Router VM

I have just decided to play with installing VM (virtual machines) on my Router hardware (2023-01). I have been reluctant to do this for a number of reasons. My separate listing for Router Hardware. Basically the machine is a bit old slow and under powered. Still basically adequate for what it does. I do not run a desktop on this machine, CLI (Command Line Interface only). The main services I am currently running on this machine are, all bare metal:

  • Network configuration (of 4 x 1 GB/s ethernet ports)
    • Access to public internet modem, via 1 Ethernet port - the WAN (Wide Area Network) connection
      • modem is VDSL based, set into bridge mode to allow connection to control using this machine as router
        • modem is currently set to use direct remote DHCP/IP as specified by ISP (Internet Service Provider requirements), was originally setup using PPPoE.
        • There is also as separate static IP address setup to access and control the modem
    • A bridge network setup on the remaining 3 Ethernet ports as a LAN (Local Area Network). The bridge network setup has the following required features:
      • It allows connections of multiple physical Ethernet ports to a bridge interface device, with the bridge effectively acting as a network switch for the connected physical ports. (On my home server I have 4 x 1GB/s Ethernet ports and an add in PCIe card that provided a 2.5GB/s Ethernet port. All these physical ports are connected to a common network bridge device. This seem to just work, and each physical device seems to operate at its specific capacity.)
      • It allows connections of multiple virtual Ethernet ports to the bridge device. This is a commonly used feature on VMs and container system to obtain host system LAN and WAN access.
  • ssh (for remote CLI access)
  • Router software, using NFTables, with following features:
    • Firewall
    • NAT (Network Address Translation)
    • Port forwarding to basic services
      • Main public HTML sever
      • Mail server
      • VPN server (Wireguard) for remote public access.
    • Rate limiting certain IP address ranges to public interface
    • Parental control (time limiting access to public interface on certain IP addresses
  • Main LAN (Local Area Network) DNS/DHCP), these services work together
    • Main local DNS server using ISC Bind9
    • Main local DHCP server using ISC DHCP

My preference would be to get a container system functioning directly on the bare metal, but Docker's use of IPtables rules on its Host would impair my Router NFTables setup. Use of a VM isolates Docker's IPTable manipulations from the main system.

I decided to try QEMU/KVM setup as follows:

  • sudo apt install qemu-system qemu-system-x86 qemu-utils libvirt-clients libvirt-daemon libvirt-daemon-system virtinst --no-install-recommends

In most cases details these packages can be seen at Debian Packages.


  • sudo apt install virt-manager ssh-askpass-gnome --no-install-recommends
  • virt-manager -c 'qemu+ssh://'
  • sudo apt install gir1.2-spiceclientgtk-3.0
  • /app/www/public/data/pages/linux_router/qemu.txt
  • Last modified: 2024-05-18 Sat wk20 17:59
  • by baumkp