On 161016-10:41+0300, Aleksei wrote:
> Your link layer looks good, eth1 is enslaved to br0. On network layer, 
> you don't get an IP address - is it because you don't have a physical 
> cable plugged into eth1?
It is plugged in.

> Anyway, that shouldn't prevent Qemu from 
> creating taps on that bridge.
> As for permissions stuff from Qemu side:
> Add "allow br0" line to /etc/qemu/bridge.conf to allow Qemu to create 
> tap devices on br0.

On my system:

# ls -l /etc/qemu/
total 8
-rw-r----- 1 root miro 453 2016-08-13 14:39 bridge.conf
-rw-r----- 1 root miro 288 2016-08-13 14:40 miro.conf

There is the line:
 allow br0
in /etc/qemu/bridge.conf

And in the same /etc/qemu/bridge.conf there reads also :

 include /etc/qemu/miro.conf
# Uncommenting the above would allow users in the 'bob' group
# to have permissions defined in it, iff it has the following
# permissions: root:bob 0640

And  /etc/qemu/miro.conf has one more time:

 allow br0

That's the configuration (which I arranged several weeks ago).

> Also check if qemu-bridge-helper script has setuid attribute. It should 
> have it by default, but I'm not sure about Gentoo.

I need to look more deeply into all of this... Might take time. Also, I
couldn't sleep, and I might be unable to work most of the day till
evening, can't tell...

I also had, in my /etc/sysctl.conf the line:

net.ipv4.ip_forward = 1

which, until I changed it to:

net.ipv4.ip_forward = 0

I couldn't connect just now, for a while. (I put it there when I
successfully set up connecting a LAN-only host via this router, to
but afterwards I forgot to turn it off...

> I know nothing about grsec, so can't help you there.
You're missing a lot! 

> /--Regards, Aleksei/

Thanks a lot. I would possibly have gone the wrong way and maybe even
got lost, had you not helped me.
Miroslav Rovis
Zagreb, Croatia

Attachment: signature.asc
Description: Digital signature

Reply via email to