installed virt-manager, did not see a debian setup.
enabled libvirtd, because virt-manager was complaining.
$ sudo systemctl enable libvird
rebooted, but only needed to start it.
now, says that there is an authentication error. what fixed tht is me adding myself to 'libvirt' and 'kvm' groups.
When I import a OVA or other images into virt-manager, I've been doing it with Gnome-Boxes. Usually I have to setup a virbrXX interface on the host machine, then I can put the network card to use that, I also have setup a dnsmasq to that virbrXX subnet and applied some NAT'ing. I've also noticed that the rtl8139 driver works way better than any e1000 thing.
### NOTES: QEMU-kvm For host-only setup dnsmasq $ ip addr add 172.20.0.1/16 dev br0 $ ip link set br0 up $ dnsmasq --interface=br0 --bind-interfaces --dhcp-range=172.20.0.2,172.20.255.254
IO is slow!! so add the writeback options in the qcow2/vm config, which is in xml. Stop the VM, edit it, then start the VM:
virsh --connect qemu:///system stop guestdomain edit guestdomain <-- add cache='writeback' in the driver section start guestdomain
What to edit: Remove the **'s here, they are just to show what to edit.
<disk type='file' device='disk'> <driver name='qemu' type='qcow2' **cache='writeback'**/> <source file='/var/vms/vm2/ubuntu-kvm/tmphAUcOB.qcow2'/> <target dev='hda' bus='ide'/> </disk>
-enable-kvm -vga std -nographics -vnc :0
(then use 'gvncviewer :0' on the logging in host)
qemu-system-i386 -vga qxl -space port=5930,disable-ticketing,addr=::1
spacec -h 127.0.0.1 -p 5930
(default to grab mouse and keyboard is Shift-F12)
qemu-img create -f qcow2 play_xxe.qcow2 4G
qemu-system-i386 -m 1024 -hda play_xxe.qcow2 -cdrom /mnt/SuperNAS/Files/ISOz/archlinux-2014.11.01-dual.iso -boot d
$ kvm -vga std -nographic -vnc :10
$ gvnviewer :10
Start VM on the Host.
$ qemu-system-i386 -vga qxl -spice port=5930,disable-ticketing,addr=127.0.0.1
Run the client
$ spicec -h 127.0.0.1 -p 5900
An interesting way to run commands to the VM when telnet is enabled.
kvm -serial telnet:localhost:7001,server,nowait,nodelay \
-monitor telnet:localhost:7101,server,nowait,nodelay -vnc :1
haltcmd="echo 'system_powerdown' | nc localhost 7101"
One manual way to setup host-only networking. Its probably easier! to use virt-manager.
$ ip addr add 172.20.0.1/16 dev br0 $ ip link set br0 up $ dnsmasq --interface=br0 --bind-interfaces --dhcp-range=172.20.0.2,172.20.255.254
I got this from reddit, I should have these notes in another file. This is something I have to do all the time setting up a new machine, so maybe I'll take this. VMsetup
brctl addbr br0 brctl addif br0 enp31s0 ip link set dev br0 up #dhcpcd br0 ip addr add 192.168.2.234/24 dev br0 ip route add default via 192.168.2.1 echo nameserver 1.1.1.1 >> /etc/resolv.conf sysctl -w net.ipv4.ip_forward=1 iptables --table nat --append POSTROUTING --out-interface enp31s0 -j MASQUERADE iptables --insert FORWARD --in-interface br0 -j ACCEPT
Here is the SOLVED post on that thread:
Finally got it to work, following your advice and then this posting: https://forums.unraid.net/topic/76446-mojave-vm-ethernet-failures/ so, I have a command-line entry of this: brctl addbr br0 brctl addif br0 enp6s0 ip link set dev br0 up ip addr add 192.168.29.234/24 dev br0 ip route add default via 192.168.29.1 sysctl -w net.ipv4.ip_forward=1 iptables --table nat --append POSTROUTING --out-interface enp6s0 -j MASQUERADE iptables --insert FORWARD --in-interface br0 -j ACCEPT and in my virsh .xml file, my interface is: <interface type='bridge'> <mac address='52:54:00:42:61:38'/> <source bridge='br0'/> <model type='vmxnet3'/> <address type='pci' domain='0x0000' bus='0x01' slot='0x00' function='0x0'/> </interface> I was getting a Green light for connectivity from MacOS, but it wasn't passing traffic. Changing to vmxnet3 seems to have done the trick. Thanks!!
