[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Qemu-devel] Feature request: option to disable protection in user m
John R. Hogerhuis
Re: [Qemu-devel] Feature request: option to disable protection in user mode networking
Thu, 30 Sep 2004 12:57:11 -0700
On Thu, 2004-09-30 at 00:25, Lionel Ulmer wrote:
> > User mode networking is nifty++. I was wondering, though if it would be
> > possible to disable the guest OS protection as a runtime option.
> This is not possible as (AFAIK), QEMU's ethernet adaptator emulation layer
> has absolutely no idea on which ports the guest OS is listening to. So to do
> what you want, it would entail opening all possible ports on the QEMU side
> and 'forward' them to the guest OS.
> This is already possible, but I doubt that you want to DoS your Linux box by
> using all possible ports :-)
Why would you consider a "forward-all" option to be a DoS?
All cheapo NAT boxes have this and gamers who don't know any better
often use it to get games to work rather than finding the handful or
bank of ports they actually need to open. NAT is kind of analagous to
user-mode networking in QEMU, but not quite...
I think the real problem here is that to listen on a port, slirp (the
host) has to create a listening socket. If you want to effectively have
a "forward all" you would either have to have a listen open on every
port. Add to that the fact that some ports will already have listens on
them, and that as an average user qemu won't have access privileged
ports at all.
So I think the original poster needs to use TUN/TAP networking if he
wants to experiment with the guests's firewall.