Centos 7 Samba Setup on
I did this in Centos 7 with kernel 4.0.4
Since I am behind a
firewall in my local LAN I have disabled SELINUX and turned firewall
off. i am also fully up to date on packages as of 4/1/2015.
Get your system ready.
Turn off firewall and iptables if they are on.
# systemctl disable firewalld.service
# systemctl stop firewalld.service
# systemctl disable iptables.service
# systemctl stop iptables.service
Disable selinux if it is enforced.
# vi /etc/sysconfig/selinux
SELINUX=disabled
reboot if you have changed these
# reboot
NOTE**
I fought with this for day so beware! I am on Centos 6.6 I have the
epel repo active in my repo list. When I used yum for the install of
samaba, I think it got it from there. All worked well with using
\\ip_addr_of_samba_server\ but I could never get my samba server to show
up in windows network browser. I discovered nmb was NOT running on the
samba server. Not good if you want windows to discover it automatically.
So I completely removed samba using “yum –y remove samba*” (notice the *
at the end of samba. And leave out the quotes). I then removed the epel
repo with “rpm -e your-epel-package-name-here” Now you can install
samba with the steps below and have it work 100%.
Install samba
# yum -y install samba*
Create user and set password for samba share use
# useradd samba -s /sbin/nologin
# smbpasswd -a samba
Supply a password
Retype the password
mkdir for the shared files and set permissions
# mkdir /share
# chown -R samba:root /share/
Now config samba for the share and share user
# vi /etc/samba/smb.conf
Add/edit this under the [global] section
[global]
workgroup = WORKGROUP ;use name of your workgroup here
server string = Samba Server Version %v
netbios name = SAMBA
Add this to botton of /etc/samba/smb.conf file
[share]
comment = Share
path = /share
writable = yes
valid users = samba
Now start samaba and make sure it is on after boot
# service smb start
# chkconfig smb on
# service nmb start
# chkconfig nmb on
Now test your setup with
# testparm
Load smb config files from /etc/samba/smb.conf
rlimit_max: increasing rlimit_max (1024) to minimum Windows limit (16384)
Processing section "[homes]"
Processing section "[printers]"
Processing section "[share]"
Loaded services file OK.
Server role: ROLE_STANDALONE
Press enter to see a dump of your service definitions
[global]
server string = Samba Server Version %v
log file = /var/log/samba/log.%m
max log size = 50
cups options = raw
[homes]
comment = Home Directories
read only = No
browseable = No
[printers]
comment = All Printers
path = /var/spool/samba
printable = Yes
browseable = No
[share]
comment = Share
path = /share
valid users = samba
read only = No
NOTE**
make sure your workgroup = is the actual name of your Windows
workgroup, smb service is running, and nmb service is running, or you
won’t see your samba server when windows machines browse the network.
NOTE: **
when accessing your samba server from windows 8.1 there is a problem
with accessing the same server with two sets of credentials. Meaning if
you login to a samba share as one user you will not be able to login to
another share as another user. If you need to change users you can
relogin into Windows OS (not cool) or use:
C:\> net use * /DELETE
Say yes to remove the connection(s) you already have, thus saving a reboot :)
Thanks to:
http://www.if-not-true-then-false.com/2010/yum-remove-repo-repository-yum-disable-repo-repository/
http://www.krizna.com/centos/installing-configuring-samba-centos-6/
The end!
Saturday, June 6, 2015
Centos 7 Systemd
This was taken from
http://www.tejasbarot.com/2014/07/22/rhel-7-centos-7-how-to-get-started-with-systemd/#axzz3cIJAIqNe
Presentation
As the Systemd now replaces SysVinit, it is time to get familiar with it and learn new commands.
Systemd is quicker because it uses fewer scripts and tries to run more tasks in parallel (Systemd calls them units).
The Systemd configuration is stored in the /etc/systemd directory.
Boot process
Systemd primary task is to manage the boot process and provides informations about it.
