I have just decided to play with installing VM (virtual machines) on my Router hardware (2023-01). I have been reluctant to do this for a number of reasons. My separate listing for Router Hardware. Basically the machine is a bit old slow and under powered, but still adequate for what it does. I do not run a desktop on this machine, CLI (Command Line Interface only). The main services I am currently running on this machine are, all bare metal:

• Network configuration (of 4 x 1 GB/s ethernet ports)
  • Access to public internet modem, via 1 Ethernet port - the WAN (Wide Area Network) connection
    • Early 2024 I was upgraded to a full fibre internet connection. A connection box / modem converts the fibre to RJ45 1GB/s ethernet IP connection inside the house. The old ISP supplied VDSL modem/router does have a WAN input that works, however the all the ethernet connections are limited to 100Mb/s. Hence on the 250Mb/s plan this router is not fully suitable for purpose.

• A bridge network setup on the remaining 3 Ethernet ports as a LAN (Local Area Network). The bridge network setup has the following required features:
  • It allows connections of multiple physical Ethernet ports to a bridge interface device, with the bridge effectively acting as a network switch for the connected physical ports. (On my home server I have 4 x 1GB/s Ethernet ports and an add in PCIe card that provided a 2.5GB/s Ethernet port. All these physical ports are connected to a common network bridge device. This seem to just work, and each physical device seems to operate at its specific capacity.)
  • It allows connections of multiple virtual Ethernet ports to the bridge device. This is a commonly used feature on VMs and container system to obtain host system LAN and WAN access.
• ssh (for remote CLI access)
• Router software, using NFTables, with following features:
• Firewall
• NAT (Network Address Translation)
• Port forwarding to basic services
  • Main public HTML sever
  • Mail server
  • VPN server (Wireguard) for remote public access.
• Rate limiting certain IP address ranges to public interface
• Parental control (time limiting access to public interface on certain IP addresses
• Main LAN (Local Area Network) DNS/DHCP), these services work together
• Main local DNS server using ISC Bind9
• Main local DHCP server using ISC DHCP

My preference would be to get a container system functioning directly on the bare metal, but Docker's use of IPtables rules on its Host would impair my Router NFTables setup. Use of a VM isolates Docker's IPTable manipulations from the main system.

I decided to try QEMU/KVM setup as follows:

• sudo apt install qemu-system qemu-system-x86 qemu-utils libvirt-clients libvirt-daemon libvirt-daemon-system virtinst --no-install-recommends

In most cases details these packages can be seen at Debian Packages.

tldr;

• sudo apt install virt-manager ssh-askpass-gnome --no-install-recommends
• virt-manager -c 'qemu+ssh://baumkp@router.local.kptree.net/system?keyfile=id_rsa'
• sudo apt install gir1.2-spiceclientgtk-3.0

• KVM: virt-manager to connect to a remote console using qemu+ssh
• How To Set Up SSH Keys on Ubuntu 16.04