On 161016-10:41+0300, Aleksei wrote: > Your link layer looks good, eth1 is enslaved to br0. On network layer, > you don't get an IP address - is it because you don't have a physical > cable plugged into eth1? It is plugged in.
> Anyway, that shouldn't prevent Qemu from > creating taps on that bridge. > > As for permissions stuff from Qemu side: > Add "allow br0" line to /etc/qemu/bridge.conf to allow Qemu to create > tap devices on br0. On my system: # ls -l /etc/qemu/ total 8 -rw-r----- 1 root miro 453 2016-08-13 14:39 bridge.conf -rw-r----- 1 root miro 288 2016-08-13 14:40 miro.conf # There is the line: allow br0 in /etc/qemu/bridge.conf And in the same /etc/qemu/bridge.conf there reads also : include /etc/qemu/miro.conf # Uncommenting the above would allow users in the 'bob' group # to have permissions defined in it, iff it has the following # permissions: root:bob 0640 And /etc/qemu/miro.conf has one more time: allow br0 That's the configuration (which I arranged several weeks ago). > Also check if qemu-bridge-helper script has setuid attribute. It should > have it by default, but I'm not sure about Gentoo. I need to look more deeply into all of this... Might take time. Also, I couldn't sleep, and I might be unable to work most of the day till evening, can't tell... I also had, in my /etc/sysctl.conf the line: net.ipv4.ip_forward = 1 which, until I changed it to: net.ipv4.ip_forward = 0 I couldn't connect just now, for a while. (I put it there when I successfully set up connecting a LAN-only host via this router, to internet: http://www.croatiafidelis.hr/foss/router/SNAT-inet/ but afterwards I forgot to turn it off... > I know nothing about grsec, so can't help you there. You're missing a lot! > /--Regards, Aleksei/ > Thanks a lot. I would possibly have gone the wrong way and maybe even got lost, had you not helped me. -- Miroslav Rovis Zagreb, Croatia http://www.CroatiaFidelis.hr
Description: Digital signature