git: fqa.9front.org

--- a/fqa3.ms

+++ b/fqa3.ms

@@ -2521,6 +2521,27 @@

 sudo tcpdump -nS -vv -i tap0

.P2

+.I

+Contributed by hiro:

+.R

+If you want to enable internet access enable NAT forwarding on the linux host (as root).

+To do this, first globally enable forwarding:

+.P1

+echo 1 > /proc/sys/net/ipv4/ip_forward

+.P2

+Enable Masquerading for everything comping from the VM's tap device (eth0 being your host's way to the internet):

+.P1

+iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -o eth0 -j MASQUERADE

+.P2

+block everything else from being forwarded:

+.P1

+iptables -A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT

+iptables -A FORWARD -s 10.0.0.0/24 -i tap0 -j ACCEPT

+iptables -P FORWARD DROP

+.P2

 .html - <a name="3.3.1.5" />

 .ihtml h4 <h4>

.SH

--- a/fqa7.ms

+++ b/fqa7.ms

@@ -266,7 +266,7 @@

 has not already been bound over

 .CW /dev :

.P1

-bind -b '#S' /dev # bind the local hard drive kernel device over /dev

+bind -b \'#S\' /dev # bind the local hard drive kernel device over /dev

 9fs 9fat /dev/sdXX/9fat # specify the full path to the corresponding 9fat

.P2

@@ -1698,7 +1698,7 @@

 auth/rsagen -t \'service=tls role=client owner=*\' > key

 chmod 600 key

 cp key /sys/lib/tls/key # or: store key in secstore

-auth/rsa2x509 'C=US CN=fakedom.dom' /sys/lib/tls/key | \e

+auth/rsa2x509 \.C=US CN=fakedom.dom\' /sys/lib/tls/key | \e

 	auth/pemencode CERTIFICATE > /sys/lib/tls/cert

.P2

 .B Note:

--- a/openssl1.ps

+++ b/openssl1.ps

@@ -1,6 +1,6 @@

 %!PS-Adobe-3.0

 %%Creator: PsLib 1.0 (sl)

-%%CreationDate: Mon May  2 19:57:55 EDT 2016

+%%CreationDate: Thu Mar 23 11:18:26 EDT 2017

 %%Pages: (atend)

 %%BoundingBox: 36 333 576 756

 %%EndComments

--- a/openssl2.ps

+++ b/openssl2.ps

@@ -1,6 +1,6 @@

 %!PS-Adobe-3.0

 %%Creator: PsLib 1.0 (sl)

-%%CreationDate: Mon May  2 19:54:03 EDT 2016

+%%CreationDate: Thu Mar 23 11:18:26 EDT 2017

 %%Pages: (atend)

 %%BoundingBox: 36 514 576 756

 %%EndComments

code: fqa.9front.org