Skip to content

Commit

Permalink
manual: Don't suggest exposing VM port to local network.
Browse files Browse the repository at this point in the history
The setting

    QEMU_NET_OPTS="hostfwd=tcp::2222-:22"

caused the VM's port 2222 to be advertised on the host as
`0.0.0.0:2222`, thus anybody in the local network of the host
could SSH into the VM.
Instead, port-forward to localhost only.

Use `127.0.0.1` also on the VM side, otherwise connections to
services that, in the VM, bind to `127.0.0.1` only
(doing the safe approach) do not work.

See e.g. #100192
for more info why localhost listening is the best default.
  • Loading branch information
nh2 authored and Mic92 committed Nov 10, 2023
1 parent db92693 commit 5d73d95
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion nixos/doc/manual/installation/changing-config.chapter.md
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,7 @@ guest. For instance, the following will forward host port 2222 to guest
port 22 (SSH):

```ShellSession
$ QEMU_NET_OPTS="hostfwd=tcp::2222-:22" ./result/bin/run-*-vm
$ QEMU_NET_OPTS="hostfwd=tcp:127.0.0.1:2222-127.0.0.1:22" ./result/bin/run-*-vm
```

allowing you to log in via SSH (assuming you have set the appropriate
Expand Down

0 comments on commit 5d73d95

Please sign in to comment.