To get the boot process duration, type:
# systemd-analyze Startup finished in 422ms (kernel) + 2.722s (initrd) + 9.674s (userspace) = 12.820s
To get the time spent by each task during the boot process, type:
# systemd-analyze blame 7.029s network.service 2.241s plymouth-start.service 1.293s kdump.service 1.156s plymouth-quit-wait.service 1.048s firewalld.service 632ms postfix.service 621ms tuned.service 460ms iprupdate.service 446ms iprinit.service 344ms accounts-daemon.service ... 7ms systemd-update-utmp-runlevel.service 5ms systemd-random-seed.service 5ms sys-kernel-config.mount
Note: You will find additional information on this point in the Lennart Poettering’s blog.
Journal analysis
In addition, Systemd handles the system event log, a syslog daemon is not mandatory any more.
To get the content of the Systemd journal, type:
# journalctl
To get all the events related to the crond process in the journal, type:
# journalctl /sbin/crond
Note: You can replace /sbin/crond by `which crond`.
To get all the events since the last boot, type:
# journalctl -b
To get all the events that appeared today in the journal, type:
# journalctl --since=today
To get all the events with a syslog priority of err, type:
# journalctl -p err
To get the 10 last events and wait for any new one (like “tail -f /var/Log/messages”), type:
# journalctl -f
Note: You will find additional information on this point in the Lennart Poettering’s blog or Lennart Poettering’s video (44min: the first ten minutes are very interesting concerning security issues).
Control groups
Systemd organizes tasks in control groups. For example, all the processes started by an apache webserver will be in the same control group, CGI scripts included.
To get the full hierarchy of control groups, type:
# systemd-cgls ├─user.slice │ └─user-1000.slice │ └─session-1.scope │ ├─2889 gdm-session-worker [pam/gdm-password] │ ├─2899 /usr/bin/gnome-keyring-daemon --daemonize --login │ ├─2901 gnome-session --session gnome-classic . . └─iprupdate.service └─785 /sbin/iprupdate --daemon
To get the list of control group ordered by CPU, memory and disk I/O load, type:
# systemd-cgtop Path Tasks %CPU Memory Input/s Output/s / 213 3.9 829.7M - - /system.slice 1 - - - - /system.slice/ModemManager.service 1 - - - -
To kill all the processes associated with an apache server (CGI scripts included), type:
# systemctl kill httpd
To put resource limits on a service (here 500 CPUShares), type:
# systemctl set-property httpd.service CPUShares=500
Note1: The change is written into the service unit file. Use the –runtime option to avoid this behavior.
Note2: By default, each service owns 1024 CPUShares. Nothing prevents you from giving a value smaller or bigger.
To get the current CPUShares service value, type:
# systemctl show -p CPUShares httpd.service
Service management
Systemd deals with all the aspects of the service management. The systemctl command replaces the chkconfig and the service commands. The old commands are now a link to the systemctl command.
To activate the NTP service at boot, type:
# systemctl enable ntpd
Note1: You should specify ntpd.service but by default the .service suffix will be added.
Note2: If you specify a path, the .mount suffix will be added.
Note3: If you mention a device, the .device suffix will be added.
To deactivate it, start it, stop it, restart it, reload it, type:
# systemctl disable ntpd # systemctl start ntpd # systemctl stop ntpd # systemctl restart ntpd # systemctl reload ntpd
To know if the NTP service is activated at boot, type:
# systemctl is-enabled ntpd enabled
To know if the NTP service is running, type:
# systemctl is-active ntpd inactive
To get the status of the NTP service, type:
# systemctl status ntpd ntpd.service Loaded: not-found (Reason: No such file or directory) Active: inactive (dead)
If you change a service configuration, you will need to reload it:
# systemctl daemon-reload
To get the list of all the units (services, mount points, devices) with their status and description, type:
# systemctl
To get a more readable list, type:
# systemctl list-unit-files
To get the list of services that failed at boot, type:
# systemctl --failed
To get the status of a process (here httpd) on a remote server (here rhel7.example.com), type:
# systemctl -H root@rhel7.example.com status httpd.service
Run levels
Systemd also deals with run levels. As everything is represented by files in Systemd, target files replace run levels.
