[libvirt-users] Port forwarding for KVM
Hi all, Let me illustrate what I want to do. I want to launch a QEMU "inside" a KVM virtual machine, then get that QEMU's vnc output. I am using libvirt 0.9.13 (`libvirtd --version`), and attach is my vm's original config xml. Is there a simple way to achieve my goal? I was told that iptable solution I found on the web is for "tap" interface, and I can use "hostfwd" QEMU option if I use "user" interface. For the latter approach, I basically follow this one [1] with the QEMU cmdline option below: <qemu:commandline> <qemu:arg value='-net user,hostfwd=::5902-:5901'/> </qemu:commandline> But virsh always keep saying: error: internal error Process exited while reading console log output: kvm: -net user,hostfwd=::5902-:5901: invalid option What I am missing here? I also found there was a patch for user mode port forwarding [2]. Does that mean I can write libvirt xml directly to do port forwarding? If so, could someone give me hint on how to write one? The last question is, do I have to change the interface type from "network" to "user" so that I can do port forwarding? Thanks in advance! :) [1] http://snippets.webaware.com.au/snippets/running-qemu-with-port-redirection-... [2] http://www.redhat.com/archives/libvir-list/2012-May/msg00538.html Regards, chenwj -- Wei-Ren Chen (陳韋任) Computer Systems Lab, Institute of Information Science, Academia Sinica, Taiwan (R.O.C.) Tel:886-2-2788-3799 #1667 Homepage: http://people.cs.nctu.edu.tw/~chenwj
On Fri, Apr 12, 2013 at 07:06:45PM +0800, 陳韋任 (Wei-Ren Chen) wrote:
Hi all,
Let me illustrate what I want to do. I want to launch a QEMU "inside" a KVM virtual machine, then get that QEMU's vnc output. I am using libvirt 0.9.13 (`libvirtd --version`), and attach is my vm's original config xml. Is there a simple way to achieve my goal? I was told that iptable solution I found on the web is for "tap" interface, and I can use "hostfwd" QEMU option if I use "user" interface. For the latter approach, I basically follow this one [1] with the QEMU cmdline option below:
<qemu:commandline> <qemu:arg value='-net user,hostfwd=::5902-:5901'/> </qemu:commandline>
But virsh always keep saying:
error: internal error Process exited while reading console log output: kvm: -net user,hostfwd=::5902-:5901: invalid option
You are trying to pass 2 arguments in one go. You need <qemu:commandline> <qemu:arg value='-net'/> <qemu:arg value='user,hostfwd=::5902-:5901'/> </qemu:commandline> Daniel -- |: http://berrange.com -o- http://www.flickr.com/photos/dberrange/ :| |: http://libvirt.org -o- http://virt-manager.org :| |: http://autobuild.org -o- http://search.cpan.org/~danberr/ :| |: http://entangle-photo.org -o- http://live.gnome.org/gtk-vnc :|
On 04/12/2013 07:06 AM, ??? (Wei-Ren Chen) wrote:
Hi all,
Let me illustrate what I want to do. I want to launch a QEMU "inside" a KVM virtual machine, then get that QEMU's vnc output. I am using libvirt 0.9.13 (`libvirtd --version`), and attach is my vm's original config xml. Is there a simple way to achieve my goal? I was told that iptable solution I found on the web is for "tap" interface, and I can use "hostfwd" QEMU option if I use "user" interface. For the latter approach, I basically follow this one [1] with the QEMU cmdline option below:
<qemu:commandline> <qemu:arg value='-net user,hostfwd=::5902-:5901'/> </qemu:commandline>
But virsh always keep saying:
error: internal error Process exited while reading console log output: kvm: -net user,hostfwd=::5902-:5901: invalid option
Aside from the problem Daniel pointed out in his reply, this is probably the *least* desirable way to get this functionality, and should only be used if you are unable to use any other network connection type.
What I am missing here? I also found there was a patch for user mode port forwarding [2]. Does that mean I can write libvirt xml directly to do port forwarding?
No, that patch "died in committee"; in general it's a good idea, but it needs to be done in a way that is useful for all types of interface, not just usermode. Unfortunately nobody has had the combination of enough time + enough motivation to carry it through.
If so, could someone give me hint on how to write one? The last question is, do I have to change the interface type from "network" to "user" so that I can do port forwarding?
No, you don't. Please take a look here: http://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections Alternately (and a simpler solution), you could use a bridged or direct (macvtap) network connection for your guest, and then the guest would have an IP address directly on the physical network and no need to have any ports forwarded.
Thanks in advance! :)
[1] http://snippets.webaware.com.au/snippets/running-qemu-with-port-redirection-... [2] http://www.redhat.com/archives/libvir-list/2012-May/msg00538.html
Regards, chenwj
_______________________________________________ libvirt-users mailing list libvirt-users@redhat.com https://www.redhat.com/mailman/listinfo/libvirt-users
Hi Laine,
Aside from the problem Daniel pointed out in his reply, this is probably the *least* desirable way to get this functionality, and should only be used if you are unable to use any other network connection type.
I tried what Daniel told me. But seems there are some problems. At first, I just want get QEMU (inside the KVM) VNC output, so I redirect 590# port. But nothing happened. Then I think, "let me try ssh redirect as I want to ssh into the virtual machine". Here is my qemu option: <qemu:commandline> <qemu:arg value='-net'/> <qemu:arg value='user,hostfwd=tcp:127.0.0.1:2222-:22'/> </qemu:commandline> But it doesn't work neither. No responding from "ssh user@127.0.0.1 -p 2222". I don't know what's wrong here.
What I am missing here? I also found there was a patch for user mode port forwarding [2]. Does that mean I can write libvirt xml directly to do port forwarding?
No, that patch "died in committee"; in general it's a good idea, but it needs to be done in a way that is useful for all types of interface, not just usermode. Unfortunately nobody has had the combination of enough time + enough motivation to carry it through.
Shame, that's a good idea indeed.
If so, could someone give me hint on how to write one? The last question is, do I have to change the interface type from "network" to "user" so that I can do port forwarding?
No, you don't. Please take a look here:
http://wiki.libvirt.org/page/Networking#Forwarding_Incoming_Connections
Alternately (and a simpler solution), you could use a bridged or direct (macvtap) network connection for your guest, and then the guest would have an IP address directly on the physical network and no need to have any ports forwarded.
I'll try what you suggest, and see if it works. Thanks! :) Regards, chenwj -- Wei-Ren Chen (陳韋任) Computer Systems Lab, Institute of Information Science, Academia Sinica, Taiwan (R.O.C.) Tel:886-2-2788-3799 #1667 Homepage: http://people.cs.nctu.edu.tw/~chenwj
participants (3)
-
Daniel P. Berrange -
Laine Stump -
陳韋任 (Wei-Ren Chen)