Much thanks. Any of these would (will) be just fine. I have at least one question.
ssh port forwarding would be the easiest, it was one way I tried, but I'm missing something. In your example:
> ssh -R 10809:nbd-server:10809 vm
...is that to say that 10809 is the only port we need to handle? Or, is it just an example showing one of the necessary ports?
NFS+RPC is one of my holdups; 10809, Linux Network Block Devices, is in /etc/services on some, not all, of my Linux hosts, so, please educate me: does that process fix the "RPC problem"?
Thanks.
On Wed, Apr 20, 2022 at 9:47 AM Richard W.M. Jones <rjones@xxxxxxxxxx> wrote:
On Mon, Apr 18, 2022 at 11:22:07PM -0500, Michael Jinks wrote:
> I have a laptop, running VMM, with a handful of VM's. Next to that, I have a
> pile of disks running on ZFS, and I'd like to give the VM's network access
> there, for running backups or whatever.
>
> The holdup is that the laptop (pop-OS if that matters -- so Ubuntu, so Debian)
> automatically prohibits any outside network traffic to the VM's.
> Self-contained outward traffic from the VM is fine, like ssh; but the outside
> host can't see in to any VM, so, for instance, when the VM tries to NFS-mount
> to the outside, the rpc connection back will fail.
>
> In the past, my way of allowing something like this was to make a new virtual
> network running on the host, visible for the VM's and reachable by the outside
> service, but I haven't been able to find how to do that in a modern VMM setup.
> I can find, in the GUI:
>
> QEMU/KVM - Connection Details -> Virtual Networks: "Create a
> new virtual network"...
>
> ...but everything I've tried has failed in one way or another. Maybe I just
> don't know how to set that up?
I used this relatively recently. It's still a lot more painful to set
up than it really needs to be however ...
https://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29
Another option is just port forwarding. Pretty sure you can set this
up from virt-manager, but if not you can definitely do it through
editing the libvirt XML:
https://libvirt.org/formatdomain.html#channel
virsh edit is described here:
https://www.redhat.com/sysadmin/virsh-subcommands
Another option would be attaching a remote disk to the guest. Again,
not sure if this can be done in virt-manager, but it's certainly
possible from libvirt XML:
https://libvirt.org/formatdomain.html#hard-drives-floppy-disks-cdroms
<disk type='network' device='disk'>
<driver name='qemu' type='raw'/>
<source protocol='nbd'>
<host name='nbd-server'/>
</source>
<target dev='vda' bus='virtio'/>
</disk>
Another, even simpler option is a reverse SSH tunnel, ie something
like this on the host:
ssh -R 10809:nbd-server:10809 vm
That will export the NBD port on nbd-server:10809 into the VM, so you
would be able to access an NBD server from inside the VM.
Rich.
> I understand the security concerns, and won't have a problem flatting that
> down.
>
> If I'm just not looking in the right docs, please point me in the
> right direction.
>
> Or, if I'm going about this some unwise way, please educate me.
>
> Thanks.
>
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