To move to single user mode, type:
# systemctl rescue
To move to the level 3 (equivalent to the previous level 3), type:
# systemctl isolate runlevel3.target
Or:
# systemctl isolate multi-user.target
To move to the graphical level (equivalent to the previous level 5), type:
# systemctl isolate graphical.target
To set the default run level to non-graphical mode, type:
# systemctl set-default multi-user.target
To set the default run level to graphical mode, type:
# systemctl set-default graphical.target
To get the current default run level, type:
# systemctl get-default graphical.target
To stop a server, type:
# systemctl poweroff
Note: You can still use the poweroff command, a link to the systemctl command has been created (the same thing is true for the halt and reboot commands).
To reboot a server, suspend it or put it into hibernation, type:
# systemctl reboot # systemctl suspend # systemctl hibernate
Linux standardization
Systemd‘s authors have decided to help Linux standardization among distributions. Through Systemd, changes happen in the localization of some configuration files.
Miscellaneous
To get the server hostnames, type:
# hostnamectl Static hostname: rhel7.example.com Icon name: computer-laptop Chassis: laptop Machine ID: bcdc71f1943f4d859aa37e54a422938d Boot ID: f84556924b4e4bbf9c4a82fef4ac26d0 Operating System: Red Hat Enterprise Linux Everything 7.0 (Maipo) CPE OS Name: cpe:/o:redhat:enterprise_linux:7.0:beta:everything Kernel: Linux 3.10.0-54.0.1.el7.x86_64 Architecture: x86_64
Note: There are three kinds of hostnames: static, pretty, and transient.
“The static host name is the traditional hostname, which can be chosen by the user, and is stored in the /etc/hostname file. The “transient” hostname is a dynamic host name maintained by the kernel. It is initialized to the static host name by default, whose value defaults to “localhost”. It can be changed by DHCP or mDNS at runtime. The pretty hostname is a free-form UTF8 host name for presentation to the user.” Source: RHEL 7 Networking Guide.
To assign the rhel7 hostname permanently to the server, type:
# hostnamectl set-hostname rhel7
Note: With this syntax all three hostnames (static, pretty, and transient) take the rhel7 value at the same time. However, it is possible to set the three hostnames separately by using the –pretty, –static, and –transient options.
To get the current locale, virtual console keymap and X11 layout, type:
# localectl System Locale: LANG=en_US.UTF-8 VC Keymap: en_US X11 Layout: en_US
To assign the en_GB.utf8 value to the locale, type:
# localectl set-locale LANG=en_GB.utf8
To assign the en_GB value to the virtual console keymap, type:
# localectl set-keymap en_GB
To assign the en_GB value to the X11 layout, type:
# localectl set-x11-keymap en_GB
To get the current date and time, type:
# timedatectl Local time: Fri 2014-01-24 22:34:05 CET Universal time: Fri 2014-01-24 21:34:05 UTC RTC time: Fri 2014-01-24 21:34:05 Timezone: Europe/Madrid (CET, +0100) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: no Last DST change: DST ended at Sun 2013-10-27 02:59:59 CEST Sun 2013-10-27 02:00:00 CET Next DST change: DST begins (the clock jumps one hour forward) at Sun 2014-03-30 01:59:59 CET Sun 2014-03-30 03:00:00 CEST
To set the current date, type:
# timedatectl set-time YYYY-MM-DD
To set the current time, type:
# timedatectl set-time HH:MM:SS
To get the list of time zones, type:
# timedatectl list-timezones
To change the time zone to America/New_York, type:
# timedatectl set-timezone America/New_York
To get the users’ list, type:
# loginctl list-users UID USER 42 gdm 1000 tom 0 root
To get the list of all current user sessions, type:
# loginctl list-sessions SESSION UID USER SEAT 1 1000 tom seat0 1 sessions listed.
To get the properties of the user tom, type:
# loginctl show-user tom UID=1000 GID=1000 Name=tom Timestamp=Fri 2014-01-24 21:53:43 CET TimestampMonotonic=160754102 RuntimePath=/run/user/1000 Slice=user-1000.slice Display=1 State=active Sessions=1 IdleHint=no IdleSinceHint=0 IdleSinceHintMonotonic=0
For a better understanding, you can additionally read Bob Cromwell’s blog about Systemd.
