From: Christian H. K. <qno...@qn...> - 2009-08-22 00:22:36
|
Hi all, I found UML and found it a good thing. I tried it on my local machine. Everything worked fine. What i did (from Step 3 as root): (Host is on 192.168.1.xxx network) dd if=/dev/zero of=uml-root-jaunty bs=4096 seek=1M count=1 mkfs.ext3 uml-root-jaunty mount -o loop uml-root-jaunty /mnt/testvm debootstrap jaunty /mnt/testvm http://de.archive.ubuntu.com/ubuntu echo "/dev/ubd0 / ext3 defaults 0 1" > /mnt/testvm/etc/fstab echo "proc /proc proc defaults 0 0" >> /mnt/testvm/etc/fstab echo "127.0.0.1 localhost" > /mnt/testvm/etc/hosts echo "auto lo" > /mnt/testvm/etc/network/interfaces echo "iface lo inet loopback" >> /mnt/testvm/etc/network/interfaces echo "auto eth0" >> /mnt/testvm/etc/network/interfaces echo "iface eth0 inet static" >> /mnt/testvm/etc/network/interfaces echo " address 192.168.1.251" >> /mnt/testvm/etc/network/interfaces echo " netmask 255.255.255.0" >> /mnt/testvm/etc/network/interfaces echo "tty0" >> /mnt/testvm/etc/securetty echo "ttys/0" >> /mnt/testvm/etc/securetty rm /mnt/testvm/etc/event.d/tty2 rm /mnt/testvm/etc/event.d/tty3 rm /mnt/testvm/etc/event.d/tty4 rm /mnt/testvm/etc/event.d/tty5 rm /mnt/testvm/etc/event.d/tty6 I cd to /mnt/testvm/lib/modules and copied /usr/lib/uml/modules/2.6.22-5c5 there. After that, i chrooted into /mnt/testvm, set passwd, left chroot, and started linux ubd0=uml-root-jaunty umid=uml1 eth0=tuntap,,,192.168.1.250 The UML guest started and opened 6 gnome terminals (only one with a login prompt, but that was sufficient). I logged in as root, installed the ssh daemon, and to avoid the now unnecessary terminals, i added next time con0=fd:0,fd:1 con=pts to the start parameters. Everything worked fine. So i promised a friend a virtual server on my dedicated server. It's a machine i have no physical access to. Let's say it's IP is 1.2.3.4. My provider gave me still network addresses 1.2.5.0/255.255.255.248. A traceroute shows that those additional IP are properly routed to my server. It is running an up-to-date ubuntu, and generally working fine. I installed all prerequisites. Now i repeated the above process. Of course, i gave not 192.168.1.251 in the echo command, but 1.2.5.3, what i selected for the guest. I copied the uml-modules and chrooted for setting a password. And i started with linux ubd0=uml-root-jaunty umid=uml1 eth0=tuntap,,,1.2.5.1 ssl=port:9000 (i don't get a terminal at my machine at home, and somehow i need to connect), so that the hosts tap0 has 1.2.5.1 as IP. I get a lot of errors, mostly that mknod could not create a db file /dev/... because no space left on device. The root fs is mounted ro, so i did not expect anything else, and on my local machine it worked. But also i get: * Loading hardware drivers... [42949377.410000] * modprobe tun [42949377.410000] * ifconfig tap0 1.2.5.1 netmask 255.255.255.255 up [42949377.410000] * bash -c echo 1 > /proc/sys/net/ipv4/ip_forward [42949377.410000] * route add -host 1.2.5.3 dev tap0 [42949377.410000] * bash -c echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp [42949377.410000] * arp -Ds 1.2.5.3 eth0 pub [42949377.410000] * arp -Ds 1.2.5.3 eth0 pub [42949377.410000] * route del -host 1.2.5.3 dev tap0 [42949377.410000] * bash -c echo 0 > /proc/sys/net/ipv4/conf/tap0/proxy_arp [42949377.410000] * arp -i eth0 -d 1.2.5.3 pub [42949377.410000] * arp -i eth0 -d 1.2.5.3 pub [42949377.410000] Kein ARP-Eintrag für 1.2.5.3 [42949377.410000] * route add -host 1.2.5.3 dev tap0 [42949377.410000] * bash -c echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp The third line from bottom translates from german to "no ARP-Entry for 1.2.5.3" On the host OS, ifconfig finds tap0 Link encap:Ethernet Hardware Adresse be:fa:2d:92:11:39 inet Adresse:1.2.5.1 Bcast:88.255.255.255 Maske:255.255.255.255 inet6-Adresse: fe80::bcfa:2dff:fe92:1139/64 Gültigkeitsbereich:Verbindung UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1 RX packets:6 errors:0 dropped:0 overruns:0 frame:0 TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 Kollisionen:0 Sendewarteschlangenlänge:500 RX bytes:468 (468.0 B) TX bytes:468 (468.0 B) and route 1.2.5.3 * 255.255.255.255 UH 0 0 0 tap0 But a ping finds its target. And nmap shows all ports, especially 9000, closed. How do i get inside the guest? Also, 1.2.5.3 is not pingable from my home machine. Is there anything else for making routing possible? TIA from an uml newbie QNo -- |
