🐋 KVM

 1# pre-checks hardware for intel CPU
 2grep -e 'vmx' /proc/cpuinfo 
 3lscpu | grep Virtualization
 4lsmod | grep kvm
 5
 6# on RHEL9 Workstation
 7sudo dnf install virt-install virt-viewer -y
 8sudo dnf install -y libvirt
 9sudo dnf install virt-manager -y
10sudo dnf install -y virt-top libguestfs-tools
11sudo gpasswd -a $USER libvirt
12
13# Start libvirt
14sudo systemctl start libvirtd
15sudo systemctl enable libvirtd
16sudo systemctl status libvirtd

 1# Non permanent bridge
 2sudo ip link add virbr1 type bridge
 3sudo ip link set eno1 up
 4sudo ip link set eno1 master virbr1
 5sudo ip address add dev virbr1 192.168.2.1/24
 6
 7# Permanent bridge
 8sudo nmcli con add ifname virbr1 type bridge con-name virbr1
 9sudo nmcli con add type bridge-slave ifname eno1 master virbr1
10sudo nmcli con modify virbr1 bridge.stp no
11sudo nmcli con down eno1
12sudo nmcli con up virbr1
13sudo ip address add dev virbr1 192.168.123.1/24
14
15# KVM - Bridge Network
16cat > hostbridge.xml << EOF
17<network>
18  <name>hostbridge</name>
19  <forward mode='bridge'/>
20  <bridge name='virbr1'/>
21</network> 
22EOF
23
24sudo virsh net-define hostbridge.xml
25sudo virsh net-start hostbridge
26sudo virsh net-autostart hostbridge
27
28# Give qemu ACL
29echo "allow all" | sudo tee /etc/qemu-kvm/${USER}.conf
30echo "include /etc/qemu-kvm/${USER}.conf" | sudo tee --append /etc/qemu/bridge.conf
31sudo chown root:${USER} /etc/qemu-kvm/${USER}.conf
32sudo chmod 640 /etc/qemu-kvm/${USER}.conf
33
34# Check network
35sudo nmcli con show --active
36sudo virsh net-list --all
37sudo virsh net-edit hostbridge
38sudo virsh net-info hostbridge
39sudo virsh net-dhcp-leases hostbridge
40
41# Create a VM with this bridge
42virt-install \
43--name pfsense --ram 2048 --vcpus 2 \
44--disk $HOME/pfsense/disk0.qcow2,size=12,format=qcow2 \
45--autostart \
46--cdrom $HOME/pfsense/netgate-installer-amd64.iso \
47--network bridge=virbr0,model=e1000 \
48--network network=hostbridge,model=e1000 \
49--graphics vnc,listen=0.0.0.0 --noautoconsole \
50--osinfo freebsd14.0 \
51--debug
52
53# delete network
54sudo virsh net-destroy hostbridge
55sudo virsh net-undefine hostbridge
56sudo nmcli con del virbr1
57sudo nmcli con del eno1

 1cat > pfsense.xml << EOF
 2<network>
 3  <name>pfsense-router</name>
 4  <uuid></uuid>
 5  <forward mode='nat'>
 6  </forward>
 7  <bridge name='virbr1' stp='on' delay='0'/>
 8  <dns enable='no'/>
 9  <ip address='192.168.123.1' netmask='255.255.255.0'>
10  </ip>
11</network>
12EOF
13
14sudo virsh net-define pfsense.xml
15sudo virsh net-start pfsense-router
16sudo virsh net-autostart pfsense-router
17
18# Give qemu ACL
19echo "allow all" | sudo tee /etc/qemu-kvm/${USER}.conf
20echo "include /etc/qemu-kvm/${USER}.conf" | sudo tee --append /etc/qemu/bridge.conf
21sudo chown root:${USER} /etc/qemu-kvm/${USER}.conf
22sudo chmod 640 /etc/qemu-kvm/${USER}.conf
23
24# Check network
25nmcli con show --active
26sudo virsh net-list --all
27sudo virsh net-edit pfsense-router
28sudo virsh net-info pfsense-router
29sudo virsh net-dhcp-leases pfsense-router

 1# Create pfsense vm
 2virt-install \
 3--name pfsense --ram 2048 --vcpus 2 \
 4--disk $HOME/pfsense/disk0.qcow2,size=12,format=qcow2 \
 5--cdrom $HOME/pfsense/netgate-installer-amd64.iso \
 6--network bridge=virbr0,model=e1000 \
 7--network bridge=virbr1,model=e1000 \
 8--graphics vnc,listen=0.0.0.0 --noautoconsole \
 9--osinfo freebsd14.0 \
10--autostart \
11--debug
12
13virsh start pfsense

1# Checks
2virsh list
3virsh domifaddr pfsense
4
5# Connect to console
6virt-viewer --domain-name pfsense

 1virsh destroy pfsense  
 2virsh undefine pfsense --remove-all-storage
 3
 4# disk can be deleted only manually
 5rm -f ~/pfsense/disk0.qcow2
 6
 7# delete network
 8sudo virsh net-destroy pfsense-router
 9sudo virsh net-undefine pfsense-router
10sudo nmcli con del virbr1
11sudo nmcli con del eno1