Thanks to Original Author for explaining it very nicely.
Source : http://www.certdepot.net/rhel7-get-started-systemd/
Monday, June 1, 2015
pfSense setting up bridge networks for use in KVM
pfSense setting up bridge networks for use in KVM
My KVM host is Centos 6.6 with kernel upgrade to 3.19.8. I have an on-board and an add on PCIe 1GB NIC's for use.
I use this setup to install pfSense as a KVM guest using the two physical NIC's in my KVM host.
My first interface eth0 is a Qualcomm® Atheros 1GB on-board NIC with HWADDR=74:d4:35:ea:90:1f and using IP addr of 192.168.10.100 and network of 192.168.10.0/24
This interface is behind a 1GB switch then to my router attached to the Internet.
My second interface eth1 is a TP Link 1GB add on card with HWADDR=30:B5:C2:02:77:2B and using IP addr of 192.168.100.100 and network of 192.168.100.0/24
This interface is plugged into a standalone 1GB switch and has no other connectivity or networks attached.
My object is to be able to build guest images in my KVM host that can use either, or both, interfaces.
I want to install a pfSense guest image using both interfaces, eth0 as WAN and eth1 and LAN.
Then I can build two more Centos guest images, one with just eth0 and the other with eth1, and use the pfSense image as the router between the two.
First I make sure network manager is off, and stays off on reboot.
# chkconfig NetworkManager off
# service NetworkManager stop
Verify your resolv.conf file. Should look something like
# vi /etc/resolv.conf
search whittenberg.domain
nameserver 192.168.10.1
Verify your networks file
# vi /etc/networks
default 0.0.0.0
loopback 127.0.0.0
link-local 169.254.0.0
Verify your network file
# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=nas.whittenberg.domain
GATEWAY=192.168.10.1
NETWORKING_IPV6=no
Setup your ifcfg-eth0 file. Notice I rem out the IP numbers and add BRIDGE=br0 at the bottom .
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=74:d4:35:ea:90:1f
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
NETWORKING_IPV6=no
IPV6_AUTOCONF=no
#IPADDR=192.168.10.100
#NETMASK=255.255.255.0
#BROADCAST=192.168.10.255
#NETWORK=192.168.10.0
#GATEWAY=192.168.10.1
BRIDGE=br0
Setup your ifcfg-eth1 file. Notice I rem out the IP numbers and add BRIDGE=br1 at the bottom .
# vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
HWADDR=30:B5:C2:02:77:2B
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
NETWORKING_IPV6=no
IPV6_AUTOCONF=no
#IPADDR=192.168.100.100
#NETMASK=255.255.255.0
#BROADCAST=192.168.100.255
#NETWORK=192.168.100.0
#GATEWAY=192.168.10.1
BRIDGE=br1
Build a new ifcfg-br0 file. Notice this has the IP numbers in it and not rem'd out, DEVICE=br0, and TYPE=Bridge (Use upper-case B in Bridge or will not work)
# vi /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
NETWORKING_IPV6=no
IPV6_AUTOCONF=no
STP=yes
DELAY=0
IPADDR=192.168.10.100
NETMASK=255.255.255.0
BROADCAST=192.168.10.255
NETWORK=192.168.10.0
GATEWAY=192.168.10.1
Build a new ifcfg-br1 file. Notice this has the IP numbers in it and not rem'd out, DEVICE=br1, and TYPE=Bridge (Use upper-case B in Bridge or will not work)
I also have my GATEWAY at 192.168.10.1 so I can route out on the KVM host from either interface
# vi /etc/sysconfig/network-scripts/ifcfg-br1
DEVICE=br1
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
NETWORKING_IPV6=no
IPV6_AUTOCONF=no
STP=yes
DELAY=0
IPADDR=192.168.100.100
NETMASK=255.255.255.0
BROADCAST=192.168.100.255
NETWORK=192.168.100.0
GATEWAY=192.168.10.1
Now restart the network
# service network restart
Verify your setup
# ifconfig
br0 Link encap:Ethernet HWaddr 74:D4:35:EA:90:1F
inet addr:192.168.10.100 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::76d4:35ff:feea:901f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4364 errors:0 dropped:0 overruns:0 frame:0
