Much thanks. Any of these would (will) be just fine. I have at least one question.
ssh port forwarding would be the easiest, it was one way I tried, but I'm missing something. In your example: > ssh -R 10809:nbd-server:10809 vm ...is that to say that 10809 is the only port we need to handle? Or, is it just an example showing one of the necessary ports? NFS+RPC is one of my holdups; 10809, Linux Network Block Devices, is in /etc/services on some, not all, of my Linux hosts, so, please educate me: does that process fix the "RPC problem"? Thanks. On Wed, Apr 20, 2022 at 9:47 AM Richard W.M. Jones <rjo...@redhat.com> wrote: > On Mon, Apr 18, 2022 at 11:22:07PM -0500, Michael Jinks wrote: > > I have a laptop, running VMM, with a handful of VM's. Next to that, I > have a > > pile of disks running on ZFS, and I'd like to give the VM's network > access > > there, for running backups or whatever. > > > > The holdup is that the laptop (pop-OS if that matters -- so Ubuntu, so > Debian) > > automatically prohibits any outside network traffic to the VM's. > > Self-contained outward traffic from the VM is fine, like ssh; but the > outside > > host can't see in to any VM, so, for instance, when the VM tries to > NFS-mount > > to the outside, the rpc connection back will fail. > > > > In the past, my way of allowing something like this was to make a new > virtual > > network running on the host, visible for the VM's and reachable by the > outside > > service, but I haven't been able to find how to do that in a modern VMM > setup. > > I can find, in the GUI: > > > > QEMU/KVM - Connection Details -> Virtual Networks: "Create a > > new virtual network"... > > > > ...but everything I've tried has failed in one way or another. Maybe I > just > > don't know how to set that up? > > I used this relatively recently. It's still a lot more painful to set > up than it really needs to be however ... > > > https://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29 > > Another option is just port forwarding. Pretty sure you can set this > up from virt-manager, but if not you can definitely do it through > editing the libvirt XML: > > https://libvirt.org/formatdomain.html#channel > > virsh edit is described here: > > https://www.redhat.com/sysadmin/virsh-subcommands > > Another option would be attaching a remote disk to the guest. Again, > not sure if this can be done in virt-manager, but it's certainly > possible from libvirt XML: > > https://libvirt.org/formatdomain.html#hard-drives-floppy-disks-cdroms > > <disk type='network' device='disk'> > <driver name='qemu' type='raw'/> > <source protocol='nbd'> > <host name='nbd-server'/> > </source> > <target dev='vda' bus='virtio'/> > </disk> > > Another, even simpler option is a reverse SSH tunnel, ie something > like this on the host: > > ssh -R 10809:nbd-server:10809 vm > > That will export the NBD port on nbd-server:10809 into the VM, so you > would be able to access an NBD server from inside the VM. > > Rich. > > > I understand the security concerns, and won't have a problem flatting > that > > down. > > > > If I'm just not looking in the right docs, please point me in the > > right direction. > > > > Or, if I'm going about this some unwise way, please educate me. > > > > Thanks. > > > > -- > Richard Jones, Virtualization Group, Red Hat > http://people.redhat.com/~rjones > Read my programming and virtualization blog: http://rwmj.wordpress.com > Fedora Windows cross-compiler. Compile Windows programs, test, and > build Windows installers. Over 100 libraries supported. > http://fedoraproject.org/wiki/MinGW > >
