I am trying to implement an internal Qubes LAN with HVMs that receive dhcp from a netvm using dhcpd. A classical network layout sort of speak. Reading Xen Networking makes it look possible but Qubes auto configuring the VM networking is being a bit troublesome for what I am trying to setup. Note that the entire network will be on Qubes only with no internet access.
The reason I am trying to set this up is I have some HVMs that are not getting an ip through dhcp and I cannot access them to set ip manually (they are vulnhub vms). I was thinking of just running an hvm with virtualbox but the limits of emulation only wont work. I read that qubes can be recompiled to enable nested virtualization to get that working but if there is a way to create a custom network that would be preferred.
Is there a way to allow a set of HVMs to get ip from a netvm running dhcp and communicate like a classic network?
You might be interested in such thing: qubes-mgmt-salt-qubes-server/qubes-server.png at devel-140320 · fepitre/qubes-mgmt-salt-qubes-server · GitHub
I'm currently working on several adjustment recently (not pushed) but for you case, you might want to start by using usual "bridge" for which we have support of this in QubesOS-contrib:
dom0 component: GitHub - QubesOS-contrib/qubes-core-admin-addon-bridge-device
vm component: GitHub - QubesOS-contrib/qubes-core-agent-linux-addon-bridge-device
When this installed, in a given AppVM named for example "lan-net", with NetworkManager you can create a bridge interface named for example "br0" that will be made available as bridge device to be attached. Then, in dom0, running "qvm-device bridge" will show you the bridge created in "lan-net". At this point, this is exactly like USB, BLOCK or MIC devices. You can attach an AppVM named for example "personal" to this bridge (meaning it will have an interface that is linked into the bridge): "qvm-device bridge attach personal lan-net:br0". You can do that for multiple VMs, and then, you would have local classical network between several VMs. Even more, you can attach a physical interface into "br0" and link external network with other machines.
- It supports options like: "qvm-device bridge attach personal lan-net:br0 --option=ip=192.168.0.1 --option=netmask=255.255.255.0 --option=gateway=192.168.0.254"
- Be careful that using standard bridge network model is NOT the Qubes model using NAT and based on isolation of each component.
- You would need to probably adjust iptables if your "lan-net" has a NetVM.
I plan to make proper README and documentation describing this and also related Qubes-server formula soon. In the mean time I can help here or on discourse.