[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Connectivity for a qemu guest; was Re: Connection of a qemu guest t

From: Berto Furth
Subject: Re: Connectivity for a qemu guest; was Re: Connection of a qemu guest to the 'net.
Date: Sun, 21 Mar 2021 08:32:28 +1100
User-agent: Cyrus-JMAP/3.5.0-alpha0-206-g078a48fda5-fm-20210226.001-g078a48fd

Hi Steve,

I'll let Peter reply but here's my brief thought.

On Sun, 21 Mar 2021, at 02:57, Steve Litt wrote:
> peter@easthope.ca said on Fri, 19 Mar 2021 09:33:07 -0700
> >(4) Q: Why does qemu involve a bridge rather than only routing?
> >
> >A: My hypothesis.  Routing requires adjustment of iptables. Direct 
> >editing of iptables is difficult and error prone for non-experts. An 
> >alternative is to use Shorewall or similar functionality.  Shorewall 
> >is large package.  Imposing dependance of qemu on Shorewall will be 
> >unwelcome to some users.  A bridge is an expedient solution. 
> I'm unclear as to how "routing" is an alternative to a bridge and vice
> versa. Would this "routing" take place on the hardware host, or the
> software guest? Did you by any chance mean NAT instead of "routing"?

Routing would take place on the host. The host would be reconfigured to be a 
router and the guests would be on their own IP subnet. This would also mean 
that the router on the "real" network would have to be reconfigured with a 
route to the guest subnet via the host. In Peter's case though, the router is 
the host, so it's a bit unusual.

Naturally you could do NAT within the QEMU host for the guest network but then 
you'd lose easy connectivity to your guests from the rest of the real network. 
That is, no devices on the real network would be able to initiate connections 
to your guests without a lot of complicated and tedious NAT port translations 
and so forth.

Bridging is the easiest alternative. It means that guests are effectively 
sharing the physical network connection of the host. To the rest of the 
network, the guests would just look like new devices on the subnet. The guests 
would have IP addresses in the same subnet as the host. For example, the guests 
could get DHCP leases from the local DHCP server. 

> Are you able to use Inkscape or something else to make a simple diagram
> of the bridgeless host/guest interaction you've been trying to achieve?
> Here's a sample block diagram:
> http://www.troubleshooters.com/linux/qemu/images/mm_complex_bridge.svg
> Keep up the good work!
> Thanks,
> SteveT
> Steve Litt 
> Spring 2021 featured book: Troubleshooting Techniques of the Successful
> Technologist http://www.troubleshooters.com/techniques

reply via email to

[Prev in Thread] Current Thread [Next in Thread]