From: andy b. <an...@ea...> - 2009-08-23 07:41:48
|
Hi, Not sure about this but I'm wondering if your problem is that you're trying to access uml through a tap device on the same network as your host machine's ethernet interface. The only way I've managed to get things working is by putting tap0 on a separate network to the other network interfaces. I.e. eth0 is on network 10.0.0.0 (netmask 255.0.0.0), eth1 is on 192.168.1.0 (netmask 255.255.255.0) and tap0 is on 192.168.2.0 (netmask 255.255.255.0), with the ip address of tap0 being 192.168.2.1, and the uml machine's eth0 on 192.168.2.2. This way just bringing up the tap0 interface with: ifconfig $ETHTAP $ETHTAPADDR netmask $ETHTAPMASK up seems to create the correct routing on the host machine to make sure packets sent to its eth0 or eth1 device with ip address 192.168.2.2 end up at the uml machine. This works without any need for proxy arp or specific routeing instructions. However, - This is only the way I've got it working, and there may be other valid approaches. - It wouldn't quite solve your problem, as you would still need to make sure that packets sent to the host's eth0 on 1.2.5.3 are forwarded to the machine 192.168.2.2 (or whatever you have set up the guest as). I'm not sure how you do this in linux, but it should be possible I think. Hope this is of some help at least, andy Christian H. Kuhn wrote: > Hi all, > > I found UML and found it a good thing. I tried it on my local > machine. Everything worked fine. What i did (from Step 3 as root): > (Host is on 192.168.1.xxx network) > > dd if=/dev/zero of=uml-root-jaunty bs=4096 seek=1M count=1 > mkfs.ext3 uml-root-jaunty > mount -o loop uml-root-jaunty /mnt/testvm > debootstrap jaunty /mnt/testvm http://de.archive.ubuntu.com/ubuntu > echo "/dev/ubd0 / ext3 defaults 0 1" > /mnt/testvm/etc/fstab > echo "proc /proc proc defaults 0 0" >> /mnt/testvm/etc/fstab > echo "127.0.0.1 localhost" > /mnt/testvm/etc/hosts > echo "auto lo" > /mnt/testvm/etc/network/interfaces > echo "iface lo inet loopback" >> /mnt/testvm/etc/network/interfaces > echo "auto eth0" >> /mnt/testvm/etc/network/interfaces > echo "iface eth0 inet static" >> /mnt/testvm/etc/network/interfaces > echo " address 192.168.1.251" >> /mnt/testvm/etc/network/interfaces > echo " netmask 255.255.255.0" >> /mnt/testvm/etc/network/interfaces > echo "tty0" >> /mnt/testvm/etc/securetty > echo "ttys/0" >> /mnt/testvm/etc/securetty > rm /mnt/testvm/etc/event.d/tty2 > rm /mnt/testvm/etc/event.d/tty3 > rm /mnt/testvm/etc/event.d/tty4 > rm /mnt/testvm/etc/event.d/tty5 > rm /mnt/testvm/etc/event.d/tty6 > > I cd to /mnt/testvm/lib/modules and copied > /usr/lib/uml/modules/2.6.22-5c5 there. After that, i chrooted into > /mnt/testvm, set passwd, left chroot, and started > > linux ubd0=uml-root-jaunty umid=uml1 eth0=tuntap,,,192.168.1.250 > > The UML guest started and opened 6 gnome terminals (only one with a > login prompt, but that was sufficient). I logged in as root, installed > the ssh daemon, and to avoid the now unnecessary terminals, i added > next time con0=fd:0,fd:1 con=pts to the start parameters. Everything > worked fine. > > So i promised a friend a virtual server on my dedicated server. It's a > machine i have no physical access to. Let's say it's IP is 1.2.3.4. My > provider gave me still network addresses 1.2.5.0/255.255.255.248. A > traceroute shows that those additional IP are properly routed to my > server. It is running an up-to-date ubuntu, and generally working > fine. I installed all prerequisites. > > Now i repeated the above process. Of course, i gave not 192.168.1.251 > in the echo command, but 1.2.5.3, what i selected for the guest. I > copied the uml-modules and chrooted for setting a password. And i > started with > > linux ubd0=uml-root-jaunty umid=uml1 eth0=tuntap,,,1.2.5.1 ssl=port:9000 > > (i don't get a terminal at my machine at home, and somehow i need to > connect), so that the hosts tap0 has 1.2.5.1 as IP. I get a lot of > errors, mostly that mknod could not create a db file /dev/... because > no space left on device. The root fs is mounted ro, so i did not > expect anything else, and on my local machine it worked. But also i > get: > > * Loading hardware