.Dd Created:$Mdocdate$ .Dt ohazot_vm .Tg back_to_top .Bd -literal -compact _ _ ___ | |__ __ _ _______ | |_ / _ \\| '_ \\ / _` |_ / _ \\| __| | (_) | | | | (_| |/ / (_) | |_ \\___/|_| |_|\\__,_/___\\___/ \\__| .Ed .Tg menu .Bl -column ".Sy ohazot " ".Sy ohazot " ".Sy ohazot " .It Xr ohazot oh Ta | .Xr docs oh Ta | .Xr about oh Ta .El .Dd Created:2025-10-03|Updated:2025-10-06 .Dt ohazot_vm .Os OpenBSD .Nm vm .Nd configuration, usage and tips .Sh TLDR .Sx back_to_top .Bd -literal -compact vmctl create -s 50G disk.qcow2 vmctl start -m 1G -i 1 -b /bsd -d disk.qcow2 myvm vmctl show #will show mywm vmctl console myvm vmctl stop myvm .Ed .Sh TOC .Sx back_to_top .Bl -column -offset indent ".Sy PORT FORWARDING " .It Sx WORKING OS Ta : OpenBSD, centos, archlinux, opensuse. .It Sx SERIAL CONSOLE .It Sx INTERNET ACCESS Ta : Pa vmd.conf .It Sx PORT FORWARDING Ta : Using pf. .It Sx TODO .It Sx SEE ALSO .El .Sh WORKING OS .Sx back_to_top OpenBSD, centos, archlinux, opensuse. .Sh SERIAL CONSOLE .Sx back_to_top Some linux distributions may not have the serial console enabled by default, the following is an example for Slackware lilo. .Bl -enum -compact .It On the boot loader press tab. .It type: .Dl huge.s serial 0 115200, console=ttyS0,115200 .It to disconnect from the console but keep the vm running: [ENTER] ~^d .El .Bl -diag -compact .It This has been tested on slackware, centos, archlinux, opensuse. .El .Sh INTERNET ACCESS .Sx back_to_top .Ss host .Bl -enum -compact .It allow forwarding. .Dl sysctl net.inet.ip.forwarding=1 .It vm.conf: .Bd -literal -compact vm "vm_name" { ... local interface } .Ed .It pf.conf : this provides the vm with a dns. .Bd -literal -compact match out on egress from 100.64.0.0/10 to any nat-to (egress) pass in proto { udp tcp } from 100.64.0.0/10 to any port domain rdr-to 192.168.1.1 port domain .Ed .It reload pf.conf: after this the vm will have internet access. .Dl pfctl -f /etc/pf.conf .El .Sh PORT FORWARDING .Sx back_to_top The vm can be accessed through ssh from the host using the local interface: .Dl ssh 100.64.1.3 For external access, follow these steps: .Bl -enum -compact .It allow external access (pc other than the host) using pf. .Dl pass in on egress proto tcp from any to any port [EXTERNAL_PORT] rdr-to [VM_IP] port [VM_PORT] .It reload pf.conf: after this the vm will be accessible by other machines in the network. .Dl pfctl -f /etc/pf.conf .El .Ss example .Bl -column ".Sy example " .It example Ta : ssh .It host ip Ta : 192.168.1.10 .It guest Ta : 100.64.1.3 .El .Bl -compact .It pf.conf (on the host): .Dl pass in on egress proto tcp from any to any port 10122 rdr-to 100.64.1.3 port 22 .It Reload pf.conf: .Dl pfctl -f /etc/pf.conf .It ssh command: .Dl ssh -p 10122 192.168.1.10 .El .Sh TODO .Sx back_to_top .Bl -compact .It test and document real host in the network. .It slackware: unable to load virtio, it doesn't detect vda. This was an issue at some point, needs to be re-tested. .It Verify parameters for other linux distributions. .It Add permanent kernel parameters. .El .Sh SEE ALSO .Sx back_to_top .Xr pf oh , .Xr openbsd oh .Ss OpenBSD manpages .Xr vmctl 8 , .Xr vm.conf 5 , .Xr vmd 8 , .Xr rcctl 8 , .Xr pfctl 8 , .Xr pf.conf 5 .Ss files .In vm.oh .Sh AUTHORS .Sx back_to_top .An -nosplit .Xr ohazot oh | .Xr about oh | .Lk https://ohazot.com ohazot.com .Aq Mt admin@ohazot.com