GNS3で，Qemuが古いのでパッチを当てろというエラーがでたばあい(ubuntu12.04)

• gns3 -> Edit -> Preferences -> Qemu -> General Settings -> Test Setttings
  • patchあてろ的なエラー
• QEMU-0.14.1-GNS3-Ubuntu-Linux64.tgzをダウンロード
  • http://blog.ciscoinferno.net/asa-8-42-under-ubuntu-12-04
  • 解凍して

$ sudo ./Qinstall  

• • /usr/local/bin/に展開される
  • /usr/local/bin/に実行ファイルをおくと，既存のqemu-*とバッティングするので，別の場所に置くe.g., /path/to/gns3/
  • GNS3 -> Edit -> Preferences -> Qemu -> General Settings -> Path to qemu = /path/to/qemu-system-x86_64 # Qinstallでいれたやつ
  • GNS3 -> Edit -> Preferences -> Qemu -> General Settings -> Path to qemu-img = /path/to/qemu-img # Qinstallでいれたやつ

consoleの変更

• General -> Termimal Setting
• gnome-terminal -t %d -e 'telnet %h %p' >/dev/null 2>&1 # gnome-terminalにする

img取得の場合

• http://brezular.com/2013/09/19/vyatta-qemu-and-virtualbox-appliances/にVyatta OSのqemu/vbox imageがあるのでqemuの方を持ってくる．
• login/pass: vyatta/vyatta(123)

iso取得の場合

• http://www.vyatta.org/downloads
• login/pass: vyatta/vyatta(123)

KVM installation

• installは割愛 (いっぱい参考記事があるので)

vyattaをisoからinstall on ubuntu12.04 KVM

• download vyatta-livecd_VC6.6R1_amd64.iso
• virt-manager
  • os version: debian squeeze
• live CD
  • user/pass = vyatta/vyatta(123)
  • install system
  • reboot
• sshd (いらないかも)
  • /etc/ssh/sshd_config
    • StrictModes yes <- commentする

参考

• virt-mangerでinstallしたが，結果的にvyatta_vc6.6r1しかtelnet経由でresponseがなかった．(どなたかできていたら教えてください．)
• 試したOS: 結果
  • CentOS6.4: GNS3のqemu経由でkernel pannic
  • ubuntu12.10: GNS3のqemu経由で起動はするが，telnetでno response
  • debian-7.3.0: GNS3のqemu経由で起動はするが，telnetでno response
  • linux-microcore: GNS3のqemu経由で起動はするが，telnetでno response
• virt-manager/virt-installだとだめなのか？
• しょうがないので，GNS3上で動くっていっているimageをDL
  • http://sourceforge.net/projects/gns-3/files/Qemu%20Appliances/linux-core-4.7.7.img/download
  • GNS3 -> Edit -> Preferences -> Qemu -> Qemu Guest -> DLしてきたlinux coreを指定．
  • user/passwd = [root/root, tc/empty]
  • telnetでresponseあり．

GNS3 + qemuでrebootするとMACが新しく振られて，NICが増える問題

• 動的にNICを作成するscriptをmove

$ mv /lib/udev/vyatta_net_name vyatta_net_name_backupa ## これだけで大丈夫?

$ vi /li/bdevu/75-persistent-net-generator.rules # いらないかも

• 追加(それっぽい場所に)

...
ENV{MATCHADDR}==”0*”, ENV{MATCHADDR}=”"
...

• rebootしてから確認

$ show interfaces

• 注意
  • hw-idの自動生成もなるなくので，hw-idもセットすること．

Vyatta 基本

$ configure
...
$ commit
$ save

• 設定の確認

$ show interfaces
$ show system
$ show policy

• interfaceの設定

$ set interfaces ethernet ${eth_id} address ${ip_addr}

• routeの設定

$ set policy route ${route_name} rule ${rule_id} source address ${ip_addr}
$ set policy route ${route_name} rule ${rule_id} destination address ${ip_addr}
$ set policy route ${route_name} rule ${rule_id} set table ${table_id}
$ set interfaces ethernet ${eth_id} address ${ip_addr}
$ set interfaces ethernet ${eth_id} policy route ${rule_name}

• firewallの設定

set firewall name ${FW_NAME} description "${description}"
set firewall name ${FW_NAME} default-action reject
set firewall name ${FW_NAME} rule ${rule_num}  description "Accept Established-Related Connections"
set firewall name ${FW_NAME} rule ${rule_num} action accept
set firewall name ${FW_NAME} rule ${rule_num} state established enable
set firewall name ${FW_NAME} rule ${rule_num} state related enable
set firewall name ${FW_NAME} rule ${rule_num} log disable
set firewall name ${FW_NAME} rule ${rule_num} description "SSH Access"
set firewall name ${FW_NAME} rule ${rule_num} action accept
set firewall name ${FW_NAME} rule ${rule_num} protocol tcp
set firewall name ${FW_NAME} rule ${rule_num} source address 192.168.200.0/24
set firewall name ${FW_NAME} rule ${rule_num} destination port ssh
set firewall name ${FW_NAME} rule ${rule_num} log disable
set firewall name ${FW_NAME} rule ${rule_num} description "Accept ICMP Unreachable"
set firewall name ${FW_NAME} rule ${rule_num} action accept
set firewall name ${FW_NAME} rule ${rule_num} protocol icmp
set firewall name ${FW_NAME} rule ${rule_num} icmp type 3
set firewall name ${FW_NAME} rule ${rule_num} log disable
set firewall name ${FW_NAME} rule ${rule_num} description "Accept ICMP Echo Request"
set firewall name ${FW_NAME} rule ${rule_num} action accept
set firewall name ${FW_NAME} rule ${rule_num} protocol icmp
set firewall name ${FW_NAME} rule ${rule_num} icmp type 8
set firewall name ${FW_NAME} rule ${rule_num} log disable
set firewall name ${FW_NAME} rule ${rule_num} description "Accept ICMP Time-Exceeded"
set firewall name ${FW_NAME} rule ${rule_num} action accept
set firewall name ${FW_NAME} rule ${rule_num} protocol icmp
set firewall name ${FW_NAME} rule ${rule_num} icmp type 11
set firewall name ${FW_NAME} rule ${rule_num} log disable
set interfaces ethernet ${eth_n} firewall local name ${FW_NAME}