Commit 5d73d954 authored by Niklas Hambüchen's avatar Niklas Hambüchen Committed by Jörg Thalheim
Browse files

manual: Don't suggest exposing VM port to local network. 

The setting

    QEMU_NET_OPTS="hostfwd=tcp::2222-:22"

caused the VM's port 2222 to be advertised on the host as
`0.0.0.0:2222`, thus anybody in the local network of the host
could SSH into the VM.
Instead, port-forward to localhost only.

Use `127.0.0.1` also on the VM side, otherwise connections to
services that, in the VM, bind to `127.0.0.1` only
(doing the safe approach) do not work.

See e.g. https://github.com/NixOS/nixpkgs/issues/100192
for more info why localhost listening is the best default.
parent db926939

nixos/doc/manual/installation/changing-config.chapter.md

+1 −1
Original line number Diff line number Diff line
@@ -89,7 +89,7 @@ guest. For instance, the following will forward host port 2222 to guest 
port 22 (SSH):



```ShellSession

$ QEMU_NET_OPTS="hostfwd=tcp::2222-:22" ./result/bin/run-*-vm

$ QEMU_NET_OPTS="hostfwd=tcp:127.0.0.1:2222-127.0.0.1:22" ./result/bin/run-*-vm

```



allowing you to log in via SSH (assuming you have set the appropriate