From: Laszlo Ersek <lersek@redhat.com>
To: Thomas Huth <thuth@redhat.com>,
Programmingkid <programmingkidx@gmail.com>,
"Dr. David Alan Gilbert" <dgilbert@redhat.com>
Cc: Samuel Thibault <samuel.thibault@ens-lyon.org>,
qemu-devel qemu-devel <qemu-devel@nongnu.org>
Subject: Re: [Qemu-devel] Is anyone able to load a web page from a guest operating system?
Date: Wed, 27 Apr 2016 12:05:02 +0200 [thread overview]
Message-ID: <57208ECE.4040400@redhat.com> (raw)
In-Reply-To: <571FCBBF.8020405@redhat.com>
On 04/26/16 22:12, Thomas Huth wrote:
> On 26.04.2016 21:25, Programmingkid wrote:
>> On Apr 26, 2016, at 3:00 PM, Dr. David Alan Gilbert wrote:
>>> Does ping work?
>> I can ping the virtual router at 10.0.2.2. Any other ip address fails.
>
> That's normal for user-mode / slirp networking. You can't ping external
> hosts with this mode.
Side note: yes, you can.
I do it whenever I want to check network connectivity from within ad-hoc
OVMF guests, using the PING command of the UEFI shell. ("Ad-hoc guest"
implies user-mode / slirp.)
It can be enabled with the following steps:
(1) Determine the main group ID (or one supplementary group ID) of the
user that will run QEMU with slirp.
(2) In /etc/sysctl.conf (or whatever is appropriate for your host
distro), make sure that the whitespace separated inclusive group ID
range in the "net.ipv4.ping_group_range" sysctl includes the above group ID.
For example,
- you could add a new group called "unpriv_ping":
groupadd unpriv_ping
- set this group for a number of users as another supplementary group:
for U in user1 user2 ... usern; do
usermod --append --groups unpriv_ping $U
done
(note, they will have to re-login),
- then set both sides of the inclusive range in the above sysctl to the
numeric ID of the new group:
(
GROUP_ID=$(getent group unpriv_ping | cut -f 3 -d :)
printf 'net.ipv4.ping_group_range = %u %u\n' $GROUP_ID $GROUP_ID \
>> /etc/sysctl.conf
)
sysctl -p
Thanks
Laszlo
next prev parent reply other threads:[~2016-04-27 10:05 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-04-26 16:14 [Qemu-devel] Is anyone able to load a web page from a guest operating system? Programmingkid
2016-04-26 19:00 ` Dr. David Alan Gilbert
2016-04-26 19:25 ` Programmingkid
2016-04-26 20:12 ` Thomas Huth
2016-04-26 20:19 ` Programmingkid
2016-04-27 6:34 ` Thomas Huth
2016-04-28 0:25 ` Programmingkid
2016-04-28 12:04 ` Samuel Thibault
2016-04-28 12:18 ` Samuel Thibault
2016-04-28 16:45 ` Programmingkid
2016-04-27 10:05 ` Laszlo Ersek [this message]
2016-04-27 10:26 ` Thomas Huth
2016-04-27 11:01 ` Laszlo Ersek
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=57208ECE.4040400@redhat.com \
--to=lersek@redhat.com \
--cc=dgilbert@redhat.com \
--cc=programmingkidx@gmail.com \
--cc=qemu-devel@nongnu.org \
--cc=samuel.thibault@ens-lyon.org \
--cc=thuth@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).