windows 7 in kvm --> samba file server.
by Johannes33 from LinuxQuestions.org on (#6QM9Y)
Hi,
I'm trying to connect windows 7 virtual machine to a samba server so I can move files to and from the vm.
I do not want the vm to be connected to the internet.
This is my network connection setup with the vm:
windows 7 --->virbr0 ip:192.168.122.1/24--->linux os acting as router--->ip:10.0.3.1/24 (lan) router--->internet
I want an easy way of blocking windows 7 to the internet.
I was thinking that it could be easiey to block the access to the internet from the 192.168.122.0/24 network in gufw.
Im not sure how but if you have a suggestion of a rule that might work let me know.
So setting up smb:
The vm has a default.xml for the network that it creates:
Quote:
This becomes my setup graphicly when I run my kvm.
windows 7 --->virbr0 ip:192.168.122.1/24--->linux os acting as router--->ip:10.0.3.1/24 (lan) router--->internet
So I want my samba server connecting to the 192.168.122.1/24 virbr0 bridge.
When I set up my samba server I created a linuxuser smbuser and a linux group smbgroup.
The smbuser's UID is 951.
I do not know if I should add a user to the tap interface, should I and is that user correct?
Creating a tap device I use the user that owns the samba server share.
I run as su:
Quote:
This is my smb.conf.
Quote:
The shared directory is owned by smbuser and group smbgroup...
This is my ip addres show
Quote:
I have disabled the firewall for all tests I have done on this setup.
I do not know what's wrong or if my thinking is wrong.
I'm trying to connect windows 7 virtual machine to a samba server so I can move files to and from the vm.
I do not want the vm to be connected to the internet.
This is my network connection setup with the vm:
windows 7 --->virbr0 ip:192.168.122.1/24--->linux os acting as router--->ip:10.0.3.1/24 (lan) router--->internet
I want an easy way of blocking windows 7 to the internet.
I was thinking that it could be easiey to block the access to the internet from the 192.168.122.0/24 network in gufw.
Im not sure how but if you have a suggestion of a rule that might work let me know.
So setting up smb:
The vm has a default.xml for the network that it creates:
Quote:
| <network connections='1'> <name>default</name> <uuid>dd55cb68-b670-4f79-8ae5-68a5b7d8190c</uuid> <forward mode='nat'> <nat> <port start='1024' end='65535'/> </nat> </forward> <bridge name='virbr0' stp='on' delay='0'/> <mac address='52:54:00:6d:52:04'/> <ip address='192.168.122.1' netmask='255.255.255.0'> <dhcp> <range start='192.168.122.2' end='192.168.122.254'/> </dhcp> </ip> </network> |
windows 7 --->virbr0 ip:192.168.122.1/24--->linux os acting as router--->ip:10.0.3.1/24 (lan) router--->internet
So I want my samba server connecting to the 192.168.122.1/24 virbr0 bridge.
When I set up my samba server I created a linuxuser smbuser and a linux group smbgroup.
The smbuser's UID is 951.
I do not know if I should add a user to the tap interface, should I and is that user correct?
Creating a tap device I use the user that owns the samba server share.
I run as su:
Quote:
| virsh net-start default ip tuntap add dev tap9 mode tap user 951 group smbgroup ip link set tap9 up ip link set tap9 master virbr0 systemctl start smb |
Quote:
| [global] server string = file share with cardiag workgroup = WIN7 security = user map to guest = Bad User name resolve order bcast host force user = smbuser force group = smbgroup create mask = 0666 force create mode = 0666 directory mask = 0777 force directory mode = 0777 public = yes writeable = yes bind interfaces only = yes interfaces = tap9 127.0.0.1 allow insecure wide links = yes read only = no guest ok = yes follow symlinks = no wide links = yes path = /home/hajonnes/Documents/kvm/directory_pool/shared_with_vm/ |
This is my ip addres show
Quote:
| ip a s 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host noprefixroute valid_lft forever preferred_lft forever 2: enp0s31f6: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel state DOWN group default qlen 1000 link/ether e4:b9:7a:2e:43:b1 brd ff:ff:ff:ff:ff:ff 3: wlp2s0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000 link/ether 62:77:82:03:1a:93 brd ff:ff:ff:ff:ff:ff permaddr 64:5d:86:4b:7d:1e 4: virbr0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 52:54:00:6d:52:04 brd ff:ff:ff:ff:ff:ff inet 192.168.122.1/24 brd 192.168.122.255 scope global virbr0 valid_lft forever preferred_lft forever 5: tap9: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000 link/ether 7e:2e:b5:bf:48:34 brd ff:ff:ff:ff:ff:ff 6: vnet0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue master virbr0 state UNKNOWN group default qlen 1000 link/ether fe:54:00:1f:4a:f6 brd ff:ff:ff:ff:ff:ff inet6 fe80::fc54:ff:fe1f:4af6/64 scope link proto kernel_ll valid_lft forever preferred_lft forever |
I do not know what's wrong or if my thinking is wrong.