From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-user+bounces-164180-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
by finch.gentoo.org (Postfix) with ESMTP id DFC5D138CCC
for <garchives@archives.gentoo.org>; Wed, 6 May 2015 21:14:31 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id F2069E08A0;
Wed, 6 May 2015 21:14:25 +0000 (UTC)
Received: from mail-qk0-f170.google.com (mail-qk0-f170.google.com [209.85.220.170])
(using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id D5E73E0882
for <gentoo-user@lists.gentoo.org>; Wed, 6 May 2015 21:14:24 +0000 (UTC)
Received: by qku63 with SMTP id 63so15323978qku.3
for <gentoo-user@lists.gentoo.org>; Wed, 06 May 2015 14:14:24 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:in-reply-to:references:date:message-id:subject:from:to
:content-type;
bh=2sft9DU2eK5Lx9X+HGM7X5jj2BPwJAeNDnVjA+c7uVI=;
b=Hf2TQxhODov38AbfIUw7Sgf6gEWfWTfADu9ekY0YXw4m+AlcgVygKTZsfDM0XlE3UT
YXfMww88ugREiRp90097OB2YyyC71KQah3DQC9Ueap/dvvf5L0yjhHnpvqBM6DgpJ0Zd
EdZGN51Q53HfaomuM9VH4/iP0K9mj318rim43FuQHrKwp3h7wO5lSH8rxq4ByU6WaLnU
Yaf8IjjOa8ojrlQu0Vtx3Jkvlo7QNOf6/3ueLNpspz3Zv4RNZaZ9I61yMfW2d2/5h7NJ
mSCjOYur3nq6Ku5iRhT5jPtE5lXV9JNEw02aEkcJ/BiL02hPX3U/5mME7wHKnJPS5D6M
zq6w==
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
X-Received: by 10.140.109.181 with SMTP id l50mr912779qgf.91.1430946864113;
Wed, 06 May 2015 14:14:24 -0700 (PDT)
Received: by 10.140.227.145 with HTTP; Wed, 6 May 2015 14:14:24 -0700 (PDT)
In-Reply-To: <554A728D.8040905@xunil.at>
References: <554A728D.8040905@xunil.at>
Date: Wed, 6 May 2015 17:14:24 -0400
Message-ID: <CAOTuDKqWEbBVPa=pHscdCk0NSgx=s7XZgbOqHmWgr4_24ioo2A@mail.gmail.com>
Subject: Re: [gentoo-user] low risk network bridge
From: "Poison BL." <poisonbl@gmail.com>
To: gentoo-user <gentoo-user@lists.gentoo.org>
Content-Type: multipart/alternative; boundary=001a113ba04c876c1f0515704712
X-Archives-Salt: 6f44a7c5-f068-4354-ba61-27d4cb93b1e1
X-Archives-Hash: fcc5f8a4ec2e53fd4c4c79d5301c0470
--001a113ba04c876c1f0515704712
Content-Type: text/plain; charset=UTF-8
On Wed, May 6, 2015 at 3:59 PM, Stefan G. Weichinger <lists@xunil.at> wrote:
>
> My task is to enable a (remote) server to run VMs via qemu/KVM.
>
> The server is configured to set up its eth0 via openrc but this isn't
> enough to run the VMs network.
>
> I tried macvtap but something didn't work, either libvirt (yes, with
> USE-flag "macvtap") or something else (the kernel supports mavtap).
>
> So bridging.
>
> I'd like to keep the risk of losing connectivity as low as possible ... I
> can visit the place in a few weeks to iron out things but I would like to
> set up a bridge now without failure, just to get that VM running asap.
>
> Could anyone advise me in doing this?
>
> I have only ssh-access now ... its openrc-driven, and I might use a second
> IPv4-IP if that helps ...
>
> anyone?
>
> (editing the conf.d-files to remove eth0 and setup br0 is too scary right
> now. One mistake and the box is offline)
>
>
If you need the VMs outwardly visible, I can't think of a way to do it
without losing connection upon switching to the bridge (granted, I'm far
from an expert on bridging under linux). If you're fine with the VMs being
behind a NAT, and your kernel has the support for it, add the vm interfaces
to a bridge, enable net.ipv4.ip_forward and set up the NAT like any other
dual homed linux router... iptables-apply being your best friend for
testing changes without permanently losing access and/or having to reboot
to restore access.
--
Joshua M. Murphy
--001a113ba04c876c1f0515704712
Content-Type: text/html; charset=UTF-8
Content-Transfer-Encoding: quoted-printable
<div dir=3D"ltr"><div class=3D"gmail_extra"><div class=3D"gmail_quote">On W=
ed, May 6, 2015 at 3:59 PM, Stefan G. Weichinger <span dir=3D"ltr"><<a h=
ref=3D"mailto:lists@xunil.at" target=3D"_blank">lists@xunil.at</a>></spa=
n> wrote:<br><blockquote class=3D"gmail_quote" style=3D"margin:0px 0px 0px =
0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-=
style:solid;padding-left:1ex"><br>
My task is to enable a (remote) server to run VMs via qemu/KVM.<br>
<br>
The server is configured to set up its eth0 via openrc but this isn't e=
nough to run the VMs network.<br>
<br>
I tried macvtap but something didn't work, either libvirt (yes, with US=
E-flag "macvtap") or something else (the kernel supports mavtap).=
<br>
<br>
So bridging.<br>
<br>
I'd like to keep the risk of losing connectivity as low as possible ...=
I can visit the place in a few weeks to iron out things but I would like t=
o set up a bridge now without failure, just to get that VM running asap.<br=
>
<br>
Could anyone advise me in doing this?<br>
<br>
I have only ssh-access now ... its openrc-driven, and I might use a second =
IPv4-IP if that helps ...<br>
<br>
anyone?<br>
<br>
(editing the conf.d-files to remove eth0 and setup br0 is too scary right n=
ow. One mistake and the box is offline)<br>
<br>
</blockquote></div><br>If you need the VMs outwardly visible, I can't t=
hink of a way to do it without losing connection upon switching to the brid=
ge (granted, I'm far from an expert on bridging under linux). If you=
9;re fine with the VMs being behind a NAT, and your kernel has the support =
for it, add the vm interfaces to a bridge, enable net.ipv4.ip_forward and s=
et up the NAT like any other dual homed linux router... iptables-apply bein=
g your best friend for testing changes without permanently losing access an=
d/or having to reboot to restore access.</div><div class=3D"gmail_extra"><d=
iv><br></div>--=C2=A0<div>Joshua M. Murphy</div>
</div></div>
--001a113ba04c876c1f0515704712--