side configuration at all though, as quemu provides guest with dhcpd-based network you can't even see from host's side.

What you do want is runing quemu with parameters binding it to TAP device, for example: 

-net nic,macaddr="$MAC1",vlan=1 -net tap,ifname="$IFNAME",script="no",downscript="no",vlan=1

This line assumes yout $IFNAME is already configured host-side TAP device that will be assigned $MAC1 address.

You can also skip the part about scripts and have qemu's own scripts handle that, but this requires you to run qemu as root. Otherwise it won't be able to create TAP.

From this point, you can either go with bridged network (you're going to need brctl for this) or with routed network (iptables is sufficient).

Deppends on what you want to do. Either way will allow you assign a host-visible IP to your VMs

The guest config goes exacly the same way as it would in case of physical machine. E.g. you must run some services you want to use  :Laughing: 

----------

## umka69

Thank you! Now it is clear about network.

Guys, for all who need it! Here is useful man to the TUN/TUP approach. http://wiki.gentoo.org/wiki/QEMU/Options

I got SSH from VLAN, but still no VNC. Sorry, I'm quiet noob.  :Sad: 

I'm starting VM with this script:

```
den ~ # cat GentooVM

#!/bin/sh

exec qemu-system-x86_64 \

        -enable-kvm \

        -boot d \

        -cdrom install-amd64-minimal-20140828.iso \

        -net tap,ifname=tap0,script=no,downscript=no -net nic,model=virtio \

        -cpu host -smp 2 \

        -drive file=/root/GentooVM.img,if=virtio \

        -m 2G \

        -vnc :0 \

        -k en-us \

        -monitor stdio \

        -name "Gentoo VM" \

        $@

```

It woks perfect. But no VNC form VLAN.

I'm connecting to "<HOST-IP>:5900". No result. Where is a mistake?

----------

## umka69

Ok. The problem with external connection to VNC goes from security configuration.

It could be solved by adding VNC password. It can be made by this option:

```
qemu-system-x86_64 [...] -vnc :0,password [...] 
```

QEMU monitor must be started too, so adding an option.

```
qemu-system-x86_64 [...] -monitor stdio [...] 
```

Also it is necessary to setup VNC password by monitor command

```
(qemu) change vnc password
```

BUT it is not comfortable to reset password every booting.

Is there another way to set password?

PS: I know about qemu.config but it cause an error.

```
den ~ # sh GentooVM

qemu-system-x86_64:/etc/qemu/qemu.conf:1: no group defined
```

```
den ~ # cat GentooVM

#!/bin/sh

exec qemu-system-x86_64 \

        -enable-kvm \

        -boot d \

        -cdrom install-amd64-minimal-20140828.iso \

        -net tap,ifname=tap0,script=no,downscript=no -net nic,model=virtio \

        -cpu host -smp 2 \

        -drive file=/root/GentooVM.img,if=virtio \

        -m 2G \

        -vnc :0,password \

        -k en-us \

        -monitor stdio \

        -name "Gentoo VM" \

        $@

```

```
den ~ # cat /etc/qemu/qemu.conf

vnc_listen = "0.0.0.0"

vnc_password = "PASSWORD"

```

----------

## fargred

SPICE > VNC

----------

## vaxbrat

Your /etc/conf.d/net has the bridge defaulting the spanning tree protocol setting (stp) to "off".  This is meant to limit bridge to bridge traffic in larger networks.  However it can block certain types of broadcast message traffic between the vm and hosts on another lan segment.  For example if you have a dhcp server running in another host as a vm (eg Windows AD domain controller in VM on top of qemu hypervisor), your guest on this host will not be able to use it without stp turned "on" on both hypervisors bridges.

----------

