Web GUI for libvirt
Go to file
2023-12-12 01:52:46 +01:00
virtweb_backend Add a system to restrict untrusted IPs 2023-12-12 01:52:46 +01:00
virtweb_frontend Add a system to restrict untrusted IPs 2023-12-12 01:52:46 +01:00
README.md Update README 2023-12-12 00:53:18 +01:00

VirtWEB

WIP project

Development requirements

  1. The libvirt-dev package must be installed:
sudo apt install libvirt-dev
  1. Libvirt must also be installed:
sudo apt install qemu-kvm libvirt-daemon-system
  1. Allow the current user to manage VMs:
sudo adduser $USER libvirt
sudo adduser $USER kvm 

Note: You will need to login again for this change to take effect.

Production requirements

TODO

TODO

Manual port forwarding without a LibVirt HOOK

  • Allow ip forwarding in the kernel: edit /etc/sysctl.conf and uncomment the following line:
net.ipv4.ip_forward=1
  • To reload sysctl without reboot:
sudo sysctl -p /etc/sysctl.conf
  • Create the following IPTables rules:
UP_DEV=$(ip a | grep "192.168.1." -B 2 | head -n 1 | cut -d ':' -f 2 |
 tr -d ' ')
LOCAL_DEV=$(ip a | grep "192.168.25." -B 2 | head -n 1 | cut -d ':' -f 2 | tr -d ' ')
echo "$UP_DEV -> $LOCAL_DEV"

GUEST_IP=192.168.25.189
HOST_PORT=8085
GUEST_PORT=8085

# connections from outside
sudo iptables -I FORWARD -o $LOCAL_DEV -d  $GUEST_IP -j ACCEPT
sudo iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
  • Theses rules can be persisted using iptables-save then, or using a libvirt hook.

Manual port forwarding with a LibVirt HOOK

  • Allow ip forwarding in the kernel: edit /etc/sysctl.conf and uncomment the following line:
net.ipv4.ip_forward=1
  • To reload sysctl without reboot:
sudo sysctl -p /etc/sysctl.conf
  • Get the following information, using the web ui or virsh:

    • The name of the target guest
    • The IP and port of the guest who will receive the connection
    • The port of the host that will be forwarded to the guest
  • Stop the guest if its running, either using virsh or from the web ui

  • Create or append the following content to the file /etc/libvirt/hooks/qemu:

#!/bin/bash

# IMPORTANT: Change the "VM NAME" string to match your actual VM Name.
# In order to create rules to other VMs, just duplicate the below block and configure
# it accordingly.
if [ "${1}" = "VM NAME" ]; then

 # Update the following variables to fit your setup
 GUEST_IP=
 GUEST_PORT=
 HOST_PORT=

 if [ "${2}" = "stopped" ] || [ "${2}" = "reconnect" ]; then
  /sbin/iptables -D FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
  /sbin/iptables -t nat -D PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
 fi
 if [ "${2}" = "start" ] || [ "${2}" = "reconnect" ]; then
  /sbin/iptables -I FORWARD -o virbr0 -p tcp -d $GUEST_IP --dport $GUEST_PORT -j ACCEPT
  /sbin/iptables -t nat -I PREROUTING -p tcp --dport $HOST_PORT -j DNAT --to $GUEST_IP:$GUEST_PORT
 fi
fi
  • Make the hook executable:
sudo chmod +x /etc/libvirt/hooks/qemu
  • Restart the libvirtd service:
sudo systemctl restart libvirtd.service
  • Start the guest

Note: this guide is based on https://wiki.libvirt.org/Networking.html