From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.43)
	id 1EbiS1-00081z-1J
	for qemu-devel@nongnu.org; Mon, 14 Nov 2005 12:49:05 -0500
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.43)
	id 1EbiRz-0007zb-6I
	for qemu-devel@nongnu.org; Mon, 14 Nov 2005 12:49:04 -0500
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.43) id 1EbiRy-0007zI-Ru
	for qemu-devel@nongnu.org; Mon, 14 Nov 2005 12:49:02 -0500
Received: from [206.46.252.48] (helo=vms048pub.verizon.net)
	by monty-python.gnu.org with esmtp (Exim 4.34) id 1EbiRz-0005nN-2z
	for qemu-devel@nongnu.org; Mon, 14 Nov 2005 12:49:03 -0500
Received: from [71.97.178.169] by vms048.mailsrvcs.net
	(Sun Java System Messaging Server 6.2-4.02 (built Sep  9 2005))
	with ESMTPA id <0IPY00HM5HF7CYR5@vms048.mailsrvcs.net> for
	qemu-devel@nongnu.org; Mon, 14 Nov 2005 11:47:31 -0600 (CST)
Date: Mon, 14 Nov 2005 12:47:30 -0500
From: Dave Feustel <dfeustel@verizon.net>
Message-id: <200511141247.30301.dfeustel@verizon.net>
MIME-version: 1.0
Content-type: text/plain; charset=us-ascii
Content-transfer-encoding: 7bit
Content-disposition: inline
Subject: [Qemu-devel] Internet access from qemu
Reply-To: dfeustel@mindspring.com, qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

I've got qemu 6.1 running on OpenBSD 3.7.
I'm  running the OpenBSD 3.7 image file which
I got from free.oszoo.net.
I want to be able to access the internet from qemu.

I am now able to access the apache website on the  host 
I have set up pf+nat for the private address of 10.0.0.2 
used by qemu, but I cannot make contact  with the internet.

Here is my pf ruleset, adapted from the example on page 141
of Artymiak's _Building Firewalls..._, 2nd ed.
 How do I fix it to enable ip traffic between qemu and the internet?

Thanks,
Dave Feustel

---my pf ruleset-----

scrub fragment reassemble
scrub reassemble tcp
NoRouteIPs = "{ 127.0.0.0/8, 192.168.0.0/16, 172.16.0.0/12 }"

ExtIF = "xl0"
ext_ad = "(xl0)"
prv_ad = "10.0.0.0/24"
nat_proto = "{tcp, udp, icmp}"

nat on $ExtIF inet proto $nat_proto \
        from $prv_ad to any -> $ext_ad

block in  quick on $ExtIF from $NoRouteIPs to any
block out quick on $ExtIF from any to $NoRouteIPs

-- 
Tired of having to defend against Malware?
You know: trojans, viruses, SPYWARE, ADWARE, 
KEYLOGGERS, rootkits, worms and popups.
Then Switch to OpenBSD with a KDE desktop!!!
***NOW with Virtual PC OS support via QEMU!***