From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from mailman by lists.gnu.org with tmda-scanned (Exim 4.33)
	id 1BpaX7-0003q8-S1
	for qemu-devel@nongnu.org; Tue, 27 Jul 2004 18:34:53 -0400
Received: from exim by lists.gnu.org with spam-scanned (Exim 4.33)
	id 1BpaX5-0003pg-8a
	for qemu-devel@nongnu.org; Tue, 27 Jul 2004 18:34:53 -0400
Received: from [199.232.76.173] (helo=monty-python.gnu.org)
	by lists.gnu.org with esmtp (Exim 4.33) id 1BpaX5-0003pW-3O
	for qemu-devel@nongnu.org; Tue, 27 Jul 2004 18:34:51 -0400
Received: from [66.163.168.184] (helo=smtp805.mail.sc5.yahoo.com)
	by monty-python.gnu.org with smtp (Exim 4.34) id 1BpaTs-0003Pf-2U
	for qemu-devel@nongnu.org; Tue, 27 Jul 2004 18:31:32 -0400
From: Joe Menola <menola@sbcglobal.net>
Subject: Re: [Qemu-devel] TUN network
Date: Tue, 27 Jul 2004 17:07:28 -0500
References: <4107194E.3080201@optusnet.com.au>
	<200407271625.01576.menola@sbcglobal.net>
In-Reply-To: <200407271625.01576.menola@sbcglobal.net>
MIME-Version: 1.0
Content-Disposition: inline
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <200407271707.28445.menola@sbcglobal.net>
Reply-To: qemu-devel@nongnu.org
List-Id: qemu-devel.nongnu.org
List-Unsubscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=unsubscribe>
List-Archive: <http://lists.gnu.org/pipermail/qemu-devel>
List-Post: <mailto:qemu-devel@nongnu.org>
List-Help: <mailto:qemu-devel-request@nongnu.org?subject=help>
List-Subscribe: <http://lists.nongnu.org/mailman/listinfo/qemu-devel>,
	<mailto:qemu-devel-request@nongnu.org?subject=subscribe>
To: qemu-devel@nongnu.org

On Tue July 27 2004 4:25 pm, Joe Menola wrote:
> I setup tun0 with 2 scripts in /etc.
>
> /etc/q-ifup
>
> #!/bin/sh
> sudo /sbin/ifconfig $1 192.168.1.1
> sudo /etc/qemu-iptables
>
> /etc/qemu-iptables
>
> #!/bin/sh
> /etc/rc.d/init.d/iptables stop
> echo "1" >&/proc/sys/net/ipv4/ip_forward
> /etc/rc.d/init.d/iptables start
>
> You cannot set ip_forward with iptables running, hence the stop/start
> thing. You must also setup /etc/sudoers file, so that both scripts can run
> as root. This is a bit complex...see
> http://www.aplawrence.com/Basics/sudo.html for info on how to set this up.

I forgot to mention that 
 iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE
must also be set. I have this rule permenant in iptables, which starts on 
boot.
Also the reason for 2 scripts is that with a single script ip_forward was 
sometimes getting set before ifconfig created $1, and tun0 would fail to get 
ip_forwarding. 
Many ways to do this, most probably better then mine, but it works for me. :)

-jm