今天又是这么晚.
刚刚还在这个帖子上说PIXEMU与Dynamips通信的问题.去7200emu.hacki.at有仔细看了mmm123回的帖子.
在这之前我配置DY跟PIXEMU始终没办法通信.
于是我发现了这个怪人(作者)的的一段怪话:
Actually I mentioned in readme, that this is qemu, go read qemu documentation, it will answer most of your questions.
The way I use it - it creates 2 virtual tap interfaces, which are configured via if1up and if2up scripts. The simpliest thing is to just assign ip address in these interfaces, and you'll have IP connectivity between linux and pixemu. The only strange thing is that tap0 is connected to ethernet1 in pix, and tap1 is connected to ethernet0 in pix.
The other option is to use some sort of bridging between tap interface and ethernet interface on your box, it could be done by linux build-in bridging, but i prefer to use simple program "bridge", that just copies packets from one interface to the other.
我大概的说一下,他的意思是创建两个虚拟的TAP接口,结果有一个奇怪的事情,就是tap0连接的是PIX的ethernet1,而
tap1连接的是PIX的ethernet0 原来这两个端口的反的.这就难怪刚才配置不管怎么样结果都是不通.
知道这个以后,在打开虚拟机,然后按照刚才的配置,只是要把端口别过来,感觉有点别扭.不管怎么样还是PING通了.发个图为证:(只有两台设备一台ROUTER,一台PIX)
 
其实原理挺简单的,就是拿TAP做桥.将dy与TAP桥接,这是我的NET文件:
复制内容到剪贴板
代码:autostart = false
[localhost]
[[7200]]
# On Linux / Unix use forward slashes:
image = /root/dynamips/c7200-is-mz.122-37.bin
npe = npe-400
ram = 160
idlepc = 0x6067d100
[[ROUTER R1]]
model = 7200
slot0=PA-C7200-IO-FE
fa0/0 = NIO_gen_eth:tap0不过记住这里接的是TAP0 那么我们在DY下的FA0/0口配置IP与TAP0同网段,然后PIX其实应该是配置E1口与TAP0在同网段.所以说恰好跟
tap0<--->e0
tap1<--->e1
这个循序颠倒应该为
tap0<--->e1
tap1<--->e0
我也没办法解释,作者也说是个怪事.
至于怎么样运行多台PIX,作者给出了方法:
引用:
You can run two or more emulator on one computer.
make 2 flash files - FLASH.1 and FLASH.2
run 1st instance with:
./pixemu -no-kqemu -net nic,vlan=1,macaddr=00:a0:00:00:00:01 -net tap,vlan=1,script=if1up -net nic,vlan=2,macaddr=00:a0:00:00:00:02 -net tap,vlan=2,script=if2up -serial stdio -m 128 FLASH.1
run 2nd emulator with
./pixemu -no-kqemu -net nic,vlan=1,macaddr=00:a0:00:00:00:11 -net tap,vlan=1,script=if1up -net nic,vlan=2,macaddr=00:a0:00:00:00:12 -net tap,vlan=2,script=if2up -serial stdio -m 128 FLASH.2
NOTE different mac addresses!!!
-no-kqemu is probably required, anyway, kqemu doesn't help much.
on 3rd terminal run bridge program:
./bridge tap1 tap3
now you have two pixes with connected outside interfaces
now do some configuration, for example:
1st pix:
pixfirewall# conf t
pixfirewall(config)# in et 0
pixfirewall(config-if)# ip address 10.0.0.1 255.255.255.0
pixfirewall(config-if)# nameif outside
INFO: Security level for "outside" set to 0 by default.
pixfirewall(config-if)# no shut
on second one:
interface Ethernet0
nameif outside
security-level 0
ip address 10.0.0.2 255.255.255.0
!
now you can ping the remote pix:
pixfirewall# ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 100/108/140 ms
Other option is to use your linux to route traffic between pixes. In this case you'll probably need different if?up scripts for each interface, or just manually change ip addresses of tap interfaces.
Finaly if you want to connect emulator to your lan, you can run bridge between eth interface and tap interface. This can be done automatically from if?up script (there is commented example in the file)
Qemu has some other options about networking, but I never tried them, if you want you can check qemu documentation. 这里发一个作者反复提到的qemu documentation
 qemu-doc.rar (24.73 KB)
其实,两台PIX通信,也就是拿QEMU模拟,还有一种方法,在documentation可以发现
不过漏仔转的这篇帖子里也有涉及到
复制内容到剪贴板
代码:PIX 1:
./pixemu -net nic,vlan=1,macaddr=00:aa:00:00:02:01 -net socket,vlan=1,listen=:1234 -serial stdio -m 128 FLASH
PIX 2:
./pixemu -net nic,vlan=2,macaddr=00:aa:00:00:02:03 -net socket,vlan=2,connect=127.0.0.1:1234 -serial stdio -m 128 FLASH.关于这里面的参数connect 以及listen大家都可以看documentation找到详细介绍
就是这些,PIX可以跟DY结合,这对学安全的朋友又是一个好消息 |
