/qvm-portfwd-socat
Last active May 31, 2018
| #!/bin/bash | |
| NetVM=$1 | |
| TargetVM=$2 | |
| Service=$3 | |
| TCP_Port=$4 | |
| wasrunning=$(qvm-ls | grep $TargetVM | grep -i RUNNING) | |
| echo -ne "TCP socket connection for $Service from $NetVM to $TargetVM on port $TCP_Port...\nPress Any Key to End\n\n" | |
| trap cleanup 1 2 3 6 15 | |
| cleanup() { | |
| qvm-run -p -u root $NetVM "iptables-save | grep -v 'SOCAT_PortFwd-$Service' | iptables-restore" | |
| qvm-run -p -u root $NetVM "pkill -HUP -f 'socat -d -d TCP-LISTEN:$TCP_Port'" | |
| if [ -z "$wasrunning" ] ; then qvm-shutdown $TargetVM ; fi | |
| } | |
| qvm-start --skip-if-running $TargetVM | |
| qvm-run -p -u root $NetVM "iptables -I INPUT 5 -p tcp --dport $TCP_Port -m conntrack --ctstate NEW -j ACCEPT -m comment --comment 'SOCAT_PortFwd-$Service'" | |
| qvm-run -p -u root $NetVM "socat -d -d TCP-LISTEN:$TCP_Port,reuseaddr,fork EXEC:'qrexec-client-vm $TargetVM $Service'" & | |
| read -p "" | |
| cleanup | |
| sleep 5 | |
| exit 0 |
This comment has been minimized.
Show comment
Hide comment
This comment has been minimized.
Joeviocoe
commented
Feb 14, 2018
•
edited
Edited 2 times
-
Joeviocoe
edited Feb 14, 2018 (most recent)
-
Joeviocoe
edited
Feb 14, 2018
edited
-
Feb 14, 2018 (most recent) -
Feb 14, 2018
Run this script to enable a socat TCP "port forward" connection between VMs.Example: TargetVM:Install your service on TargetVM dom0:In /etc/qubes-rpc/policy/my-tcp-service
|
Inspired by qubes-issues 2148
Run this script to enable a socat TCP "port forward" connection between VMs.
Example:
xterm -geometry 300x24 -e "./qvm-portfwd-socat sys-net appvm my-tcp-service 4444"TargetVM:
Install your service on TargetVM
Ensure it is listening on desired port using 127.0.0.1 loopback
In /usr/local/etc/qubes-rpc/my-tcp-service (this is stored in /rw):
socat STDIO TCP:localhost:4444dom0:
In /etc/qubes-rpc/policy/my-tcp-service
source-vm target-vm allow