CollabNet Guide

Revision as of 22:26, 9 June 2023 by Elijah (talk | contribs)

This guide will walk you through setting up a Virtual Network for your VMs. This will allow you to route your VM traffic behind a VM (strongly recommended for several reasons), filter web traffic, and prevent access to your local network from the VMs.

Prerequisites

  • A few hours of your time
  • A host running a Linux distribution
  • Basic computer and command line literacy. Nobody is going to hold your hand

Host Preparation

IP Forwarding

First, we're going to enable IP forwarding on your host. This will allow traffic from the VMs to be routed to and from the router. The following command will write this to the sysctl configuration.

echo 'net.ipv4.ip_forward = 1' | sudo tee /etc/sysctl.d/router.conf

To apply, either reboot or run the following:

sudo sysctl --system

Bridge configuration

Next, we'll set up a network bridge with multiple TAP interfaces. You can think of a TAP interface as a virtual Ethernet port connected to your VM, and the network bridge as a virtual Ethernet switch connecting them all together. The instructions to do this vary based on your network daemon. For this guide we'll assume (and recommend) you're using systemd-networkd, or netifrc on OpenRC.

We'll also be giving the collabvm group access to the TAPs. If you have yet to create a user for CollabVM, do so now.

Systemd

All network configuration is done in the /etc/systemd/network directory. We'll start by creating the bridge itself. The following simply creates a network bridge named collabnet

/etc/systemd/network/collabnet.netdev

[NetDev]
Name=collabnet
Kind=bridge

Next, we'll create a TAP for our router VM. The following creates a new TAP named ktrouter

/etc/systemd/network/ktrouter.netdev

[NetDev]
Name=ktrouter
Kind=tap

[Tap]
Group=collabvm

Now, you can create a TAP for each VM. The following adds a TAP named ktvm1. To add more, repeat the following, creating files named ktvm2, ktvm3, and so on. Make sure to also change the TAP name inside the file to match this.

/etc/systemd/network/ktvm1.netdev

[NetDev]
Name=ktvm1
Kind=tap

[Tap]
Group=collabvm

Finally, we connect all of our TAPs to the collabnet bridge.

/etc/systemd/network/collabnet.network

[Match]
Name=kt*

[Network]
Bridge=collabnet

Finally, you can either reboot or run the following to reload the network configuration

sudo systemctl restart systemd-networkd