On Mon, Apr 18, 2022 at 11:22:07PM -0500, Michael Jinks wrote: > I have a laptop, running VMM, with a handful of VM's. Next to that, I have a > pile of disks running on ZFS, and I'd like to give the VM's network access > there, for running backups or whatever. > > The holdup is that the laptop (pop-OS if that matters -- so Ubuntu, so Debian) > automatically prohibits any outside network traffic to the VM's. > Self-contained outward traffic from the VM is fine, like ssh; but the outside > host can't see in to any VM, so, for instance, when the VM tries to NFS-mount > to the outside, the rpc connection back will fail. > > In the past, my way of allowing something like this was to make a new virtual > network running on the host, visible for the VM's and reachable by the outside > service, but I haven't been able to find how to do that in a modern VMM setup. > I can find, in the GUI: > > QEMU/KVM - Connection Details -> Virtual Networks: "Create a > new virtual network"... > > ...but everything I've tried has failed in one way or another. Maybe I just > don't know how to set that up? I used this relatively recently. It's still a lot more painful to set up than it really needs to be however ... https://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29 Another option is just port forwarding. Pretty sure you can set this up from virt-manager, but if not you can definitely do it through editing the libvirt XML: https://libvirt.org/formatdomain.html#channel virsh edit is described here: https://www.redhat.com/sysadmin/virsh-subcommands Another option would be attaching a remote disk to the guest. Again, not sure if this can be done in virt-manager, but it's certainly possible from libvirt XML: https://libvirt.org/formatdomain.html#hard-drives-floppy-disks-cdroms <disk type='network' device='disk'> <driver name='qemu' type='raw'/> <source protocol='nbd'> <host name='nbd-server'/> </source> <target dev='vda' bus='virtio'/> </disk> Another, even simpler option is a reverse SSH tunnel, ie something like this on the host: ssh -R 10809:nbd-server:10809 vm That will export the NBD port on nbd-server:10809 into the VM, so you would be able to access an NBD server from inside the VM. Rich. > I understand the security concerns, and won't have a problem flatting that > down. > > If I'm just not looking in the right docs, please point me in the > right direction. > > Or, if I'm going about this some unwise way, please educate me. > > Thanks. > -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 100 libraries supported. http://fedoraproject.org/wiki/MinGW
