NFS with nearby host, VM clients?

Richard W.M. Jones rjones at redhat.com
Wed Apr 20 14:47:48 UTC 2022


On Mon, Apr 18, 2022 at 11:22:07PM -0500, Michael Jinks wrote:
> I have a laptop, running VMM, with a handful of VM's.  Next to that, I have a
> pile of disks running on ZFS, and I'd like to give the VM's network access
> there, for running backups or whatever.
> 
> The holdup is that the laptop (pop-OS if that matters -- so Ubuntu, so Debian)
> automatically prohibits any outside network traffic to the VM's. 
> Self-contained outward traffic from the VM is fine, like ssh; but the outside
> host can't see in to any VM, so, for instance, when the VM tries to NFS-mount
> to the outside, the rpc connection back will fail.
> 
> In the past, my way of allowing something like this was to make a new virtual
> network running on the host, visible for the VM's and reachable by the outside
> service, but I haven't been able to find how to do that in a modern VMM setup. 
> I can find, in the GUI:
> 
>   QEMU/KVM - Connection Details -> Virtual Networks: "Create a
> new virtual network"...
> 
> ...but everything I've tried has failed in one way or another.  Maybe I just
> don't know how to set that up?

I used this relatively recently.  It's still a lot more painful to set
up than it really needs to be however ...

https://wiki.libvirt.org/page/Networking#Bridged_networking_.28aka_.22shared_physical_device.22.29

Another option is just port forwarding.  Pretty sure you can set this
up from virt-manager, but if not you can definitely do it through
editing the libvirt XML:

https://libvirt.org/formatdomain.html#channel

virsh edit is described here:

https://www.redhat.com/sysadmin/virsh-subcommands

Another option would be attaching a remote disk to the guest.  Again,
not sure if this can be done in virt-manager, but it's certainly
possible from libvirt XML:

https://libvirt.org/formatdomain.html#hard-drives-floppy-disks-cdroms

  <disk type='network' device='disk'>
    <driver name='qemu' type='raw'/>
    <source protocol='nbd'>
      <host name='nbd-server'/>
    </source>
    <target dev='vda' bus='virtio'/>
  </disk>

Another, even simpler option is a reverse SSH tunnel, ie something
like this on the host:

  ssh -R 10809:nbd-server:10809 vm

That will export the NBD port on nbd-server:10809 into the VM, so you
would be able to access an NBD server from inside the VM.

Rich.

> I understand the security concerns, and won't have a problem flatting that
> down.
> 
> If I'm just not looking in the right docs, please point me in the
> right direction.
> 
> Or, if I'm going about this some unwise way, please educate me.
> 
> Thanks.
> 

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW


More information about the virt-tools-list mailing list