# VirtWEB WIP project ## Development requirements 1. The `libvirt-dev` package must be installed: ```bash sudo apt install libvirt-dev ``` 2. Libvirt must also be installed: ```bash sudo apt install qemu-kvm libvirt-daemon-system ``` 3. Allow the current user to manage VMs: ``` sudo adduser $USER libvirt sudo adduser $USER kvm ``` > Note: You will need to login again for this change to take effect. ## Production requirements ### TODO TODO ### Manual port forwarding without a LibVirt HOOK * Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line: ``` net.ipv4.ip_forward=1 ``` * To reload `sysctl` without reboot: ``` sudo sysctl -p /etc/sysctl.conf ``` * Create the following IPTables rules: ``` UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ') LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ') echo "$UP_DEV -> $LOCAL_DEV" GUEST_IP=192.168.25.189 HOST_PORT=8085 GUEST_PORT=8085 # connections from outside sudo iptables -I FORWARD -o $LOCAL_DEV -d $GUEST_IP -j ACCEPT sudo iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT ``` * Theses rules can be persisted using `iptables-save` then, or using a libvirt hook. ### Manual port forwarding with a LibVirt HOOK * Allow ip forwarding in the kernel: edit `/etc/sysctl.conf` and uncomment the following line: ``` net.ipv4.ip_forward=1 ``` * To reload `sysctl` without reboot: ``` sudo sysctl -p /etc/sysctl.conf ``` * Get the following information, using the web ui or `virsh`: * The name of the target guest * The IP and port of the guest who will receive the connection * The port of the host that will be forwarded to the guest * Stop the guest if its running, either using `virsh` or from the web ui * Create or append the following content to the file `/etc/libvirt/hooks/qemu`: ```bash #!/bin/bash # IMPORTANT: Change the "VM NAME" string to match your actual VM Name. # In order to create rules to other VMs, just duplicate the below block and configure # it accordingly. if [ "${1}" = "VM NAME" ]; then # Update the following variables to fit your setup GUEST_IP= GUEST_PORT= HOST_PORT= if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then /sbin/iptables -D FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT /sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT fi if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then /sbin/iptables -I FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT /sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT fi fi ``` * Make the hook executable: ```bash sudo chmod +x /etc/libvirt/hooks/qemu ``` * Restart the `libvirtd` service: ```bash sudo systemctl restart libvirtd.service ``` * Start the guest > Note: this guide is based on https://wiki.libvirt.org/Networking.html