drivers... [42949377.410000] * modprobe tun > [42949377.410000] * ifconfig tap0 1.2.5.1 netmask 255.255.255.255 up > [42949377.410000] * bash -c echo 1 > /proc/sys/net/ipv4/ip_forward > [42949377.410000] * route add -host 1.2.5.3 dev tap0 > [42949377.410000] * bash -c echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp > [42949377.410000] * arp -Ds 1.2.5.3 eth0 pub > [42949377.410000] * arp -Ds 1.2.5.3 eth0 pub > [42949377.410000] * route del -host 1.2.5.3 dev tap0 > [42949377.410000] * bash -c echo 0 > /proc/sys/net/ipv4/conf/tap0/proxy_arp > [42949377.410000] * arp -i eth0 -d 1.2.5.3 pub > [42949377.410000] * arp -i eth0 -d 1.2.5.3 pub > [42949377.410000] Kein ARP-Eintrag für 1.2.5.3 > [42949377.410000] * route add -host 1.2.5.3 dev tap0 > [42949377.410000] * bash -c echo 1 > /proc/sys/net/ipv4/conf/tap0/proxy_arp > > The third line from bottom translates from german to "no ARP-Entry for > 1.2.5.3" > > On the host OS, ifconfig finds > > tap0 Link encap:Ethernet Hardware Adresse be:fa:2d:92:11:39 > inet Adresse:1.2.5.1 Bcast:88.255.255.255 Maske:255.255.255.255 > inet6-Adresse: fe80::bcfa:2dff:fe92:1139/64 Gültigkeitsbereich:Verbindung > UP BROADCAST RUNNING MULTICAST MTU:1500 Metrik:1 > RX packets:6 errors:0 dropped:0 overruns:0 frame:0 > TX packets:6 errors:0 dropped:0 overruns:0 carrier:0 > Kollisionen:0 Sendewarteschlangenlänge:500 > RX bytes:468 (468.0 B) TX bytes:468 (468.0 B) > > and route > > 1.2.5.3 * 255.255.255.255 UH 0 0 0 tap0 > > But a ping finds its target. And nmap shows all ports, especially > 9000, closed. How do i get inside the guest? > > Also, 1.2.5.3 is not pingable from my home machine. Is there anything > else for making routing possible? > > TIA from an uml newbie > QNo > > > > |
From: Christian H. K. <chr...@qn...> - 2009-08-23 13:52:32
|
Hi Andy, Thank you for your answer. & andy baxter <an...@ea...> [2009-08-23 09:52]: > Not sure about this but I'm wondering if your problem is that you're > trying to access uml through a tap device on the same network as your > host machine's ethernet interface. In your example, you use only private IPs, while i have public IPs. But i'll give it a try. > - It wouldn't quite solve your problem, as you would still need to make > sure that packets sent to the host's eth0 on 1.2.5.3 are forwarded to > the machine 192.168.2.2 (or whatever you have set up the guest as). I'm > not sure how you do this in linux, but it should be possible I think. That's a simple NAT with the help of iptables. The main difference is that 192.168.2.2 would not be routed to and from the internet, so you have to translate the private 192.168.2.2 to the public 1.2.5.3 IP and keep track of the translated connections. Really no problem. But that solves not the main problem. From host OS, i can reach the guest OS by ping, but how do i get inside? Kind regards, Chris |
From: andy b. <an...@ea...> - 2009-08-27 13:55:26
|
Christian H. Kuhn wrote: > >> - It wouldn't quite solve your problem, as you would still need to make >> sure that packets sent to the host's eth0 on 1.2.5.3 are forwarded to >> the machine 192.168.2.2 (or whatever you have set up the guest as). I'm >> not sure how you do this in linux, but it should be possible I think. >> > > That's a simple NAT with the help of iptables. The main difference is > that 192.168.2.2 would not be routed to and from the internet, so you > have to translate the private 192.168.2.2 to the public 1.2.5.3 IP and > keep track of the translated connections. Really no problem. > > But that solves not the main problem. From host OS, i can reach the > guest OS by ping, but how do i get inside? > The way I did it was: - with uml stopped, chroot into the uml machine's filesystem, set up apt, and install ssh. - start uml with networking, and ssh to the relevant address. This is working fine for me. andy |
From: David F. R. P. <dav...@gm...> - 2009-08-24 17:05:19
|
Hi Christian Why don't you use tcpdump on the host and inside uml to find out if you can ping from/to the UML interface to/from the host? David |
From: Christian H. K. <chr...@qn...> - 2009-08-24 19:11:25
|
Hi David, & David Francisco Rodriguez Perez <dav...@gm...> [2009-08-24 19:19]: > Why don't you use tcpdump on the host and inside uml Because i don't get inside uml. I can ping from host to uml. Kind regards, Chris -- |