Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Bridged Networking or User mode? Replace ebtables & iptables with iptables-nft to allow bridged networking. #72

Open
Labels
documentationImprovements or additions to documentationenhancementNew feature or request
@sickcodes

Description

@sickcodes

Here are the two types of networking

# usermode-netdev user,id=net0,hostfwd=tcp::10022-:22,-device e1000-82545em,netdev=net0,id=net0,mac=52:54:00:09:49:17# bridged-netdev tap,id=net0,ifname=tap0,script=no,downscript=no-device vmxnet3,netdev=net0,id=net0,mac=52:54:00:AB:F8:B7

user mode

The image has the same IP as your Docker IPip n to see neighbors
QEMU cannot be reached unless you add ports in the QEMU args during "docker run"
Can't expose Docker ports on a running container (AFAIK), you have to start a new image and move the installation around.
You also have to edit the Launch.sh or add in arguments

bridged mode

The image will run on the container's own internal network, like 10.0.2.15 or something or 192.168.122.11x

After that, you can ssh OR docker exec into the Docker and then ssh into the QEMU image.

which is better?

Realistically, they both appear exactly the same.
Bridge mode would let people forward all connections to the bridge IP.

# usermode# you have to adddocker run ... -p 50922:10022 -e EXTRA='-netdev user,hostfwd=tcp::10022-:22'# bridge-modedocker run ... -p 50922:10022 -ip p.ubl.ic.ip

If anyone wants to test it out:

sudo tee -a /etc/sysctl.conf <<< 'net.ipv4.ip_forward=1'sudo sysctl -psudo pacman -S iptables-nftsudo systemctl enable --now libvirtd.servicesudo systemctl enable --now virtlogd.servicesudo ip tuntap add dev tap0 mode tapsudo ip link set tap0 up promisc on sudo virsh net-autostart defaultsudo virsh net-start defaultsudo ip link set dev virbr0 upsudo ip link set dev tap0 master virbr0# use the  networking from above in the QEMU args

The actual bug is ebtalbes + dnsmasq doesn't work virsh networking.
You can test it out:

sudo pacman -S libvirtdvirsh net-info --domain default# works

Bugged:

sudo pacman -S ebtables dnsmasqvirsh net-info --domain default# fails

Fix:

sudo pacman -S iptables-nftvirsh net-info --domain default# works

It's a strange bug, I though related to polkit, however, I found it incompatible with ebtables.

Possibly just with Arch, that the default network doesn't get installed.

Easy fix: replace iptables and ebtables with iptables-nft. If not, virsh hangs, sudo virsh hangs.

On the other hand, QEMU and Docker networking is really, really easy to debug. If bridged network is added, you'd have to start the bridge every time, I also think you need--net host

Metadata

Metadata

Assignees

No one assigned

    Labels

    documentationImprovements or additions to documentationenhancementNew feature or request

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions

      [8]ページ先頭
      ©2009-2025 Movatter.jp