commit 04e3c6ea9b2aaf7d4d1c14da5db46822a1b9f5d9 from: jrmu date: Sun Jun 16 04:00:51 2024 UTC Daily backup commit - 949b5626c8c4b8fe81de932793d4c55a34a15a5f commit + 04e3c6ea9b2aaf7d4d1c14da5db46822a1b9f5d9 blob - /dev/null blob + 48c0fae2508edc91b30c575e539f48c758f2b0db (mode 644) --- /dev/null +++ wiki.d/Ifconfig.Vlan @@ -0,0 +1,19 @@ +version=pmwiki-2.3.20 ordered=1 urlencoded=1 +agent=w3m/0.5.3+git20230121 +author=jrmu +charset=UTF-8 +csum= +ctime=1718401999 +host=104.167.242.140 +name=Ifconfig.Vlan +rev=2 +targets= +text=(:title Configuring vlans:)%0a%0aTo tag a packet with virtual network identifier:%0a%0a[@%0a# cat /etc/hostname.if0%0aup%0a# cat /etc/hostname.vlan0%0avnetid 100 parent if0%0ainet 10.0.5.2 0xffffff00%0aup%0a@]%0a%0aReplace if0 with the interface, such as vio0 for [[https://man.openbsd.org/virto.4|virtio(4)]].%0a +time=1718402143 +title=Configuring vlans +author:1718402143=jrmu +diff:1718402143:1718401999:=9c9%0a%3c vnetid 100 parent if0%0a---%0a> vnetid 100 parent vio0%0a13,14d12%0a%3c %0a%3c Replace if0 with the interface, such as vio0 for [[https://man.openbsd.org/virto.4|virtio(4)]].%0a +host:1718402143=104.167.242.140 +author:1718401999=jrmu +diff:1718401999:1718401999:=1,12d0%0a%3c (:title Configuring vlans:)%0a%3c %0a%3c To tag a packet with virtual network identifier:%0a%3c %0a%3c [@%0a%3c # cat /etc/hostname.if0%0a%3c up%0a%3c # cat /etc/hostname.vlan0%0a%3c vnetid 100 parent vio0%0a%3c inet 10.0.5.2 0xffffff00%0a%3c up%0a%3c @]%0a +host:1718401999=104.167.242.140 blob - /dev/null blob + 6ef45a913aab0fc85dfcce016a9d32dcdbd45cd5 (mode 644) --- /dev/null +++ wiki.d/Nat.Configure @@ -0,0 +1,25 @@ +version=pmwiki-2.3.20 ordered=1 urlencoded=1 +agent=w3m/0.5.3+git20230121 +author=jrmu +charset=UTF-8 +csum= +ctime=1718396087 +host=104.167.242.140 +name=Nat.Configure +rev=4 +targets=Nat.Intro,Vmm.Configure +text=(:title Configure NAT inside VMM:)%0a%0a[[nat/intro|Network address translation]] can be configured for virtual%0amachines run inside [[vmm/configure|vmm]].%0a%0aIn the hypervisor, we add this line inside /etc/pf.conf:%0a%0a[@%0amatch out on egress from !(egress:network) to any nat-to (egress:0)%0a@]%0a%0aThis rule matches packets that leave out on the egress (any interface that%0acan reach the default route). It applies only to packets that come from a%0anetwork that doesn't match the egress's network. If those conditions are met,%0awe automatically perform NAT to the non-aliased IP address of egress.