2023-09-01 08:59:53 +00:00
|
|
|
# VirtWEB
|
|
|
|
WIP project
|
2023-09-06 16:54:38 +00:00
|
|
|
|
|
|
|
## Development requirements
|
|
|
|
1. The `libvirt-dev` package must be installed:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
sudo apt install libvirt-dev
|
|
|
|
```
|
|
|
|
|
|
|
|
2. Libvirt must also be installed:
|
|
|
|
```bash
|
|
|
|
sudo apt install qemu-kvm libvirt-daemon-system
|
|
|
|
```
|
|
|
|
|
|
|
|
3. Allow the current user to manage VMs:
|
|
|
|
```
|
|
|
|
sudo adduser $USER libvirt
|
2023-12-06 23:23:19 +00:00
|
|
|
sudo adduser $USER kvm
|
2023-09-06 16:54:38 +00:00
|
|
|
```
|
|
|
|
|
|
|
|
> Note: You will need to login again for this change to take effect.
|
|
|
|
|
|
|
|
|
|
|
|
## Production requirements
|
2023-12-11 23:34:21 +00:00
|
|
|
### TODO
|
2023-09-06 16:54:38 +00:00
|
|
|
TODO
|
2023-12-11 23:34:21 +00:00
|
|
|
|
|
|
|
### Manual port forwarding without a LibVirt HOOK
|
|
|
|
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:
|
|
|
|
|
|
|
|
```
|
|
|
|
net.ipv4.ip_forward=1
|
|
|
|
```
|
|
|
|
|
|
|
|
* To reload `sysctl` without reboot:
|
|
|
|
|
|
|
|
```
|
|
|
|
sudo sysctl -p /etc/sysctl.conf
|
|
|
|
```
|
|
|
|
|
|
|
|
* WIP
|
|
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
export UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 |
|
|
|
|
tr -d ' ')
|
|
|
|
export LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ')
|
|
|
|
echo "$UP_DEV -> $LOCAL_DEV"
|
|
|
|
|
|
|
|
GUEST_IP=192.168.25.189
|
|
|
|
HOST_PORT=8085
|
|
|
|
GUEST_PORT=8085
|
|
|
|
|
|
|
|
# connections from outside
|
|
|
|
sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT
|
|
|
|
sudo iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
|
|
|
|
|
|
|
|
# TODO: try to ignore Masquerade local subnet
|
|
|
|
sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT
|
|
|
|
sudo iptables -t nat -A POSTROUTING -s 192.168.25.0/24 -j MASQUERADE
|
|
|
|
sudo iptables -A FORWARD -o $LOCAL_DEV -m state --state RELATED,ESTABLISHED -j ACCEPT
|
|
|
|
sudo iptables -A FORWARD -i $LOCAL_DEV -o $UP_DEV -j ACCEPT
|
|
|
|
sudo iptables -A FORWARD -i $LOCAL_DEV -o lo -j ACCEPT
|
|
|
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### Manual port forwarding with a LibVirt HOOK
|
|
|
|
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:
|
|
|
|
|
|
|
|
```
|
|
|
|
net.ipv4.ip_forward=1
|
|
|
|
```
|
|
|
|
|
|
|
|
* To reload `sysctl` without reboot:
|
|
|
|
|
|
|
|
```
|
|
|
|
sudo sysctl -p /etc/sysctl.conf
|
|
|
|
```
|
|
|
|
|
|
|
|
* Get the following information, using the web ui or `virsh`:
|
|
|
|
* The name of the target guest
|
|
|
|
* The IP and port of the guest who will receive the connection
|
|
|
|
* The port of the host that will be forwarded to the guest
|
|
|
|
|
|
|
|
* Stop the guest if its running, either using `virsh` or from the web ui
|
|
|
|
|
|
|
|
* Create or append the following content to the file `/etc/libvirt/hooks/qemu`:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
# IMPORTANT: Change the "VM NAME" string to match your actual VM Name.
|
|
|
|
# In order to create rules to other VMs, just duplicate the below block and configure
|
|
|
|
# it accordingly.
|
|
|
|
if [ "${1}" = "VM NAME" ]; then
|
|
|
|
|
|
|
|
# Update the following variables to fit your setup
|
|
|
|
GUEST_IP=
|
|
|
|
GUEST_PORT=
|
|
|
|
HOST_PORT=
|
|
|
|
|
|
|
|
if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
|
|
|
|
/sbin/iptables -D FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
|
|
|
|
/sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
|
|
|
|
fi
|
|
|
|
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
|
|
|
|
/sbin/iptables -I FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
|
|
|
|
/sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
```
|
|
|
|
|
|
|
|
* Make the hook executable:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
sudo chmod +x /etc/libvirt/hooks/qemu
|
|
|
|
```
|
|
|
|
|
|
|
|
* Restart the `libvirtd` service:
|
|
|
|
|
|
|
|
```bash
|
|
|
|
sudo systemctl restart libvirtd.service
|
|
|
|
```
|
|
|
|
|
|
|
|
* Start the guest
|
|
|
|
|
|
|
|
|
|
|
|
> Note: this guide is based on https://wiki.libvirt.org/Networking.html
|