From: Mooneer S. <mo...@ea...> - 2000-12-01 02:04:48
|
I've succeeded in getting UML to boot within my Redhat Linux 6.1 box (running kernel 2.2.17, UML was running 2.4.0) I also got virtual ethernet to work on tap0 (I can contact the host and the host can contact UML, but UML cannot see the outside world without a proxy. The host has an IP of 216.74.72.5, which is accessable to the rest of the world. I know it's possible to set up IP Masquerating, but I would like people to be able to connect to service(s) I enable within UML. All I would need to do is set tap0 to 216.74.72.6 and eth0 in UML to 216.74.72.7 plus adding some ipchains rules correct? Or does it involve much more? (I already tried 'um_eth_net_util eth0 100', but that puts the Ethernet card in promiscuous mode, which overloads UML with network traffic.) -- Mooneer Salem Sysadmin, Ultraspeed UK (http://www.ultraspeed.co.uk/) GPLTrans (http://www.translator.cx/) IRC: irc.slashnet.org/mind21_98 Personal Home Page (http://msalem.translator.cx/) |
From: William S. <wst...@po...> - 2000-12-01 04:10:29
|
Good afternoon, Mooner, On Thu, 30 Nov 2000, Mooneer Salem wrote: > I've succeeded in getting UML to boot within my Redhat Linux 6.1 > box (running kernel 2.2.17, UML was running 2.4.0) I also got > virtual ethernet to work on tap0 (I can contact the host and the > host can contact UML, but UML cannot see the outside world without > a proxy. > > The host has an IP of 216.74.72.5, which is accessable to the rest of > the world. I know it's possible to set up IP Masquerating, but I would > like people to be able to connect to service(s) I enable within UML. > All I would need to do is set tap0 to 216.74.72.6 and eth0 in UML to > 216.74.72.7 plus adding some ipchains rules correct? Or does it involve > much more? (I already tried 'um_eth_net_util eth0 100', but that puts > the Ethernet card in promiscuous mode, which overloads UML with network > traffic.) - Set up uml with the following network configuration: (netmask=255.255.255.255, ip addresses as you specified above, use the host's tap0 IP as uml's default gateway). - Turn on ip forwarding in the kernel (if you have an /etc/sysctl.conf, make sure it has "net.ipv4.ip_forward = 1", otherwise add "echo 1 >/proc/sys/net/ipv4/ip_forward" to the end of /etc/rc.d/rc.local or /etc/rc.d/init.d/network) - Tell the host to stand in for the uml on the ethernet network; this is called proxyarp. Here's an example, assuming that eth0's mac address is 00:10:5A:CC:97:BF (you can find this in "ifconfig eth0"): arp -i eth0 -s 216.74.72.7 00:10:5A:CC:97:BF pub Likewise, add this to /etc/rc.d/init.d/network or /etc/rc.d/rc.local See ftp://mason.stearns.org/pub/doc/proxyarp-howto for a writeup I did on proxyarp. One more note; you can conserve one more address by using 216.74.72.5 as the IP address for both eth0 and tap0. Cheers, - Bill --------------------------------------------------------------------------- "Love is a snowmobile racing across the tundra and then suddenly it flips over, pinning you underneath. At night, the ice weasels come." -- Matt Groening (Courtesy of Steve Dodd <di...@lo...>) -------------------------------------------------------------------------- William Stearns (wst...@po...). Mason, Buildkernel, named2hosts, and ipfwadm2ipchains are at: http://www.pobox.com/~wstearns LinuxMonth; articles for Linux Enthusiasts! http://www.linuxmonth.com -------------------------------------------------------------------------- |
From: Mooneer S. <mo...@ea...> - 2000-12-02 03:38:05
|
