Bureaucrats, Check users, Interface administrators, Push subscription managers, Suppressors, Administrators
415
edits
CollabNet Guide: Difference between revisions
no edit summary
(Created blank page) |
No edit summary |
||
|
This guide will walk you through setting up a Virtual Network for your VMs. This will allow you to route your VM traffic behind a VM (strongly recommended for several reasons), filter web traffic, and prevent access to your local network from the VMs.
= Prerequisites =
* A few hours of your time
* A host running a Linux distribution
* Basic computer and command line literacy. Nobody is going to hold your hand
= Host Preparation =
== IP Forwarding ==
First, we're going to enable IP forwarding on your host. This will allow traffic from the VMs to be routed to and from the router. The following command will write this to the sysctl configuration.
{{code|<nowiki>
echo 'net.ipv4.ip_forward = 1' | sudo tee /etc/sysctl.d/router.conf
</nowiki>}}
To apply, either reboot or run the following:
{{code|
sudo sysctl --system
}}
== Bridge configuration ==
Next, we'll set up a network bridge with multiple TAP interfaces. You can think of a TAP interface as a virtual Ethernet port connected to your VM, and the network bridge as a virtual Ethernet switch connecting them all together. The instructions to do this vary based on your network daemon. For this guide we'll assume (and recommend) you're using systemd-networkd, or netifrc on OpenRC.
We'll also be giving the <code>collabvm</code> group access to the TAPs. If you have yet to create a user for CollabVM, do so now.
=== Systemd ===
All network configuration is done in the <code>/etc/systemd/network</code> directory. We'll start by creating the bridge itself. The following simply creates a network bridge named <code>collabnet</code>
'''/etc/systemd/network/collabnet.netdev'''
{{code|<nowiki>
[NetDev]
Name=collabnet
Kind=bridge
</nowiki>}}
Next, we'll create a TAP for our router VM. The following creates a new TAP named <code>ktrouter</code>
'''/etc/systemd/network/ktrouter.netdev'''
{{code|<nowiki>
[NetDev]
Name=ktrouter
Kind=tap
[Tap]
Group=collabvm
</nowiki>}}
Now, you can create a TAP for each VM. The following adds a TAP named <code>ktvm1</code>. To add more, repeat the following, creating files named <code>ktvm2</code>, <code>ktvm3</code>, and so on. Make sure to also change the TAP name inside the file to match this.
'''/etc/systemd/network/ktvm1.netdev'''
{{code|<nowiki>
[NetDev]
Name=ktvm1
Kind=tap
[Tap]
Group=collabvm
</nowiki>}}
Finally, we connect all of our TAPs to the <code>collabnet</code> bridge.
'''/etc/systemd/network/collabnet.network'''
{{code|<nowiki>
[Match]
Name=kt*
[Network]
Bridge=collabnet
</nowiki>}}
Finally, you can either reboot or run the following to reload the network configuration
{{code|
sudo systemctl restart systemd-networkd
}}
| |||