I like it that libvirt integrates with firewalld. libvirt via virt-manager also provides you with quick options for dns.
My fear is that this would be a lot of wrangling with qemu before I get there. I am not fond of virt-manager, the UI is clunky, but for setting up a machine it is really helpful.
Personally I'm very lazy, so I just make a virtual bridge and force QEMU to use it for everything; putting all my VMs on my local network.
I totally understand that not everyone can do this, which is why I asked the question, I'd be interested in exploring how you would prefer the network topology to look like.
Having a virtual network on a machine would mean having a dns/dhcp server (I think dnsmasq can actually do both by itself) for ease of use, but I think I could give you a 5 line bash script that could do basically what you want easily, depending on what it is you want.
The normal "internal" network topology ends up giving you an outbound NAT to the local network (to, eventually, get onto the internet) which, I personally really dislike.
> I'd be interested in exploring how you would prefer the network topology to look like.
I tried to highly restrict my virtual machine with just an allow list (works via firewalld), and at the same time allowing the vm to query the (physical) LAN for dns-sd.
Tbh, I could not get the latter to work directly. I ended up letting my host function as an dns-sd reflector.
> virtual bridge
Does that work with wlan? libvirt creates a bridge, but with or without NAT it could not let the vm participate like a normal LAN-client. I thought it was a limitation of wireless lan bridging.
It's possible to create a custom network for libvirt, but you have to add a static route to in the router for the other hosts in your LAN to see the VMs.
Using virsh, you can dump the default network with net-dumpxml, which is the default bridge libvirt creates, modify it and create another network. Add the modified file with net-create (non-persistent) or net-define.
This way the VMs can participate in the LAN and, at the same time, the LAN can see your VMs. Works with wifi and doesn't depend on having workarounds for bridging wifi and ethernet. Debian has a wiki entry on how to bridge with a wireless nic [0] but I don't think it's worth the trouble.
I like it that libvirt integrates with firewalld. libvirt via virt-manager also provides you with quick options for dns.
My fear is that this would be a lot of wrangling with qemu before I get there. I am not fond of virt-manager, the UI is clunky, but for setting up a machine it is really helpful.