gufw-developers team mailing list archive

Thread
Date

[Bug 424631] Re: Gufw not allowing Qemu Guest's packets (tun/tap)

To: gufw-developers@xxxxxxxxxxxxxxxxxxx
From: mohan43u <mohan43u@xxxxxxxxx>
Date: Fri, 04 Sep 2009 23:55:04 -0000
Reply-to: Bug 424631 <424631@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

** Attachment added: "My default Gufw's 'filter' table rules"
   http://launchpadlibrarian.net/31328261/gufw.filter.rules

** Description changed:

  While set up a tun/tap network with Ubuntu as host and lfslivecd as
  guest in Qemu, I got some problem. Here is the commands I used,
  
  Ubuntu(host):
  $ sudo qemu -cdrom lfslivecd -boot d -kernel-kqemu -m 512 -net nic -net tap &
  $ sudo ifconfig tap0 192.168.10.1
  $ sudo sysctl -w net.ipv4.ip_forward=1
  $ sudo iptables -t nat -A POSTROUTING -j MASQUERADE
  
  lfslivecd(guest):
  $ ifconfig eth0 192.168.10.2
  $ route add default gw 192.168.10.1
  
  Both host and guest pinging each other properly.. but problem occurs
  when I tried to ping opendns's default servers from lfslivecd.
  
  lfslivecd(guest):
  $ ping -c 3 208.67.222.222
  3 packets transmitted, 0 packets received, 100% packet loss
  
  After disabling 'gufw', everything worked. And I added opendns's
  nameservers in resolv.conf
  
  lfslivecd(guest):
  $ cat > resolv.conf
  nameserver 208.67.222.222
- nameserver 208.67.222.222
+ nameserver 208.67.220.220
  
  It will be helpful if someone can write a rule to accept packets to go
  to Guest Instances in the default Gufw rules setup. Is accepting packets
  for Guest's, a security concern?

-- 
Gufw not allowing Qemu Guest's packets (tun/tap)
https://bugs.launchpad.net/bugs/424631
You received this bug notification because you are a member of Gufw
Developers, which is the registrant for Gufw.

Status in GUI for ufw: New

Bug description:
While set up a tun/tap network with Ubuntu as host and lfslivecd as guest in Qemu, I got some problem. Here is the commands I used,

Ubuntu(host):
$ sudo qemu -cdrom lfslivecd -boot d -kernel-kqemu -m 512 -net nic -net tap &
$ sudo ifconfig tap0 192.168.10.1
$ sudo sysctl -w net.ipv4.ip_forward=1
$ sudo iptables -t nat -A POSTROUTING -j MASQUERADE

lfslivecd(guest):
$ ifconfig eth0 192.168.10.2
$ route add default gw 192.168.10.1

Both host and guest pinging each other properly.. but problem occurs when I tried to ping opendns's default servers from lfslivecd.

lfslivecd(guest):
$ ping -c 3 208.67.222.222
3 packets transmitted, 0 packets received, 100% packet loss

After disabling 'gufw', everything worked. And I added opendns's nameservers in resolv.conf

lfslivecd(guest):
$ cat > resolv.conf
nameserver 208.67.222.222
nameserver 208.67.220.220

It will be helpful if someone can write a rule to accept packets to go to Guest Instances in the default Gufw rules setup. Is accepting packets for Guest's, a security concern?

References

[Bug 424631] [NEW] Gufw not allowing Qemu Guest's packets (tun/tap)
From: mohan43u, 2009-09-05