This is a shameless copy and paste from various pages(*) for my own record.
Edit sysctl.conf
# cat >> /etc/sysctl.conf <<-__EOF__
net.inet.ip.forwarding=1
net.inet6.ip6.forwarding=1
__EOF__
Enable them on the running session:
# sysctl net.inet.ip.forwarding=1
# sysctl net.inet6.ip6.forwarding=1
Change your pf
rules:
# cat > /etc/pf.conf <<-__EOF__
ext_if="iwm0"
vmd_if="vether0"
set skip on lo
block return
pass
match out on $ext_if inet from $vmd_if:network to any nat-to ($ext_if)
__EOF__
IP and subnet
# cat > /etc/hostname.vether0 <<-__EOF__
inet 10.13.37.1 255.255.255.0
__EOF__
Bridge interface for the guest VMs to attach to, and bridge vether0
to it:
# cat > /etc/hostname.bridge0 <<-__EOF__
add vether0
__EOF__
Bring vether0 and bridge0 online:
# sh /etc/netstart vether0
# sh /etc/netstart bridge0
Reload the pf configuration now (not earlier):
# pfctl -f /etc/pf.conf
Create a basic DHCP server configuration file that matches the vether0
configuration:
# cat > /etc/dhcpd.conf <<-__EOF__
option domain-name "vmm.openbsd.local";
option domain-name-servers 8.8.8.8, 8.8.4.4;
subnet 10.13.37.0 netmask 255.255.255.0 {
option routers 10.13.37.1;
range 10.13.37.32 10.13.37.127;
}
__EOF__
Configure a switch for vmm, so the VMs have connectivity:
# cat > /etc/vm.conf <<-__EOF__
switch "local" {
interface bridge0
}
__EOF__
Enable and start the DHCP server. We also need to set the flags on dhcpd so that it only listens on vether0. Otherwise, you’ll end up with a rogue DHCP server on your primary network:
# rcctl enable dhcpd
# rcctl set dhcpd flags vether0
# rcctl start dhcpd
Enable vmd, and start it as well:
# rcctl enable vmd
# rcctl start vmd
# fw_update
You should notice a new interface, bridge0
, in ifconfig
now.
If you have avahi-daemon installed, edit
/etc/avahi/avahi-daemon.conf
to ignore your virtual ethernet device:
deny-interfaces=vether0
Grab a Linux ISO,
$ cd /tmp
$ wget https://nl.alpinelinux.org/alpine/latest-stable/releases/x86_64/alpine-virt-3.8.0-x86_64.iso
Make a new virtual disk image,
$ vmctl create -s 15G alpine-virt.img
Boot it (login root, no passwd):
# vmctl start -c -d alpine-virt-*.iso -d alpine-virt.img -m 1024M -n local "alpine-vm"
When your install is done,
# poweroff
Boot it,
# vmctl start -c -d alpine-virt.img -m 1024M -n local "alpine-vm"
Install docker, edit
/etc/apk/repositories
and uncomment
http://dl-3.alpinelinux.org/alpine/v3.9/community
(or similar line, depending on the version you downloaded).
Update and install docker
# apk update
# apk add docker
Make a User
# adduser pau -G wheel docker
Innstal
sudo
and configure
/etc/sudoers
to allow wheel users to do root stuff:
## Uncomment to allow members of group wheel to execute any command
%wheel ALL=(ALL) ALL
It is more stable to close the terminal after you have started the VM session, and then ssh from another to it. You can of course find out the IP from ifconfig
.
(*) namely