diff options
author | Niklas Hambüchen <mail@nh2.me> | 2023-11-10 18:32:46 +0100 |
---|---|---|
committer | Jörg Thalheim <Mic92@users.noreply.github.com> | 2023-11-10 22:29:12 +0100 |
commit | 5d73d954cdec0a507b2d93b9dedd1aef890e3f2a (patch) | |
tree | f288e84171630915cde6f6b0607a440bfd6c1718 | |
parent | db9269399bc3175283cca055cced4b4651ad47bf (diff) | |
download | nixpkgs-5d73d954cdec0a507b2d93b9dedd1aef890e3f2a.tar nixpkgs-5d73d954cdec0a507b2d93b9dedd1aef890e3f2a.tar.gz nixpkgs-5d73d954cdec0a507b2d93b9dedd1aef890e3f2a.tar.bz2 nixpkgs-5d73d954cdec0a507b2d93b9dedd1aef890e3f2a.tar.lz nixpkgs-5d73d954cdec0a507b2d93b9dedd1aef890e3f2a.tar.xz nixpkgs-5d73d954cdec0a507b2d93b9dedd1aef890e3f2a.tar.zst nixpkgs-5d73d954cdec0a507b2d93b9dedd1aef890e3f2a.zip |
manual: Don't suggest exposing VM port to local network.
The setting QEMU_NET_OPTS="hostfwd=tcp::2222-:22" caused the VM's port 2222 to be advertised on the host as `0.0.0.0:2222`, thus anybody in the local network of the host could SSH into the VM. Instead, port-forward to localhost only. Use `127.0.0.1` also on the VM side, otherwise connections to services that, in the VM, bind to `127.0.0.1` only (doing the safe approach) do not work. See e.g. https://github.com/NixOS/nixpkgs/issues/100192 for more info why localhost listening is the best default.
-rw-r--r-- | nixos/doc/manual/installation/changing-config.chapter.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/nixos/doc/manual/installation/changing-config.chapter.md b/nixos/doc/manual/installation/changing-config.chapter.md index 11b49ccb1f6..f2ffea9088a 100644 --- a/nixos/doc/manual/installation/changing-config.chapter.md +++ b/nixos/doc/manual/installation/changing-config.chapter.md @@ -89,7 +89,7 @@ guest. For instance, the following will forward host port 2222 to guest port 22 (SSH): ```ShellSession -$ QEMU_NET_OPTS="hostfwd=tcp::2222-:22" ./result/bin/run-*-vm +$ QEMU_NET_OPTS="hostfwd=tcp:127.0.0.1:2222-127.0.0.1:22" ./result/bin/run-*-vm ``` allowing you to log in via SSH (assuming you have set the appropriate |