TX packets:2023 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:742025 (724.6 KiB) TX bytes:255958 (249.9 KiB)
br1 Link encap:Ethernet HWaddr 30:B5:C2:02:77:2B
inet addr:192.168.100.100 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::32b5:c2ff:fe02:772b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2381 errors:0 dropped:0 overruns:0 frame:0
TX packets:535 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:291677 (284.8 KiB) TX bytes:38805 (37.8 KiB)
eth0 Link encap:Ethernet HWaddr 74:D4:35:EA:90:1F
inet6 addr: fe80::76d4:35ff:feea:901f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10464 errors:0 dropped:34 overruns:0 frame:0
TX packets:3595 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2023784 (1.9 MiB) TX bytes:481595 (470.3 KiB)
Interrupt:18
eth1 Link encap:Ethernet HWaddr 30:B5:C2:02:77:2B
inet6 addr: fe80::32b5:c2ff:fe02:772b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5202 errors:0 dropped:34 overruns:0 frame:0
TX packets:2479 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1166588 (1.1 MiB) TX bytes:157098 (153.4 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:2951 errors:0 dropped:0 overruns:0 frame:0
TX packets:2951 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:646709 (631.5 KiB) TX bytes:646709 (631.5 KiB)
Verify the bridge
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.74d435ea901f yes eth0
br1 8000.30b5c202772b yes eth1
pan0 8000.000000000000 no
Check your routes
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default TEW-731BR 0.0.0.0 UG 0 0 0 br0
link-local * 255.255.0.0 U 1011 0 0 br0
link-local * 255.255.0.0 U 1012 0 0 br1
192.168.10.0 * 255.255.255.0 U 0 0 0 br0
192.168.100.0 * 255.255.255.0 U 0 0 0 br1
Notice my default gateway. TEW-731BR is my router name on 192.168.10.1 IP addr.
Test we have internet access bot FQDN and IP addr
# ping www.google.com
PING www.google.com (74.125.21.99) 56(84) bytes of data.
64 bytes from yv-in-f99.1e100.net (74.125.21.99): icmp_seq=1 ttl=42 time=90.1 ms
# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=24.4 ms
Now you should be able to use br0 and br1 in your KVM guest images.
I will setup br0 as my WAN interface in pfSense guest image and give it IP addr of 192.168.10.10 with a route out of 192.168.10.1
I will also setup br1 as my LAN interface in pfSense guest image and give it IP addr of 192.168.100.10
Now any other guest image I build using the br1 interface I can set that image for a route out on 192.168.100.10 and it will go through the pfSense router for all request off the 192.168.100.0/24 network.
Hope this helps!
Added 6/1/2015 18:18 AZ
Well it worked! I used the e1000 NIC adapter on both interfaces when I built my pfSense image. The max transfer speed I was able to get out of it was 50MBs across the router. I think this may be do to the fact I am using the same zfs pool for source and destination file. My pfSense image is on the zfs pool. My test Centos image I put on 192.168.100.0 network is on the zfs pool. And the file I was retrieving is also on the zfs pool, but on a 192.168.10.0 network. I will try and get a share off the pool, and on my SSD, from the 192.168.10.0 network and trying the transfer again. BTW cpu was at 45% during the transfer. I used all 4 cores for all images. This is shared with the Host of course that was serving up the file off the zfs pool on 192.168.10.0 network. I may need another physical machine on the 192.168.10.0 network to get into the 100MB's (That's my goal).
My KVM host is Centos 6.6 with kernel upgrade to 3.19.8. I have an on-board and an add on PCIe 1GB NIC's for use.
I use this setup to install pfSense as a KVM guest using the two physical NIC's in my KVM host.
