Trace: Router VM

Router VM

 

Router VM

I have just decided to play with installing VM (virtual machines) on my Router hardware (2023-01). I have been reluctant to do this for a number of reasons. My separate listing for Router Hardware. Basically the machine is a bit old slow and under powered, but still adequate for what it does. I do not run a desktop on this machine, CLI (Command Line Interface only). The main services I am currently running on this machine are, all bare metal:

  • Network configuration (of 4 x 1 GB/s ethernet ports)
    • Access to public internet modem, via 1 Ethernet port - the WAN (Wide Area Network) connection
      • Early 2024 I was upgraded to a full fibre internet connection. A connection box / modem converts the fibre to RJ45 1GB/s ethernet IP connection inside the house. The old ISP supplied VDSL modem/router does have a WAN input that works, however the all the ethernet connections are limited to 100Mb/s. Hence on the 250Mb/s plan this router is not fully suitable for purpose.
  • A bridge network setup on the remaining 3 Ethernet ports as a LAN (Local Area Network). The bridge network setup has the following required features:
    • It allows connections of multiple physical Ethernet ports to a bridge interface device, with the bridge effectively acting as a network switch for the connected physical ports. (On my home server I have 4 x 1GB/s Ethernet ports and an add in PCIe card that provided a 2.5GB/s Ethernet port. All these physical ports are connected to a common network bridge device. This seem to just work, and each physical device seems to operate at its specific capacity.)
    • It allows connections of multiple virtual Ethernet ports to the bridge device. This is a commonly used feature on VMs and container system to obtain host system LAN and WAN access.
  • ssh (for remote CLI access)
  • Router software, using NFTables, with following features:
  • Firewall
  • NAT (Network Address Translation)
  • Port forwarding to basic services
    • Main public HTML sever
    • Mail server
    • VPN server (Wireguard) for remote public access.
  • Rate limiting certain IP address ranges to public interface
  • Parental control (time limiting access to public interface on certain IP addresses
  • Main LAN (Local Area Network) DNS/DHCP), these services work together
  • Main local DNS server using ISC Bind9
  • Main local DHCP server using ISC DHCP

My preference would be to get a container system functioning directly on the bare metal, but Docker's use of IPtables rules on its Host would impair my Router NFTables setup. Use of a VM isolates Docker's IPTable manipulations from the main system.

VM Setup

I decided to try QEMU/KVM setup as follows:

  • sudo apt install qemu-system qemu-system-x86 qemu-utils libvirt-clients libvirt-daemon libvirt-daemon-system virtinst --no-install-recommends

package descriptions

In most cases details these packages can be seen at Debian Packages.

tldr;

Virt-manager remote client setup

  • sudo apt install virt-manager ssh-askpass-gnome --no-install-recommends
  • virt-manager -c 'qemu+ssh://baumkp@router.local.kptree.net/system?keyfile=id_rsa'
  • sudo apt install gir1.2-spiceclientgtk-3.0

References

/app/www/public/data/pages/linux_router/qemu.txt · Last modified: 2024-06-04 Tue wk23 11:35
CC Attribution-Share Alike 4.0 International Except where otherwise noted, content on this wiki is licensed under the following license: CC Attribution-Share Alike 4.0 International