======Router VM======
I have just decided to play with installing VM (virtual machines) on my Router hardware (2023-01).  I have been reluctant to do this for a number of reasons.  My separate listing for [[linux_router:hardware]].  Basically the machine is a bit old slow and under powered.  Still basically adequate for what it does.  I do not run a desktop on this machine, CLI (Command Line Interface only).  The main services I am currently running on this machine are, all bare metal:
  * Network configuration (of 4 x 1 GB/s ethernet ports)
    * Access to public internet modem, via 1 Ethernet port - **the WAN (Wide Area Network) connection**
      * modem is VDSL based, set into bridge mode to allow connection to control using this machine as router
        * modem is currently set to use direct remote DHCP/IP as specified by ISP (Internet Service Provider requirements), was originally setup using PPPoE.
        * There is also as separate static IP address setup to access and control the modem
    * A bridge network setup on the remaining 3 Ethernet ports as a LAN (Local Area Network). The bridge network setup has the following required features:
      * It allows connections of multiple physical Ethernet ports to a bridge interface device, with the bridge effectively acting as a network switch for the connected physical ports.  (On my home server I have 4 x 1GB/s Ethernet ports and an add in PCIe card that provided a 2.5GB/s Ethernet port. All these physical ports are connected to a common network bridge device. This seem to just work, and each physical device seems to operate at its specific capacity.)
      * It allows connections of multiple virtual Ethernet ports to the bridge device. This is a commonly used feature on VMs and container system to obtain host system LAN and WAN access.
  * ssh (for remote CLI access)
  * Router software, using NFTables, with following features:
    * Firewall
    * NAT (Network Address Translation)
    * Port forwarding to basic services
      * Main public HTML sever
      * Mail server
      * VPN server (Wireguard) for remote public access.
    * Rate limiting certain IP address ranges to public interface
    * Parental control (time limiting access to public interface on certain IP addresses
  * Main LAN (Local Area Network) DNS/DHCP), these services work together
    * Main local DNS server using ISC Bind9
    * Main local DHCP server using ISC DHCP
My preference would be to get a container system functioning directly on the bare metal, but Docker's use of IPtables rules on its Host would impair my Router NFTables setup.  Use of a VM isolates Docker's IPTable manipulations from the main system.

=====VM Setup=====
I decided to try QEMU/KVM setup as follows:
  *''%%sudo apt install qemu-system qemu-system-x86 qemu-utils libvirt-clients libvirt-daemon libvirt-daemon-system virtinst --no-install-recommends%%''

====package descriptions====
In most cases details these packages can be seen at [[https://www.debian.org/distrib/packages|Debian Packages]].
++++tldr;|
  *''qemu'' - [[https://wiki.qemu.org/Main_Page|QEMU]]  is a generic and open source machine emulator and virtualiser, and is now a dummy package, it no longer works on Debian 12.
  *<fs small>''qemu-kvm'' - was made a wrapper script to qemu-system and is now redundant</fs>
  *''qemu-system'' is a meta package that call the correct system pack, e.g. qemu-system-x86 (qemu-kvm is now call / replaced by qemu-system-x86 in Debian 11)
  *''qemu-system-x86'' is the actual system peripheral emulator and virtualiser for x86 systems
    *''qemu-utils'' provides utilities for QEMU disk activities
  *''libvirt-daemon'' - daemon libvirtd to manage the hypervisors
    *''libvirt-daemon-system'' - configuration files to run the libvirt daemon as a system service
  *''libvirt-clients'' - contains the libvirt shell virsh and other client binaries
  *''virtinst'' - utilities to create and edit virtual machines
  *''libspice-server1'' - Implements the server side of the SPICE protocol
  *''virt-viewer'' - The console is accessed using the VNC or SPICE protocol. (Client software)
  *''virt-manager'' - desktop application for managing virtual machines. (Client software)
  *''libspice-client-gtk-3.0-5'' - libspice-gtk3 provides gtk3 widget to show spice display and accept user input.  (Client software)
++++


====Virt-manager remote client setup==== 
  *''%%sudo apt install virt-manager ssh-askpass-gnome --no-install-recommends%%''
  *''%%virt-manager -c 'qemu+ssh://baumkp@router.local.kptree.net/system?keyfile=id_rsa'%%''
  *''sudo apt install gir1.2-spiceclientgtk-3.0''
=====References=====
  *[[https://fabianlee.org/2019/02/16/kvm-virt-manager-to-connect-to-a-remote-console-using-qemussh/|KVM: virt-manager to connect to a remote console using qemu+ssh]]
  *[[https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys-on-ubuntu-1604|How To Set Up SSH Keys on Ubuntu 16.04]]

<-  linux_router:nmap|Prev page ^ linux_router:start|Start page ^ ->