DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 13th May 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 320
Default ssh to FreeBSD run in Qemu

I have FreeBSD 7 and install Qemu from port and run FreeBSD 7 with Qemu
so I have FreeBSD 7 in Qemu
I want ssh from OpenBSD box to FreeBSD box run in qemu
My IP in OpenBSD 4.2 is 192.168.0.50 with netmask 255.255.255.0
and IP in FreeBSD 7 is 192.168.0.51 with netmask 255.255.255.0
and IP in FreeBSD run in Qemu is 10.0.2.15 , and I use DHCP for give IP to FreeBSD 7 run in Qemu

So I want ssh from my OpenBSD box to FreeBSD run in Qemu
what I must do ???
Reply With Quote
  #2   (View Single Post)  
Old 13th May 2008
stukov's Avatar
stukov stukov is offline
Real Name: Jean-Michel Philippon-Nadeau
Package Pilot
 
Join Date: May 2008
Location: Sherbrooke, Qc, Canada
Posts: 167
Default

It looks like your QEMUed FreeBSD is behind a nat. You can use portforwarding in that nat to allow you to SSH in.

I don't know if QEMU allows you to, but you could also give an IP address to your QEMUed FreeBSD directly on the same subnet as your other machines.
__________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction."
Reply With Quote
  #3   (View Single Post)  
Old 13th May 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 320
Default

Quote:
Originally Posted by stukov View Post
It looks like your QEMUed FreeBSD is behind a nat. You can use portforwarding in that nat to allow you to SSH in.

I don't know if QEMU allows you to, but you could also give an IP address to your QEMUed FreeBSD directly on the same subnet as your other machines.
I do not enable PF in FreeBSD box , and I do not know which mechanism use by Qemu for use internet
Reply With Quote
  #4   (View Single Post)  
Old 13th May 2008
stukov's Avatar
stukov stukov is offline
Real Name: Jean-Michel Philippon-Nadeau
Package Pilot
 
Join Date: May 2008
Location: Sherbrooke, Qc, Canada
Posts: 167
Default

From http://people.redhat.com/berrange/ol...k-bridge.html:
Quote:
The default networking configuration for QEMU sets up a pure userspace network stack, using the SLIRP protocol for outbound TCP traffic to the host. This does not, however, allow for UDP traffic or any incoming TCP connections.
They say there is one way you can setup "bridging" in QEMU. Here is something I found about QEMU in FreeBSD: http://people.freebsd.org/~maho/qemu/qemu.html

Good luck.
__________________
"Any intelligent fool can make things bigger, more complex, and more violent. It takes a touch of genius -- and a lot of courage -- to move in the opposite direction."
Reply With Quote
  #5   (View Single Post)  
Old 13th May 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

The default -net user is essentially a "wrapper", tcp/udp traffic from within the emulator is essentially just wrapped around the user-land "socket/send/recv" functions.

The only way to "forward a port" is via a command line argument:
$ qemu ... -redir tcp:9000::22

In this example, The "host" port 9000 is open, any connections to localhost:9000 would get redirected to the guest OS, port 22. (SSH).

Hope that helps.

Last edited by BSDfan666; 13th May 2008 at 02:23 PM.
Reply With Quote
  #6   (View Single Post)  
Old 18th May 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 320
Default

I install FreeBSD 7 in qemu and when I want config Lan Card which option I must choose ??? if I want give manually IP , what IP I must set for gateway ??

I want my FreeBSD in qemu has internet .
Reply With Quote
  #7   (View Single Post)  
Old 18th May 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

Why manually configure your QEMU guest? most operating systems have DHCP clients.. but if you insist.

Subnet: 10.0.2.0/24
Default Gateway: 10.0.2.2
Name Server: 10.0.2.3

You can pick any static IP within that subnet for the guest.. but the document suggests 10.0.2.15.

Have fun...
Reply With Quote
  #8   (View Single Post)  
Old 18th May 2008
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
ISO Quartermaster
 
Join Date: Apr 2008
Location: NYC
Posts: 652
Default

Qemu, like VirtualBox, does NAT by default. This means that the virtual machine will have an addresss of 10.2. x.x.
Ping and UDP don't work.
Maho's document is VERY dated, and various threads on the emulation list suggest that it be removed as a source.
If you look at /usr/ports/qemu/pkg-message, you'll see that Juergen has a link to my howto on bsdnexus. However, I haven't tried it in a long time, and it may no longer work. (Nor can I help, as these days I use Linux for a host system, as it can use KVM-Qemu, VMware server and VirtualBox.)

I don't know of any more current bridging howtos for FreeBSD, though one is probably necessary now. Mine was written when 7.0 was CURRENT, and some things may have changed. However, the basic concepts would still be there.

Last edited by scottro; 19th May 2008 at 05:45 AM. Reason: typo
Reply With Quote
  #9   (View Single Post)  
Old 18th May 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

That's not correct scottro, both TCP and UDP are supported in the "user" emulation, ICMP is not..
Reply With Quote
Old 18th May 2008
scottro's Avatar
scottro scottro is offline
Real Name: Scott Robbins
ISO Quartermaster
 
Join Date: Apr 2008
Location: NYC
Posts: 652
Default

Thank you, I thought it was UDP too. I should read more closely, I'd done a quick look at the VirtualBox manual and misread it.
Reply With Quote
Old 19th May 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 320
Default

Quote:
Originally Posted by BSDfan666 View Post
Why manually configure your QEMU guest? most operating systems have DHCP clients.. but if you insist.

Subnet: 10.0.2.0/24
Default Gateway: 10.0.2.2
Name Server: 10.0.2.3

You can pick any static IP within that subnet for the guest.. but the document suggests 10.0.2.15.

Have fun...
Thanks , but when I choose DHCP , I can not ssh to FreeBSD run in Qemu , but I can ssh from FreeBSD run in Qemu to another computer.
Reply With Quote
Old 19th May 2008
BSDfan666 BSDfan666 is offline
Real Name: N/A, this is the interweb.
Banned
 
Join Date: Apr 2008
Location: Ontario, Canada
Posts: 2,223
Default

Did you actually read what was said above?

The network inside QEMU is emulated... you cannot access the 10.0.2.0/24 range.. (Without setting up a tun interface, read qemu faq..).

So, adding "-redir tcp:9000::22" to the QEMU evocation line allows you to connect to the SSH daemon "within" the emulated environment.

How do you connect? You connect via localhost...
$ ssh localhost -p 9000

Do you understand now?
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
qemu sound Oko OpenBSD Packages and Ports 2 7th May 2009 06:59 AM
HOWTO: QEMU on FreeBSD vermaden Guides 10 9th March 2009 07:10 PM
qemu & kqemu adamk FreeBSD General 10 9th October 2008 03:27 PM
Jailed QEMU + other OS revzalot FreeBSD Installation and Upgrading 3 29th May 2008 06:00 PM


All times are GMT. The time now is 08:56 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick