CollabNet Guide
This guide will walk you through setting up a Virtual Network for your VMs. This will allow you to route your VM traffic behind a VM (strongly recommended for several reasons), filter web traffic, and prevent access to your local network from the VMs.
Prerequisites
- A few hours of your time
- A host running a Linux distribution
- Basic computer and command line literacy. Nobody is going to hold your hand
Host Preparation
IP Forwarding
First, we're going to enable IP forwarding on your host. This will allow traffic from the VMs to be routed to and from the router. The following command will write this to the sysctl configuration.
echo 'net.ipv4.ip_forward = 1' | sudo tee /etc/sysctl.d/router.conf
To apply, either reboot or run the following:
sudo sysctl --system
Bridge configuration
Next, we'll set up a network bridge with multiple TAP interfaces. You can think of a TAP interface as a virtual Ethernet port connected to your VM, and the network bridge as a virtual Ethernet switch connecting them all together. The instructions to do this vary based on your network daemon. For this guide we'll assume (and recommend) you're using systemd-networkd, or netifrc on OpenRC.
We'll also be giving the collabvm
group access to the TAPs. If you have yet to create a user for CollabVM, do so now.
Systemd
All network configuration is done in the /etc/systemd/network
directory. We'll start by creating the bridge itself. The following simply creates a network bridge named collabnet
/etc/systemd/network/collabnet.netdev
[NetDev]
Name=collabnet
Kind=bridge
Next, we'll create a TAP for our router VM. The following creates a new TAP named ktrouter
/etc/systemd/network/ktrouter.netdev
[NetDev]
Name=ktrouter
Kind=tap
[Tap]
Group=collabvm
Now, you can create a TAP for each VM. The following adds a TAP named ktvm1
. To add more, repeat the following, creating files named ktvm2
, ktvm3
, and so on. Make sure to also change the TAP name inside the file to match this.
/etc/systemd/network/ktvm1.netdev
[NetDev]
Name=ktvm1
Kind=tap
[Tap]
Group=collabvm
Finally, we connect all of our TAPs to the collabnet
bridge.
/etc/systemd/network/collabnet.network
[Match]
Name=kt*
[Network]
Bridge=collabnet
Finally, you can either reboot or run the following to reload the network configuration
sudo systemctl restart systemd-networkd
OpenRC
TODO