Here is the Manjaro forum link that he is referencing: https://forums.unraid.net/topic/76446-mojave-vm-ethernet-failures/ Here is the reddit post: https://www.reddit.com/r/VFIO/comments/cwwkry/virsh_network_bridge_help_please/ Here is one around systemd, this is a good one: https://www.reddit.com/r/linux/comments/b71078/systemdnetworkd_is_simply_amazing/ #EOF#
Also see: Networking#Access VM's thru OpenVPN
virt-viewer --connect qemu+ssh://192.168.2.8/system KaLi-BuRp-2020
13:30 < donoban> well, first I have this because using sys-whonix directly to
sys-net or sys-firewall doesn't work properly with my desktop
13:30 -!- ob-sed [~obesd@unaffiliated/obesd] has left #qubes [] 13:31 < donoban> also, I probably trust more my VPN provider (riseup) than my ISP
so maybe would be a good idea in general
13:31 < donoban> the setup is create a proxyVPN where install openvpn/bitmask or
what you use, call it vpn-VM
13:32 < donoban> this vpn-VM is directly connected to sys-net, I have a custom
rule on the firewall to avoid any package being forwarded out of the vpn tunnel
13:32 < donoban> iptables -I FORWARD 1 -o eth0 -j DROP 13:32 < donoban> iptables -I FORWARD 2 -i eth0 -j DROP 13:33 < donoban> on /rw/config/qubes-firewall-user-script 13:33 < donoban> then just switch the netVM of sys-whonix (which by default is
sys-firewall or sys-net) to vpn-VM
$ sudo virt-install --connect qemu:///system -n vm10 -r 512 --vcpus=2 -f ~/vm10.qcow2 -s 12 -c /dev/cdrom --vnc --noautoconsole --os-type linux --accelerate --network=bridge:br0 --hvm
Note: the qemu-img util is probably best to use here!
Somehow the vol-resize messed up on me, saying it could not
resize an image with snapshots, but then virt-manager showed
no snapshots.
Solve: It only had root permissions
qemu-img convert -O raw image.qcow2 image.raw (read manpage)
qemu-img resize image.raw +20GB
virsh usually I do it as root:
pool-list to list out your pools, you'll get a <POOL> list.
vol-list --pool <POOL> to list out where the file(s) are.
cp image.qcow2 image.qcow2.BAK
virsh:
help vol-resize
vol-resize image.qcow2 20G --pool <POOL> resizes.
Usevirt-managerto add the rescue disk, adjust boot order, and boot it. Just like adding a CDROM, need to add a storage device. Insidevirt-manager:
qemu-image snapshot -l <imgfile>
qemu-image snapshot -d <ID#> <imgfile>
Then list them again to make sure.
Original instructions are here: https://jamielinux.com/docs/libvirt-networking-handbook/custom-nat-based-network.html
Here is a copy of the libvirt default:
-A POSTROUTING -j POSTROUTING_ZONES_SOURCE -A POSTROUTING -j POSTROUTING_ZONES -A LIBVIRT_PRT -s 192.168.122.0/24 -d 224.0.0.0/24 -j RETURN -A LIBVIRT_PRT -s 192.168.122.0/24 -d 255.255.255.255/32 -j RETURN -A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p tcp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -p udp -j MASQUERADE --to-ports 1024-65535 -A LIBVIRT_PRT -s 192.168.122.0/24 ! -d 192.168.122.0/24 -j MASQUERADE -A POSTROUTING_ZONES -o wlp4s0 -g POST_FedoraWorkstation
# virsh net-destroy default # virsh net-autostart --disable default
The bridge inherits the MAC of the first interface, so it keeps changing unless the same VM is always power on first. Keep the MAC constant, create a dummy network interface with a chosen MAC address and attach it to the bridge before anything else. This is pick a random one (52:54:00:xx:xx:xx for KVM, and 00:16:3e:xx:xx:xx for Xen)
# hexdump -vn3 -e '/3 "52:54:00"' -e '/1 ":%02x"' -e '"\n"' /dev/urandom
52:54:00:ed:d2:db
https://jamielinux.com/docs/libvirt-networking-handbook/appendix/nat-virtual-bridge-on-fedora.html
This will be already enabled on a Fedora system.
# echo "net.ipv4.ip_forward=1" >> /etc/sysctl.conf # echo "net.ipv4.conf.all.forwarding=1" >> /etc/sysctl.conf # sysctl -p
To create a persistent dummy interface in Fedora goto: https://jamielinux.com/docs/libvirt-networking-handbook/appendix/dummy-interface-on-fedora.html
In fedora I used firewall-config GUI, its in the repo. After the virbr10 is up, it should be added to the default zone, which is FedoraWorkstation, make sure at the box at the top middle, labeled "Configuration:" is set from Runtime to Permanent!
This blog post helped: http://xkahn.zoned.net/blog/2013/11/26/networking-and-gnome-boxes/
I had to goto /etc/qemu/bridge.conf and make sure that allow virbr10 was the right interface, it was set at virbr0 by default.