Re: [Qemu-discuss] FW: How to setup qemu as a server with different subdomain on a host server?

[jb-gnumlists]

On 10-04-2013 04:19, Allen Choong wrote:
> I am trying to solve a problem, with a Linux server work as host, 
> while qemu guest will have another server intended for subdomain.
> I tried to make the host to access the guest server. And I read that 
> this can be done through bridge. But I am concerning that the bridge 
> only works with the wired interface, because I wish to make the guest 
> server accessed by any connection to the host server.
Bridged networking works with any network interface.  While various 
"management" tools may have silly restrictions about what their UI lets 
you select, the bridge is really a standard part of the host's Linux 
kernel and can be set up for any network interface, provided you set up 
the bridge *before* assigning IP addresses etc. (because those should be 
assigned to the br0, br1 etc. interfaces that contain the physical 
interfaces, not directly to the physical interfaces).

> To simplify, I wish to setup my host server which contains the guest 
> server as a subdomain, and the server can be accessed by other computers.
If you want to have different web domains (I guess that is what you are 
talking about) served by different servers but with the same IP address, 
you should use a "reverse proxy" such as pound that listens on the 
public IP address port 80, looks at each incoming HTTP request and 
passes on the request to various private IPs assigned to the real web 
servers.  This is the same for virtual servers as it is for real servers.
> I have tried to use qemu with "redir" options, but it doesn't work 
> with "-net user". I tried with redirection because I think I can use 
> Apache to create the subdomain with different port.
Those options don't seem appropriate for a web server.  I would use 
bridging with either of the following setups:

a) Your network connection allows you multiple IP addresses, set up 
Linux bridging on the host: Set qemu to join a virtual network interface 
to each bridge, and assign the extra IP address to the interfaces inside 
the Guest.

b) You need to share one IP address between host and guest, but they 
don't need to listen on the same ports: Set up a "private" bridge with 
no physical network adapter included and assign it a private network 
range (such as 10.11.12.0/24) that you don't use elsewhere, manually 
assign it an IP address in the host (such as 10.11.12.1). Set qemu to 
join a virtual network interface to this bridge and assign a different 
IP address in the range (such as 10.11.12.13) inside the Guest.  On the 
host use iptables etc. to set up NAT and routing, including port 
redirection etc.

c) You need to share one IP address between host and guest, and they DO 
need to listen on the same ports: Set up a "private" bridge as in b) and 
supplement with various reverse proxy software for the different 
protocols that need to share ports (pound or apache for http and https, 
a carefully configured closed relay mail server for SMTP, an 
authoritative DNS slave for multiple "hidden primary" authoritative DNS 
servers, etc.).

With these methods network packets can typically use optimized code 
paths in the host's Linux kernel to reach the Guest quickly, especially 
if you use kvm.
> Is there any solution?
>
>
> (Besides that, I have a very poor knowledge about the networking 
> especially bridge, tap, tun, and vlan.)
If your physical network caries multiple VLANs over the same physical 
network connection (layer 2 IEEE 802.1q VLANs), you should set up a 
bridge on the host for each VLAN and set up one virtual ethernet adapter 
in qemu for each bridge you want to connect that guest to, to qemu, the 
guest and most of the host each VLAN will look like a separate physical 
network.  The only thing that sees that these are really VLANs on the 
same physical connection is the bridge setup commands run when booting 
the host.
>


Enjoy

Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded