Tuesday, February 17, 2009

Virtual testbed for Zeroshell network appliance




Click to enlarge; and please note the CPU model on top-right of the screenshot ;)

I spent a couple of days with virtual machines. I didn’t want to set up a dedicated host for virtualizations and my CPU has no VT extensions. So, KVM, Xen and OpenVZ got excluded. I used QEMU and the Compact Flash image to emulate Zeroshell; and User Mode Linux boxes as clients.

How to connect virtual machines to each other? The most efficient way (common to QEMU and UML, and not requiring additional daemons, libraries, kernel patches etc.) turned out to be a bridge between TUN/TAP interfaces in the host, leaving Layer 3 communication at the guests level. The other solution (UDP Multicast) proved to be much slower — probably because of additional layers of encapsulation.



gw 192.168.1.1
^ real
| LAN
eth0 192.168.1.x
|
+-----------------------------+---------- HOST ------------------------+
| | |
| NAT +---+ |
| | | | = guests |
| tap0 192.168.0.1 +---+ |
| | |
| +------------QEMU-----------+ tap* = TUN/TAP |
| | | | |
| | ETH00 192.168.0.75 | |
| | | | |
| | Zeroshell (NAT + Captive Portal + DHCPd etc.) |
| +------ | | | |
| | | ETH01 192.168.3.1 | |
| | | | | |
| | +------------+--------------+ |
| | | --------+ |
| Layer 3 tap1 | |
| | | | |
| | ___BRIDGE_______ Layer 2 |
| | / \ \ | |
| | tapClient_0 tapClient_1 tapClient_... | |
| | | | \ ------+ |
| | +-USER-MODE-LINUX--+ +-USER-MODE-LINUX--+ +--etc..---+ |
| |_ |eth0 192.168.3.x | |eth0 192.168.3.y | | | |
| |eth1 192.168.4.100| |eth1 192.168.4.101| | | |
| +---------+--------+ +------------------+ +----------+ |
| | | |
| tapX11_0 tapX11_1 |
| \ / / |
| X11_bridge_______________/ |
| 192.168.4.1 |
| | |
| X server |
| |
| (X shall work *before* Captive Portal Authentication) |
| |
+----------------------------------------------------------------------+


2 comments:

Allan said...

hi could you post the commands to start zeroshell in qemu

gd said...

My sincere apologies for the very late reply!

You can find all scripts at this link.

Post a Comment