I finally got it working for a few minutes to see if I can actually access the outside world. Aside from a slight slowdown sometimes (possibly due to the extra routing involved or from um_eth_net_util) it worked great. I no longer had to use Squid to access the Internet from UML. Just in case anyone else would like to know how I got UML to see the outside world, I'm posting the commands I used below (216.74.72.8 is an IP on the host, and 216.74.72.9 is the UML IP). First I opened 3 ssh windows at once going to the same host. I login as root to all three of them. In the first one, I booted UML. The second one ran "um_eth_net_util tap0 100", and the third was the window I did all the "From Host" commands in. I made sure UML and um_eth_net_util started successfully, then I executed each of the commands under "From UML" one at a time (inside the window running UML). Next I switched over to the third window which I purposely left idle. I entered each of the commands under "From Host", one at a time. After this was successful, I went to the UML window and made sure I could ping the host. Once I made sure I was able to access the host, I made sure I could access the outside world by pinging the router. Once sasitified, I considered myself fully hooked to the Internet from UML***. (*** optionally you can execute the following commands in the third window after getting networking operational: ipchains -P forward DENY ipchains -A forward -s 216.74.72.9 -j ACCEPT -i eth0 ipchains -A forward -d 216.74.72.9 -j ACCEPT -i tap0 This will result in better security by limiting who can route through your system. Note: you may have to use different commands if you are running a 2.4.x kernel on the host machine.) Commands: From Host: ifconfig tap0 216.74.72.8 echo 1 >/proc/sys/net/ipv4/ip_forward arp -i eth0 -s 216.74.72.9 -D tap0 pub route add -host 216.74.72.9 dev tap0 From UML: ifconfig eth0 hw ether 0:0:10:0:0:1 ifconfig eth0 216.74.72.9 netmask 255.255.255.0 route add -host 216.74.72.8 dev eth0 route add -net default gw 216.74.72.8 dev eth0 ------------------------------------------------------- Now since I got it up and running on the Internet is it possible to use IP aliasing on the UML side so that I can attach more than one IP to the virtual eth0? Would it involve going back to the host and adding additional ARP entries? -----Original Message----- From: William Stearns [mailto:wst...@po...] Sent: Thursday, November 30, 2000 8:10 PM To: Mooneer Salem Cc: ML-uml-user; William Stearns Subject: Re: [uml-user] Making services in UML available to the outside world Good afternoon, Mooner, On Thu, 30 Nov 2000, Mooneer Salem wrote: > I've succeeded in getting UML to boot within my Redhat Linux 6.1 > box (running kernel 2.2.17, UML was running 2.4.0) I also got > virtual ethernet to work on tap0 (I can contact the host and the > host can contact UML, but UML cannot see the outside world without > a proxy. > > The host has an IP of 216.74.72.5, which is accessable to the rest of > the world. I know it's possible to set up IP Masquerating, but I would > like people to be able to connect to service(s) I enable within UML. > All I would need to do is set tap0 to 216.74.72.6 and eth0 in UML to > 216.74.72.7 plus adding some ipchains rules correct? Or does it involve > much more? (I already tried 'um_eth_net_util eth0 100', but that puts > the Ethernet card in promiscuous mode, which overloads UML with network > traffic.) - Set up uml with the following network configuration: (netmask=255.255.255.255, ip addresses as you specified above, use the host's tap0 IP as uml's default gateway). - Turn on ip forwarding in the kernel (if you have an /etc/sysctl.conf, make sure it has "net.ipv4.ip_forward = 1", otherwise add "echo 1 >/proc/sys/net/ipv4/ip_forward" to the end of /etc/rc.d/rc.local or /etc/rc.d/init.d/network) - Tell the host to stand in for the uml on the ethernet network; this is called proxyarp. Here's an example, assuming that eth0's mac address is 00:10:5A:CC:97:BF (you can find this in "ifconfig eth0"): arp -i eth0 -s 216.74.72.7 00:10:5A:CC:97:BF pub Likewise, add this to /etc/rc.d/init.d/network or /etc/rc.d/rc.local See ftp://mason.stearns.org/pub/doc/proxyarp-howto for a writeup I did on proxyarp. One more note; you can conserve one more address by using 216.74.72.5 as the IP address for both eth0 and tap0. Cheers, - Bill |