The Linux Page
Home

QEMU networking problems when trying to get it to connect with the host (bridging not working)

Submitted by on Mon, 11/21/2011 - 18:00

Virtual Box Bridging

I have a computer with Ubuntu 11.04 (the host) on which I installed a version of Ubuntu 11.10 (the guest) using QEMU. Both are 64bit on an i5 quad.

What I'm trying to do is allow the host to access the guest via a br0 bridge and possibly using all static addresses so they don't change on me (there still seem to be some DHCP going on the guest side and maybe that's part of the problem.)

When I start qemu with nic/user, it works as expected (well... somehow the nameserver 10.0.2.3 fails now... since I installed my br0 bridge, but I can fix the /etc/resolv.conf file to use my usual resolution name servers and it all works fine)

/usr/bin/qemu-system-x86_64 -monitor stdio -enable-kvm \
     -m 1024 -hda /servers/webserver/WebServer.raw \
     -net nic -net user -name "WebServer"

Now, when I start qemu with nic/tap, it fails connecting to the network. The bridge is there on eth3 and tap0, but there is no route between the guest and anything (and vice versa as far as nmap tells me.)

sudo /usr/bin/qemu-system-x86_64 -monitor stdio -enable-kvm \
     -m 1024 -hda /servers/webserver/WebServer.raw \
     -net nic -net tap -name "WebServer"

(Note that I use sudo since qemu creates tap0 for you--I have not found a way to not have it create tap0, the script=no option as some people mention does not prevent that from happening!)

The following is my updated qemu-ifup script that sets up the br0 bridge with the tap0 and setup tap0 as I think it should be...

# /etc/qemu-ifup

switch=br0
echo "qemu: setup interface: \"$1\", on bridge: \"${switch}\""
# tap0 is created by QEMU
#/usr/sbin/openvpn --mktun --dev $1 --user `id -un`
n=`echo $1 | sed -e 's/tap//'`
p=`expr 100 + $n`
/sbin/ifconfig $1 192.168.2.$p up
/usr/sbin/brctl addif $switch $1

# I found the following somewhere, but it doesn't help...
route add -host 192.168.2.252 dev $1
echo 1 > /proc/sys/net/ipv4/conf/$1/proxy_arp
arp -Ds 192.168.2.252 $switch pub

br0 is setup in the /etc/network/interfaces as expected and comes up on boot and works perfectly (I have other physical computers using it successfully.)

auto br0
iface br0 inet static
    address 192.168.2.1
    netmask 255.255.255.0
    network 192.168.2.0
    broadcast 192.168.2.255
    bridge_ports    eth3
    bridge_stp      off
    bridge_maxwait  0
    bridge_fd       0

Also, I have a very strong firewall, but I can tell that absolutely no traffic is coming through... so no traffic is being blocked at this point. I do get the usual 224.0.0.x messages though:

IN= OUT=br0 SRC=192.168.2.1 DST=224.0.0.251 LEN=71 TOS=0x00
       PREC=0x00 TTL=255 ID=0 DF PROTO=UDP SPT=5353 DPT=5353 LEN=51

This is one among others. But all of those are local anyway, so it has nothing to do with the guest itself.

Pinging the tap0 address doesn't do anything:

ping 192.168.2.100
PING 192.168.2.100 (192.168.2.100) 56(84) bytes of data.
ping: sendmsg: Operation not permitted

Routes include the following:

192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 br0
192.168.2.0     0.0.0.0         255.255.255.0   U     0      0        0 tap0
192.168.122.0   0.0.0.0         255.255.255.0   U     0      0        0 virbr0

Note the virbr0 which automatically appears... and makes the nic/user work (I think, at least, that this is here for that purpose.)

The guest account eth0 setup is the default:

auto eth0
iface eth0 inet dhcp

which is why I am thinking there could be a DHCP problem. Although I tried with a static address to no avail so far (address 192.168.2.100 as the tap0 interface).

Any idea what I'm doing wrong? I found all sorts of setup files and most do not work in 11.04 and none had any changes to the guest setup which I am thinking could be a problem as I do not run a DHCP on the host that the guest could use (although somehow it works with nic/user so there is some for of dhcp going on!)

Redirection instead of Bridging

Note that I can make the user version function with a redirection as in:

... -net user,hostfwd=tcp:127.0.0.1:8888-:80 ...

and that does part of what I want to accomplish, but I still would prefer to get the tap and bridge work.

SSH Connection doesn't work?

Note that to make use of the SSH server on your new virtual box without having to enter a password each time, you will want to edit the sshd_config file and change the following two lines:

PasswordAuthentication no
PermitEmptyPasswords yes

(Actually, the PasswordAuthentication parameter is not in the default file... and the PermitEmptyPasswords is set to "no" by default.)