From: Laszlo Ersek <lersek@redhat.com>
To: Thomas Huth <thuth@redhat.com>,
Programmingkid <programmingkidx@gmail.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: Samuel Thibault <samuel.thibault@ens-lyon.org>,
qemu-devel qemu-devel <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] Is anyone able to load a web page from a guest operating system?
Date: Wed, 27 Apr 2016 12:05:02 +0200 [thread overview]
Message-ID: <57208ECE.4040400@redhat.com> (raw)
In-Reply-To: <571FCBBF.8020405@redhat.com>
On 04/26/16 22:12, Thomas Huth wrote:
> On 26.04.2016 21:25, Programmingkid wrote:
>> On Apr 26, 2016, at 3:00 PM, Dr. David Alan Gilbert wrote:
>>> Does ping work?
>> I can ping the virtual router at 10.0.2.2. Any other ip address fails.
>
> That's normal for user-mode / slirp networking. You can't ping external
> hosts with this mode.
Side note: yes, you can.
I do it whenever I want to check network connectivity from within ad-hoc
OVMF guests, using the PING command of the UEFI shell. ("Ad-hoc guest"
implies user-mode / slirp.)
It can be enabled with the following steps:
(1) Determine the main group ID (or one supplementary group ID) of the
user that will run QEMU with slirp.
(2) In /etc/sysctl.conf (or whatever is appropriate for your host
distro), make sure that the whitespace separated inclusive group ID
range in the "net.ipv4.ping_group_range" sysctl includes the above group ID.
For example,
- you could add a new group called "unpriv_ping":
groupadd unpriv_ping
- set this group for a number of users as another supplementary group:
for U in user1 user2 ... usern; do
usermod --append --groups unpriv_ping $U
done
(note, they will have to re-login),
- then set both sides of the inclusive range in the above sysctl to the
numeric ID of the new group:
(
GROUP_ID=$(getent group unpriv_ping | cut -f 3 -d :)
printf 'net.ipv4.ping_group_range = %u %u\n' $GROUP_ID $GROUP_ID \
>> /etc/sysctl.conf
)
sysctl -p
Thanks
Laszlo
next prev parent reply other threads:[~2016-04-27 10:05 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-26 16:14 [Qemu-devel] Is anyone able to load a web page from a guest operating system? Programmingkid
2016-04-26 19:00 ` Dr. David Alan Gilbert
2016-04-26 19:25 ` Programmingkid
2016-04-26 20:12 ` Thomas Huth
2016-04-26 20:19 ` Programmingkid
2016-04-27 6:34 ` Thomas Huth
2016-04-28 0:25 ` Programmingkid
2016-04-28 12:04 ` Samuel Thibault
2016-04-28 12:18 ` Samuel Thibault
2016-04-28 16:45 ` Programmingkid
2016-04-27 10:05 ` Laszlo Ersek [this message]
2016-04-27 10:26 ` Thomas Huth
2016-04-27 11:01 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57208ECE.4040400@redhat.com \
--to=lersek@redhat.com \
--cc=dgilbert@redhat.com \
--cc=programmingkidx@gmail.com \
--cc=qemu-devel@nongnu.org \
--cc=samuel.thibault@ens-lyon.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.