My first interface eth0 is a Qualcomm® Atheros 1GB on-board NIC with HWADDR=74:d4:35:ea:90:1f and using IP addr of 192.168.10.100 and network of 192.168.10.0/24
This interface is behind a 1GB switch then to my router attached to the Internet.
My second interface eth1 is a TP Link 1GB add on card with HWADDR=30:B5:C2:02:77:2B and using IP addr of 192.168.100.100 and network of 192.168.100.0/24
This interface is plugged into a standalone 1GB switch and has no other connectivity or networks attached.
My object is to be able to build guest images in my KVM host that can use either, or both, interfaces.
I want to install a pfSense guest image using both interfaces, eth0 as WAN and eth1 and LAN.
Then I can build two more Centos guest images, one with just eth0 and the other with eth1, and use the pfSense image as the router between the two.
First I make sure network manager is off, and stays off on reboot.
# chkconfig NetworkManager off
# service NetworkManager stop
Verify your resolv.conf file. Should look something like
# vi /etc/resolv.conf
search whittenberg.domain
nameserver 192.168.10.1
Verify your networks file
# vi /etc/networks
default 0.0.0.0
loopback 127.0.0.0
link-local 169.254.0.0
Verify your network file
# vi /etc/sysconfig/network
NETWORKING=yes
HOSTNAME=nas.whittenberg.domain
GATEWAY=192.168.10.1
NETWORKING_IPV6=no
Setup your ifcfg-eth0 file. Notice I rem out the IP numbers and add BRIDGE=br0 at the bottom .
# vi /etc/sysconfig/network-scripts/ifcfg-eth0
DEVICE=eth0
HWADDR=74:d4:35:ea:90:1f
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
NETWORKING_IPV6=no
IPV6_AUTOCONF=no
#IPADDR=192.168.10.100
#NETMASK=255.255.255.0
#BROADCAST=192.168.10.255
#NETWORK=192.168.10.0
#GATEWAY=192.168.10.1
BRIDGE=br0
Setup your ifcfg-eth1 file. Notice I rem out the IP numbers and add BRIDGE=br1 at the bottom .
# vi /etc/sysconfig/network-scripts/ifcfg-eth1
DEVICE=eth1
HWADDR=30:B5:C2:02:77:2B
ONBOOT=yes
TYPE=Ethernet
BOOTPROTO=none
NETWORKING_IPV6=no
IPV6_AUTOCONF=no
#IPADDR=192.168.100.100
#NETMASK=255.255.255.0
#BROADCAST=192.168.100.255
#NETWORK=192.168.100.0
#GATEWAY=192.168.10.1
BRIDGE=br1
Build a new ifcfg-br0 file. Notice this has the IP numbers in it and not rem'd out, DEVICE=br0, and TYPE=Bridge (Use upper-case B in Bridge or will not work)
# vi /etc/sysconfig/network-scripts/ifcfg-br0
DEVICE=br0
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
NETWORKING_IPV6=no
IPV6_AUTOCONF=no
STP=yes
DELAY=0
IPADDR=192.168.10.100
NETMASK=255.255.255.0
BROADCAST=192.168.10.255
NETWORK=192.168.10.0
GATEWAY=192.168.10.1
Build a new ifcfg-br1 file. Notice this has the IP numbers in it and not rem'd out, DEVICE=br1, and TYPE=Bridge (Use upper-case B in Bridge or will not work)
I also have my GATEWAY at 192.168.10.1 so I can route out on the KVM host from either interface
# vi /etc/sysconfig/network-scripts/ifcfg-br1
DEVICE=br1
TYPE=Bridge
ONBOOT=yes
BOOTPROTO=static
NETWORKING_IPV6=no
IPV6_AUTOCONF=no
STP=yes
DELAY=0
IPADDR=192.168.100.100
NETMASK=255.255.255.0
BROADCAST=192.168.100.255
NETWORK=192.168.100.0
GATEWAY=192.168.10.1
Now restart the network
# service network restart
Verify your setup
# ifconfig
br0 Link encap:Ethernet HWaddr 74:D4:35:EA:90:1F
inet addr:192.168.10.100 Bcast:192.168.10.255 Mask:255.255.255.0
inet6 addr: fe80::76d4:35ff:feea:901f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4364 errors:0 dropped:0 overruns:0 frame:0
TX packets:2023 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:742025 (724.6 KiB) TX bytes:255958 (249.9 KiB)
br1 Link encap:Ethernet HWaddr 30:B5:C2:02:77:2B
