Flesh out First attempt

I still need to document the DHCP bits.
2020-11-09 09:25:14 +01:00 · 2020-11-09 09:25:14 +01:00 · 9afeab13e7
parent a7f640cd2a
commit 9afeab13e7
2 changed files with 22 additions and 0 deletions
--- a/attempt/Index
+++ b/attempt/Index
@ -42,3 +42,18 @@ Then I made a `.network` file with a `[Match]` clause matching on names starting
 Finally, I configured an address on the bridge so we can communicate with the VMs from the host.
 This seemed to work, but the unikernel I was testing with, [Canopy](https://github.com/Engil/Canopy), fetches data from an online git repository.
 Since I hadn't done anything to give it access to the internet it of course failed and crashed.
+
+### Getting Canopy on the internet
+
+I found the options `IPForward=true` and `IPMasquerade=true` on the bridge did the trick.
+One thing to note is `IPForward=true` and `IPForward=ipv4` sets globally the sysctl option `net.ipv4.ip_forward`, and never unsets it.
+The systemd documentation says to use a firewall to work around this.
+The option says to the kernel to route packets across interfaces.
+The option `IPMasquerade` basically enables NAT so the packets to the internet coming from the VM will look like they come from the host.
+
+### Using DHCP
+
+So far I had been using statically configured addresses and routes.
+I got it working to some degree.
+Canopy seems to work fine with the ISPs DNS servers, but less so using anycast.censurfridns.dk or google's 8.8.8.8.
+You can read more about it in my [next post](Using%20DHCP).
--- a/attempt/Using
+++ b/attempt/Using
@ -0,0 +1,7 @@
+---
+title: Using DHCP for the unikernels
+author: reynir
+---
+# Using DHCP for the unikernels
+
+TBD...