vm: virtual machine
host : a server for creating a virtual machine
Requirement: use nat to create a virtual machine with qemu, so that the virtual machine can access the external network.
The current host's ip is 192.168.139.85.
I want to set the vm's ip segment to In the 192.168.122.0 segment, dhcp automatically obtains the IP and accesses the external network.
Basic principle : use the tap method to establish a vm, establish a bridge virbr0, use the bridge as the gateway 192.168.122.1, and bind the tap to the bridge virbr0 , the tap device is connected to eth0 in the vm, so all the established vms can access each other on the bridge, use dnsmasq to establish a dhcp service on the host, and bind it to virbr0, so that all the vms bound to the bridge The vm can use the dhcp service, and the dhclient can be used in the vm to obtain the ip address provided by the host dhcp service, set the nat iptables on the host, and then turn on the forwarding function of the system. Need to install : qemu, tap, brctl, iptables, need a kernel file bzImage, an operating system image file hda.img Environment : Ubuntu 14.04.4 LTS 1. Create a 120M simplified linux image hda.img, which is required to support ip ,ifconfig,iptables,dhclient and other network commands
build method
debootstrap --variant=minbase --include=util-linux,dhcp-client,ssh,vim,make,psmisc,mini-httpd,net-tools,iproute,iputils-ping,procps,telnet,iptables,wget,tcpdump,curl,gdb,binutils,gcc,libc6-dev,lsof,strace --exclude=locales,aptitude,gnupg,cron,udev,tasksel,rsyslog,groff-base,manpages,gpgv,man-db,apt,debian-archive-keyring,sysv-rc,sysvinit,insserv,python2.6 --arch i386 etch etch 'http://archive.debian.org/debian'
This debootstrap command may not work in China. Go to aws to operate it. If you already have an img file available, go directly to the second step
. For details, please refer to: Use qemu to build a basic virtual machine http://haoningabc.iteye.com/blog /2306941
Get the kernel file of bzImage and the operating system image of hda.img
2. Use qemu to create a virtual machine and configure the network of the host
qemu-system-i386 -kernel bzImage -drive file=hda.img,if=ide,cache=none -append "console=ttyS0 root=/dev/sda rw rdinit=/sbin/init notsc=1" -nographic -boot order=dc,menu=on -net nic,vlan=0,macaddr=52:54:00:12:34:22,model=e1000,addr=08 -net tap,name=haha,ifname=tap1,script=no,downscript=no
-kernel specifies the kernel file bzImage
-append The kernel parameters used with the kernel, here specifies the startup file /sbin/init
-drive specifies the hard disk file hda.img, you can also use -hda hda.img
-nographic without a graphical interface, if not This is to specify -vnc 0.0.0.0:1 parameter to access through vncviewer for
example
qemu-system-i386 -kernel /root/jslinux/obj/linux-x86-basic/arch/i386/boot/bzImage -drive file=hda_hasbacking_file.qcow2,if=ide,cache=none -append "root=/dev/sda rw rdinit=/sbin/init notsc=1" -vnc 0.0.0.0:1 -boot order=dc,menu=on -net nic,vlan=0,macaddr=52:54:00:12:34:22,model=e1000,addr=08 -net tap,name=haha,ifname=tap1,script=no,downscript=no
-boot is to set the boot parameters, d is the optical drive, c is the first hard disk,
-net specifies the network configuration ( important here )
, there are three basic configurations that the
-net nic must have, macaddr sets the mac address, and model is the type of network card , you can model=? to see what types
-net tap uses bridge mode, you need to specify start script= and close downscript,
fd points to an existing tap device, name is the name you see using info network in monitor mode, ifname is The name of the tap device in the host
-net user user mode, qemu uses Slirp to implement a complete set of tcp/ip protocol stack
Generally nic must have, tap and user choose one to use
. Note here that use -net tap, ifname=tap1 to create a tap device.
After the virtual machine is established, the
host ip link show
finds that there are more tap1 devices
. Create a bridge and
bind tap1 to the bridge.
#create bridge brctl addbr virbr0 ip link set tap1 up #Bind the tap to the bridge brctl addif virbr0 tap1
#Set nat's iptables
iptables -t nat -A POSTROUTING -s "192.168.122.0/255.255.255.0" ! -d "192.168.122.0/255.255.255.0" -j MASQUERADE
#Set up the forwarding of the linux kernel
echo 1 >/proc/sys/net/ipv4/ip_forward #ifconfig eth0 promisc
3. Start the dnsmasq service on the host to provide the server function of dhcp.
Note that the parameters point to the newly built virbr0 bridge
dnsmasq --strict-order --except-interface=lo --interface=virbr0 --listen-address=192.168.122.1 --bind-interfaces --dhcp-range=192.168.122.2,192.168.122.254 --conf-file="" --pid-file=/var/run/qemu-dhcp-virbr0.pid --dhcp-leasefile=/var/run/qemu-dhcp-virbr0.leases --dhcp-no-override
The key point is --interface=virbr0
--dhcp-range to set the network segment range
4. In the virtual machine, dhcp configures the network.
Note that this is operated in the vm, and the above are all operated on the host
ip link set eth0 up #get ip dhclient #test ping gateway ping 192.168.122.1 ping www.baidu.com #Check ifconfig eth0 #Successfully set ip 192.168.122.37 cat /etc/resolv.conf #Discovery dns is also automatically established #ip routeView route #You can also set the gateway and ip yourself #route add default gw 192.168.122.1 netmask 255.255.255.0
If you use ordinary bridging, refer to the bridging method to use qemu to create a virtual machine : http://haoningabc.iteye.com/blog/2306736
Port mapping:
Start the http service in the vm and open port 80:
mini-httpd netstat -nltp | grep 80
on the host
iptables -t nat -A PREROUTING -p tcp -d 192.168.139.85 --dport 81 -j DNAT --to 192.168.122.37:80
192.168.139.85 is the host ip
192.168.122.37 is the vm's ip
. Map the 80 port of the vm to the host 81.
Note that netstat -nltp|grep 81 cannot be seen on the host.
iptables -t nat -L
View changes
If you want to delete this rule, replace -A with -D
and visit http://192.168.139.85:81 to access the inside of the vm