1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
|
#!/bin/sh
# $Id$
# Qemu environment preparation script
# ---------------------------------------------------------------------------
#
# After running this startup script, run a QEMU virtual machine in this way:
#
# qemu-system-x86_64 \
# -net vde,sock=/var/run/kvm0.ctl,vlan=0 -net nic,vlan=0 \
# [qemu_option [qemu_option], ...]
#
# This will automatically connect the QEMU virtual machine to the VDE switch.
#
# ---------------------------------------------------------------------------
#
# Network type can be one of "route" "bridge" or "nat":
# - In "route" mode, the script will expect that the 'routed' daemon is running
# on the host (see /etc/rc.d/rc.inet2 to start 'routed'), and will not
# create iptables NAT rules.
# The virtual network will be routed on the LAN and will be accessible as a
# separate network segment (make sure the IP range defined below does not
# conflict with existing parts of your network!). The guests will use our
# private dnsmasq server to obtain IP addresses.
# - In "bridge" mode, the script will try to add the tap device to an existing
# network bridge, and will not create iptables NAT rules.
# The guests will be seen on the LAN as part of the network.
# - In "nat" mode, the script will create iptables NAT rules. These hide the
# virtual network behind an internal NAT router. The guests will have full
# network access, but will be accessible only from the host.
#
# ---------------------------------------------------------------------------
#NETWORKTYPE="route"
#NETWORKTYPE="bridge"
NETWORKTYPE="nat"
# Host interfaces that need to be NAT-ed (in case we're not bridging/routing):
# Add more interfaces space-separated, like "eth+ wlan+"
NAT_IFS="eth+"
# What is the bridge interface called if we are bridging?
BR_DEV=br0
# What is the name of the tun/tap device we will be using?
TAP_DEV=kvm0
start_tap() {
# Load tun module
/sbin/modprobe tun 2>/dev/null
# Wait for the module to be loaded
while ! /bin/lsmod |grep -q "^tun"; do echo Waiting for tun device;sleep 1; done
# Start tap switch
vde_switch --tap ${TAP_DEV} --daemon --group kvm \
--sock /var/run/${TAP_DEV}.ctl --pidfile /var/run/${TAP_DEV}_vde.pid \
--mod 775 --mgmtmode 770 --mgmt /var/run/${TAP_DEV}-manage
sleep 1
# Change pipe permission:
#chmod -R a+rwx /var/run/vde.ctl
} # End start_tap
stop_tap() {
# Bring tap interface down:
ifconfig ${TAP_DEV} down
# Kill VDE switch:
#pgrep -f vde_switch | xargs kill -TERM
kill -HUP $(cat /var/run/${TAP_DEV}_vde.pid)
# Remove the control socket:
#rmdir /var/run/vde.ctl
} # End stop_tap
start_localdhcp() {
# The IP configuration for the tap device that will be used for
# the virtual machine network:
TAP_IP=10.111.111.254
TAP_MASK=255.255.255.0
TAP_BCAST=$(/bin/ipmask ${TAP_MASK} ${TAP_IP} | cut -f 1 -d ' ')
# Definitions for the LAN segment the Qemu virtual machines will be in.
# These definitions will be fed to dnsmasq - this program will provide DNS
# and DHCP to the Qemu LAN.
# The VM_IPLOW and VM_IPHIGH addresses must agree with the definitions for
# the tap0 device above. These 'low' and 'high' values are the IP address
# range for the DHCP server to use.
VM_DOMAIN=qemu.lan
VM_IPLOW=10.111.111.128
VM_IPHIGH=10.111.111.199
VM_BCAST=${TAP_BCAST}
VM_MASK=${TAP_MASK}
# For additional options to dnsmasq - the commented example specifies that
# all DNS lookups for 'my.net' should go to 192.168.1.1;
# On the second line you find a configuration for supporting network boot:
#DNSMASQ_OPTIONS="--server /my.net/192.168.1.1 \
# --dhcp-boot=/pxelinux.0,\"192.168.1.1\",192.168.1.1"
DNSMASQ_OPTIONS=""
# Bring tap interface up
ifconfig ${TAP_DEV} ${TAP_IP} broadcast ${TAP_BCAST} netmask ${TAP_MASK}
# Start dnsmasq, the DNS/DHCP server
# for our Virtual Machines behind the tap0 interface.
# The '--conf-file' option prevents this instance from reading the default
# /etc/dnsmasq.conf settings. Also, binds to the tun interface, to keep it
# from interfering with other dnsmasq/named processes running on the host's
# primary interfaces.
/usr/sbin/dnsmasq \
--log-queries \
--user=daemon \
--dhcp-leasefile=/var/state/dhcp/qemu-dhcpd.leases \
--dhcp-range=${VM_IPLOW},${VM_IPHIGH},${VM_MASK},${VM_BCAST},8h \
--interface=${TAP_DEV} --except-interface=lo --bind-interfaces \
--pid-file=/var/run/${TAP_DEV}_dnsmasq.pid --conf-file \
--domain=${VM_DOMAIN} \
$DNSMASQ_OPTIONS
} # End start_localdhcp
stop_localdhcp() {
# Stop dnsmasq
#pgrep -f dnsmasq | xargs kill -TERM
kill -TERM $(cat /var/run/${TAP_DEV}_dnsmasq.pid) \
&& rm -f /var/run/${TAP_DEV}_dnsmasq.pid
} # End stop_localdhcp
start_route() {
# We need a private dnsmasq instance in a routed configuration:
start_localdhcp
} # End start_route
stop_route() {
# We need to stop our private dnsmasq instance in a routed configuration:
stop_localdhcp
} # End stop_route
start_nat() {
# Start IP Forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
for NIC in ${NAT_IFS}; do
iptables -t nat -A POSTROUTING -o ${NIC} -j MASQUERADE
done
# We need a private dnsmasq instance in a NAT configuration:
start_localdhcp
} # End start_nat
stop_nat() {
# We need to stop our private dnsmasq in a NAT configuration:
stop_localdhcp
# Delete the NAT rules
for NIC in ${NAT_IFS}; do
iptables -t nat -D POSTROUTING -o ${NIC} -j MASQUERADE
done
# Stop IP Forwarding
echo "0" > /proc/sys/net/ipv4/ip_forward
}
start_bridge() {
# Connect our tap device from the bridge:
/sbin/ifconfig $TAP_DEV down
/sbin/ifconfig $TAP_DEV 0.0.0.0 promisc up
/sbin/brctl addif $BR_DEV $TAP_DEV
}
stop_bridge() {
# Disconnect our tap device from the bridge:
/sbin/brctl delif $BR_DEV $TAP_DEV
}
# See how we were called.
case "$1" in
start)
echo -n "Starting VDE network for QEMU: "
start_tap
start_$NETWORKTYPE
echo
;;
stop)
echo -n "Stopping VDE network for QEMU: "
stop_$NETWORKTYPE
stop_tap
echo
;;
restart|reload)
$0 stop
sleep 1
$0 start
;;
*)
echo "Usage: $0 {start|stop|restart|reload}"
exit 1
esac
|