Getting SMB broadcast packets to Virtual Machine

I am using QEMU to create a virtual machine in which I run Windows Me to use a couple of programs
that are not available for Linux and won't run under Wine. In the command line for QEMU I use a
"-net nic -net tap" sequence to create the network for the virtual machine. When QEMU starts, it
executes the following script that sets up the tap0 network device and enables NATing between the
virtual machine on the 192.168.0.0/24 network and my router at 192.168.1.1.

=========================
#!/bin/sh
#
# a "firewall" to handle the case of a QEMU Virtual machine with the -net tap option
#
# bring up the tun/tap interface
#
/sbin/ifconfig $1 192.168.0.1
#
# get rid of any old iptables rules
#
/usr/sbin/iptables -F
#
# handle NAT between tun/tap interface and network
#
/usr/sbin/iptables -D POSTROUTING -t nat -s 192.168.0.0/24 -d ! 192.168.0.0/24 -j MASQUERADE
/usr/sbin/iptables -t nat -s 192.168.0.0/24 -d ! 192.168.0.0/24 -A POSTROUTING -j MASQUERADE
#
# turn on packet forwarding
#
echo 1 > /proc/sys/net/ipv4/ip_forward
===============================

Almost everything is working correctly - I can browse the network and I can use ftp to transfer
files between the SuSE 10.0 host and the Windows guest OS. The major deficiency is that my printers
are mounted on Samba shares on a server in my network, and the SMB broadcasts are not getting to the
virtual machine. As a result, the printers are not available. In addition, it would be nice to be
able to mount the Samba-based network drives rather than using ftp for file transfers.

Are there iptables rules that would make the SMB broadcasts available to both my host and guest
OS's? Is there some other way to handle this problem?

Thanks,

Larry

Larry Finger wrote:
> I am using QEMU to create a virtual machine in which I run Windows Me to
> use a couple of programs that are not available for Linux and won't run
> under Wine. In the command line for QEMU I use a "-net nic -net tap"
> sequence to create the network for the virtual machine. When QEMU
> starts, it executes the following script that sets up the tap0 network
> device and enables NATing between the virtual machine on the
> 192.168.0.0/24 network and my router at 192.168.1.1.
>
> =========================
> #!/bin/sh
> #
> # a "firewall" to handle the case of a QEMU Virtual machine with the
> -net tap option
> #
> # bring up the tun/tap interface
> #
> /sbin/ifconfig $1 192.168.0.1
> #
> # get rid of any old iptables rules
> #
> /usr/sbin/iptables -F
> #
> # handle NAT between tun/tap interface and network
> #
> /usr/sbin/iptables -D POSTROUTING -t nat -s 192.168.0.0/24 -d !
> 192.168.0.0/24 -j MASQUERADE
> /usr/sbin/iptables -t nat -s 192.168.0.0/24 -d ! 192.168.0.0/24 -A
> POSTROUTING -j MASQUERADE
> #
> # turn on packet forwarding
> #
> echo 1 > /proc/sys/net/ipv4/ip_forward
> ===============================
>
> Almost everything is working correctly - I can browse the network and I
> can use ftp to transfer files between the SuSE 10.0 host and the Windows
> guest OS. The major deficiency is that my printers are mounted on Samba
> shares on a server in my network, and the SMB broadcasts are not getting
> to the virtual machine. As a result, the printers are not available. In
> addition, it would be nice to be able to mount the Samba-based network
> drives rather than using ftp for file transfers.
>
> Are there iptables rules that would make the SMB broadcasts available to
> both my host and guest OS's? Is there some other way to handle this
> problem?

The SMB broadcasts are strictly the local subnet only. You
cannot route (network level, IP, transfer) the LAN broadcasts.

Are you using a tun (IP level) or a tap (Ethernet level) interface?

As far as I see, you ought to bridge the local nets (192.168.0.x)
together using the link level (tap) interfaces to pass the broadcasts.

HTH

--

Tauno Voipio
tauno voipio (at) iki fi

Tauno Voipio wrote:
>
> The SMB broadcasts are strictly the local subnet only. You
> cannot route (network level, IP, transfer) the LAN broadcasts.
>
> Are you using a tun (IP level) or a tap (Ethernet level) interface?
>
> As far as I see, you ought to bridge the local nets (192.168.0.x)
> together using the link level (tap) interfaces to pass the broadcasts.

Thanks for the hint. I got it working with a bridge. The new contents of the script when QEMU starts
is as follows:

================================================== =========
#!/bin/sh
#
# script to bring up the tun device in QEMU in bridged mode
#
# This script bridges eth0 and tap0. First take eth0 down, then bring it up with IP 0.0.0.0
#
sudo /sbin/ifdown eth0
sudo /sbin/ifconfig eth0 0.0.0.0 up
#
# Bring up tap0 with IP 0.0.0.0, create bridge br0 and add interfaces eth0 and tap0 to bridge
#
sudo /sbin/ifconfig tap0 0.0.0.0 promisc up
sudo /sbin/brctl addbr br0
sudo /sbin/brctl addif br0 eth0
sudo /sbin/brctl addif br0 tap0
#
# As we have only a single bridge and loops are not possible, turn spanning tree protocol off
#
sudo /sbin/brctl stp br0 off
#
# Bring up the bridge with IP 192.168.1.3 and add the default route
#
sudo /sbin/ifconfig br0 192.168.1.3 up
sudo /sbin/route add default gw 192.168.1.1
================================================== =

When QEMU exits, the following script restores the normal networking:

================================================== =
#!/bin/sh
#
# Script to bring down and delete bridge br0 when QEMU exits
#
# Bring down eth0 and br0
#
sudo /sbin/ifdown eth0
sudo /sbin/ifdown br0
#
# Delete the bridge
#
sudo /sbin/brctl delbr br0
#
# bring up eth0 in "normal" mode
#
sudo /sbin/ifup eth0
================================================== ======

The final piece is to configure the Windows virtual machine to have an unused address in the
192.168.1.0/24 network.

With this setup, all my SMB shares are available in the guest and host OS's, just the way I wanted.

Larry