Joined: Mar. 2007
||Posted: Mar. 02 2007,01:25
Just read somewhere....
"In other words, conceptually, tun0 actually sits 'between' the host OS and the guest (whether this is actually the case or not I leave as an intellectual exercise for the reader). So, the tun0 address and the qemu guest OS address should be different, but should both be on the same subnet, and that subnet should be utterly different to anything else on your network. Intellectually I can appreciate the possibility that it shouldn't *have* to be on a different subnet, but in practice I met with utter and complete failure attempting to make tun0 and the guest OS NIC live on the same subnet as all the 'real' NICs.
Therefore, all traffic to the 'real world' goes from the guest, to tun0 (ie, in the guest OS set the address of the default gateway to be the tun0 address), and from tun0 out to the world via the real NIC address. To make all this work, you need a script that puts the house in order for tun0.
Your real NIC, because all of the traffic is routing through it, has to have an appropriate iptables rule to masquerade traffic, and ip forwarding needs to be enabled for the host OS. Here is a simple script that does everything necessary (ie, this is a working, complete qemu-ifup):
iptables --flush #Clear out all previous rules ('/etc/init.d/iptables stop' may also work)
echo 1 >/proc/sys/net/ipv4/ip_forward #Enable IP forwarding for the host OS
iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE #Enable masquerading on your real NIC so tun0 can get in and out
ifconfig $1 10.0.0.1 #Bring up tun0 on a different subnet from the host
OMG somone please put iptables into the DSL distro