%0a%0aWe configure the proper interfaces:%0a%0a[@%0a# cat /etc/hostname.veb0%0aadd tap0%0aadd vport0%0alink1%0a# cat /etc/hostname.vport0%0ainet 10.0.5.1 0xffffff00%0aup%0a# cat /etc/vm.conf%0asocket owner :vmdusers%0a%0aswitch "switch0" {%0a locked lladdr%0a interface veb0%0a}%0a%0absdiso="/home/iso/install75.iso"%0a%0avm "user" {%0a owner user%0a memory 2G%0a cdrom $bsdiso%0a disk /home/user/user.qcow2 format qcow2%0a interface tap0 { %0a locked lladdr ab:cd:ef:01:23:45%0a switch "switch0"%0a }%0a}%0a@]%0a%0aIn the virtual machine:%0a%0a[@%0a$ cat /etc/hostname.vio0%0ainet 10.0.5.2 0xffffff00%0aup%0a@]%0a +time=1718397660 +title=Configure NAT inside VMM +author:1718397660=jrmu +diff:1718397660:1718397289:=11,15d10%0a%3c %0a%3c This rule matches packets that leave out on the egress (any interface that%0a%3c can reach the default route). It applies only to packets that come from a%0a%3c network that doesn't match the egress's network. If those conditions are met,%0a%3c we automatically perform NAT to the non-aliased IP address of egress.%0a +host:1718397660=104.167.242.140 +author:1718397289=jrmu +diff:1718397289:1718396375:=6,7c6,9%0a%3c In the hypervisor, we add this line inside /etc/pf.conf:%0a%3c %0a---%0a> On the hypervisor:%0a> %0a> Inside /etc/pf.conf we add this line:%0a> %0a11,12d12%0a%3c %0a%3c We configure the proper interfaces:%0a +host:1718397289=104.167.242.140 +author:1718396375=jrmu +diff:1718396375:1718396087:=11c11,12%0a%3c match out on egress from !(egress:network) to any nat-to (egress:0)%0a---%0a> match out on egress from 10.0.0.0/8 to any nat-to (em1)%0a> match out on tap1 from 10.0.0.0/8 to any nat-to (em1)%0a +host:1718396375=104.167.242.140 +author:1718396087=jrmu +diff:1718396087:1718396087:=1,51d0%0a%3c (:title Configure NAT inside VMM:)%0a%3c %0a%3c [[nat/intro|Network address translation]] can be configured for virtual%0a%3c machines run inside [[vmm/configure|vmm]].%0a%3c %0a%3c On the hypervisor:%0a%3c %0a%3c Inside /etc/pf.conf we add this line:%0a%3c %0a%3c [@%0a%3c match out on egress from 10.0.0.0/8 to any nat-to (em1)%0a%3c match out on tap1 from 10.0.0.0/8 to any nat-to (em1)%0a%3c @]%0a%3c %0a%3c [@%0a%3c # cat /etc/hostname.veb0%0a%3c add tap0%0a%3c add vport0%0a%3c link1%0a%3c # cat /etc/hostname.vport0%0a%3c inet 10.0.5.1 0xffffff00%0a%3c up%0a%3c # cat /etc/vm.conf%0a%3c socket owner :vmdusers%0a%3c %0a%3c switch "switch0" {%0a%3c locked lladdr%0a%3c interface veb0%0a%3c }%0a%3c %0a%3c bsdiso="/home/iso/install75.iso"%0a%3c %0a%3c vm "user" {%0a%3c owner user%0a%3c memory 2G%0a%3c cdrom $bsdiso%0a%3c disk /home/user/user.qcow2 format qcow2%0a%3c interface tap0 { %0a%3c locked lladdr ab:cd:ef:01:23:45%0a%3c switch "switch0"%0a%3c }%0a%3c }%0a%3c @]%0a%3c %0a%3c In the virtual machine:%0a%3c %0a%3c [@%0a%3c $ cat /etc/hostname.vio0%0a%3c inet 10.0.5.2 0xffffff00%0a%3c up%0a%3c @]%0a +host:1718396087=104.167.242.140 blob - /dev/null blob + 3ad8a32e8f4a6c58770dd98356d66b064bdb68a5 (mode 644) --- /dev/null +++ wiki.d/Nat.RecentChanges @@ -0,0 +1,9 @@ +version=pmwiki-2.3.20 ordered=1 urlencoded=1 +agent=w3m/0.5.3+git20230121 +charset=UTF-8 +ctime=1718396087 +host=104.167.242.140 +name=Nat.RecentChanges +rev=4 +text=* [[Nat/Configure]] . . . @2024-06-14T20:41:00Z by [[~jrmu]]: [==]%0a +time=1718397660