Update setup configuration
This commit is contained in:
@@ -102,7 +102,8 @@ sudo systemctl start virtweb
|
||||
|
||||
You should now be able to create VMs!
|
||||
|
||||
### Manual port forwarding without a LibVirt HOOK
|
||||
|
||||
## Configure port forwarding
|
||||
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:
|
||||
|
||||
```
|
||||
@@ -115,85 +116,14 @@ net.ipv4.ip_forward=1
|
||||
sudo sysctl -p /etc/sysctl.conf
|
||||
```
|
||||
|
||||
* Create the following IPTables rules:
|
||||
* Configure apparmore service. Create or update a file named `/etc/apparmor.d/local/usr.sbin.libvirtd` with the following content:
|
||||
|
||||
```
|
||||
UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 |
|
||||
tr -d ' ')
|
||||
LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ')
|
||||
echo "$UP_DEV -> $LOCAL_DEV"
|
||||
|
||||
GUEST_IP=192.168.25.189
|
||||
HOST_PORT=8085
|
||||
GUEST_PORT=8085
|
||||
|
||||
# connections from outside
|
||||
sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT
|
||||
sudo iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
|
||||
/usr/local/bin/virtweb_backend ux,
|
||||
```
|
||||
|
||||
* Theses rules can be persisted using `iptables-save` then, or using a libvirt hook.
|
||||
|
||||
|
||||
### Manual port forwarding with a LibVirt HOOK
|
||||
* Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line:
|
||||
|
||||
```
|
||||
net.ipv4.ip_forward=1
|
||||
```
|
||||
|
||||
* To reload `sysctl` without reboot:
|
||||
|
||||
```
|
||||
sudo sysctl -p /etc/sysctl.conf
|
||||
```
|
||||
|
||||
* Get the following information, using the web ui or `virsh`:
|
||||
* The name of the target guest
|
||||
* The IP and port of the guest who will receive the connection
|
||||
* The port of the host that will be forwarded to the guest
|
||||
|
||||
* Stop the guest if its running, either using `virsh` or from the web ui
|
||||
|
||||
* Create or append the following content to the file `/etc/libvirt/hooks/qemu`:
|
||||
* Update Apparmor configuration:
|
||||
|
||||
```bash
|
||||
#!/bin/bash
|
||||
|
||||
# IMPORTANT: Change the "VM NAME" string to match your actual VM Name.
|
||||
# In order to create rules to other VMs, just duplicate the below block and configure
|
||||
# it accordingly.
|
||||
if [ "${1}" = "VM NAME" ]; then
|
||||
|
||||
# Update the following variables to fit your setup
|
||||
GUEST_IP=
|
||||
GUEST_PORT=
|
||||
HOST_PORT=
|
||||
|
||||
if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
|
||||
/sbin/iptables -D FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
|
||||
/sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
|
||||
fi
|
||||
if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
|
||||
/sbin/iptables -I FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
|
||||
/sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
|
||||
fi
|
||||
fi
|
||||
```
|
||||
|
||||
* Make the hook executable:
|
||||
|
||||
```bash
|
||||
sudo chmod +x /etc/libvirt/hooks/qemu
|
||||
```
|
||||
|
||||
* Restart the `libvirtd` service:
|
||||
|
||||
```bash
|
||||
sudo systemctl restart libvirtd.service
|
||||
```
|
||||
|
||||
* Start the guest
|
||||
|
||||
|
||||
> Note: this guide is based on https://wiki.libvirt.org/Networking.html
|
||||
sudo apparmor_parser -r /etc/apparmor.d/usr.sbin.libvirtd
|
||||
```
|
||||
Reference in New Issue
Block a user