inet addr:192.168.100.100 Bcast:192.168.100.255 Mask:255.255.255.0
inet6 addr: fe80::32b5:c2ff:fe02:772b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:2381 errors:0 dropped:0 overruns:0 frame:0
TX packets:535 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:291677 (284.8 KiB) TX bytes:38805 (37.8 KiB)
eth0 Link encap:Ethernet HWaddr 74:D4:35:EA:90:1F
inet6 addr: fe80::76d4:35ff:feea:901f/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:10464 errors:0 dropped:34 overruns:0 frame:0
TX packets:3595 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:2023784 (1.9 MiB) TX bytes:481595 (470.3 KiB)
Interrupt:18
eth1 Link encap:Ethernet HWaddr 30:B5:C2:02:77:2B
inet6 addr: fe80::32b5:c2ff:fe02:772b/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5202 errors:0 dropped:34 overruns:0 frame:0
TX packets:2479 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:1166588 (1.1 MiB) TX bytes:157098 (153.4 KiB)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
inet6 addr: ::1/128 Scope:Host
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:2951 errors:0 dropped:0 overruns:0 frame:0
TX packets:2951 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:646709 (631.5 KiB) TX bytes:646709 (631.5 KiB)
Verify the bridge
# brctl show
bridge name bridge id STP enabled interfaces
br0 8000.74d435ea901f yes eth0
br1 8000.30b5c202772b yes eth1
pan0 8000.000000000000 no
Check your routes
# route
Kernel IP routing table
Destination Gateway Genmask Flags Metric Ref Use Iface
default TEW-731BR 0.0.0.0 UG 0 0 0 br0
link-local * 255.255.0.0 U 1011 0 0 br0
link-local * 255.255.0.0 U 1012 0 0 br1
192.168.10.0 * 255.255.255.0 U 0 0 0 br0
192.168.100.0 * 255.255.255.0 U 0 0 0 br1
Notice my default gateway. TEW-731BR is my router name on 192.168.10.1 IP addr.
Test we have internet access bot FQDN and IP addr
# ping www.google.com
PING www.google.com (74.125.21.99) 56(84) bytes of data.
64 bytes from yv-in-f99.1e100.net (74.125.21.99): icmp_seq=1 ttl=42 time=90.1 ms
# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
64 bytes from 8.8.8.8: icmp_seq=1 ttl=57 time=24.4 ms
Now you should be able to use br0 and br1 in your KVM guest images.
I will setup br0 as my WAN interface in pfSense guest image and give it IP addr of 192.168.10.10 with a route out of 192.168.10.1
I will also setup br1 as my LAN interface in pfSense guest image and give it IP addr of 192.168.100.10
Now any other guest image I build using the br1 interface I can set that image for a route out on 192.168.100.10 and it will go through the pfSense router for all request off the 192.168.100.0/24 network.
Hope this helps!
Added 6/1/2015 18:18 AZ
Well it worked! I used the e1000 NIC adapter on both interfaces when I built my pfSense image. The max transfer speed I was able to get out of it was 50MBs across the router. I think this may be do to the fact I am using the same zfs pool for source and destination file. My pfSense image is on the zfs pool. My test Centos image I put on 192.168.100.0 network is on the zfs pool. And the file I was retrieving is also on the zfs pool, but on a 192.168.10.0 network. I will try and get a share off the pool, and on my SSD, from the 192.168.10.0 network and trying the transfer again. BTW cpu was at 45% during the transfer. I used all 4 cores for all images. This is shared with the Host of course that was serving up the file off the zfs pool on 192.168.10.0 network. I may need another physical machine on the 192.168.10.0 network to get into the 100MB's (That's my goal).
Subscribe to:
Posts (Atom)