VirtWeb/README.md

131 lines
3.2 KiB
Markdown
Raw Normal View History

2023-09-01 08:59:53 +00:00
# VirtWEB
WIP project
2023-09-06 16:54:38 +00:00
## Development requirements
1. The `libvirt-dev` package must be installed:
```bash
sudo apt install libvirt-dev
```
2. Libvirt must also be installed:
```bash
sudo apt install qemu-kvm libvirt-daemon-system
```
3. Allow the current user to manage VMs:
```
sudo adduser $USER libvirt
2023-12-06 23:23:19 +00:00
sudo adduser $USER kvm
2023-09-06 16:54:38 +00:00
```
> Note: You will need to login again for this change to take effect.
## Production requirements
2023-12-11 23:34:21 +00:00
### TODO
2023-09-06 16:54:38 +00:00
TODO
2023-12-11 23:34:21 +00:00
### Manual port forwarding without a LibVirt HOOK
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:
```
net.ipv4.ip_forward=1
```
* To reload `sysctl` without reboot:
```
sudo sysctl -p /etc/sysctl.conf
```
* WIP
```
export UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 |
tr -d ' ')
export LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ')
echo "$UP_DEV -> $LOCAL_DEV"
GUEST_IP=192.168.25.189
HOST_PORT=8085
GUEST_PORT=8085
# connections from outside
sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT
sudo iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
# TODO: try to ignore Masquerade local subnet
sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT
sudo iptables -t nat -A POSTROUTING -s 192.168.25.0/24 -j MASQUERADE
sudo iptables -A FORWARD -o $LOCAL_DEV -m state --state RELATED,ESTABLISHED -j ACCEPT
sudo iptables -A FORWARD -i $LOCAL_DEV -o $UP_DEV -j ACCEPT
sudo iptables -A FORWARD -i $LOCAL_DEV -o lo -j ACCEPT
```
### Manual port forwarding with a LibVirt HOOK
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:
```
net.ipv4.ip_forward=1
```
* To reload `sysctl` without reboot:
```
sudo sysctl -p /etc/sysctl.conf
```
* Get the following information, using the web ui or `virsh`:
* The name of the target guest
* The IP and port of the guest who will receive the connection
* The port of the host that will be forwarded to the guest
* Stop the guest if its running, either using `virsh` or from the web ui
* Create or append the following content to the file `/etc/libvirt/hooks/qemu`:
```bash
#!/bin/bash
# IMPORTANT: Change the "VM NAME" string to match your actual VM Name.
# In order to create rules to other VMs, just duplicate the below block and configure
# it accordingly.
if [ "${1}" = "VM NAME" ]; then
# Update the following variables to fit your setup
GUEST_IP=
GUEST_PORT=
HOST_PORT=
if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
/sbin/iptables -D FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
/sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
fi
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
/sbin/iptables -I FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
/sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
fi
fi
```
* Make the hook executable:
```bash
sudo chmod +x /etc/libvirt/hooks/qemu
```
* Restart the `libvirtd` service:
```bash
sudo systemctl restart libvirtd.service
```
* Start the guest
> Note: this guide is based on https://wiki.libvirt.org/Networking.html