On Wed, 16 Sep 2009 16:21:09 -0600 Charles Curley <[email protected]> wrote:
> I use Ubuntu 9.04 and virt-manager-0.6.1-1ubuntu4--i386 to run > virtual machines using kvm and ubuntu 9.10 alpha 5 and finix 93. I > have both virtual machines running nicely, with one exception. If I > have firestarter's firewall running, the VMs cannot get DHCP offers. > I can run "dhclient eth0" manually, and see the dhcp discover packets > logged to the console. If I then remove all the firewalling (ctl-p in > the firestarter GUI), the VM immediately gets an offer. Internet > connection sharing is enabled. I have tried adding a rule to admit > packets on the two DHCP ports for network 255.255.255.0/24, but that > has not worked. I finally found out seredipitously what to do with this. In the process of playing with a VPN setup, I came across this page, http://www.massivegeek.com/technology/linux/firestarter-and-openvpn-vmware, which refers to this page: http://ignore-your.tv/2006/08/03/openvpn-and-firestarter/ The first page shows what to do for both OpenVPN and VMware. I modified the lines for the latter for KVM, on the virtualization host, as follows: r...@dzur:~# cat /etc/firestarter/user-pre # Allow traffic on the OpenVPN interface $IPT -A INPUT -i tun+ -j ACCEPT $IPT -A OUTPUT -o tun+ -j ACCEPT # Allow virtual machine traffic $IPT -A INPUT -i virbr+ -j ACCEPT $IPT -A OUTPUT -o virbr+ -j ACCEPT r...@dzur:~# In a nice example of Linux documentation that speaks only to the knowledgeable, neither writeup mentions that the file is read only. I expect almost everyone on this list would know how to handle that. Almost. Now to tighten up the virtual machines' firewalls. -- Charles Curley /"\ ASCII Ribbon Campaign Looking for fine software \ / Respect for open standards and/or writing? X No HTML/RTF in email http://www.charlescurley.com / \ No M$ Word docs in email Key fingerprint = CE5C 6645 A45A 64E4 94C0 809C FFF6 4C48 4ECD DFDB /* PLUG: http://plug.org, #utah on irc.freenode.net Unsubscribe: http://plug.org/mailman/options/plug Don't fear the penguin. */
