Static network configuration can only be set up as per https://www.kicksecure.com/wiki/Free_Support_Principle
My apologies for occupying resources, I’m definitely gonna support this project.
I read the documentation, and two methods are outlined to assign a static IP via XML.
1.) Adding an ip section to the VM xml - here the network portion of the Kicksecure.xml
<interface type='network'>
<mac address='52:54:00:c6:f6:27'/>
<source network='super' portid='e3de0cc2-97f4-4e4a-a16b-24bd5ec6de21' bridge='virbr1'/>
<target dev='vnet2'/>
<model type='virtio'/>
<driver name='qemu'/>
<alias name='net0'/>
<address type='pci' domain='0x0000' bus='0x00' slot='0x03' function='0x0'/>
<ip address='10.0.2.150' netmask='255.255.254.0' gateway='10.0.2.2'>
</ip>
</interface>
2.) Adding the mac address of the Kicksecure network adapter and static ip to the virtual network xml
<network>
<name>kick_net</name>
<forward dev='eth2' mode='nat'>
<interface dev='eth2'/>
</forward>
<bridge name='virbr1' stp='on' delay='0'/>
<ip address='10.0.2.2' netmask='255.255.255.0'>
<dhcp>
<range start='10.0.2.5' end='10.0.2.254''>
<host mac='52:54:00:c6:f6:27' name=Kicksecure ip='10.0.2.150'>
</dhcp>
</ip>
</network>
I restarted the virtual network devices and libvirtd daemon as instructed, but both solutions failed.
Am I missing anything here?
I don’t think Kicksecure for KVM opens any ports that are reachable from the host? Kicksecure should come without any open ports by default anyhow.
My apologies, I should have clarified.
KVM Kicksecure does not have any open ports, both INPUT and FORWARD are dropping by default.
What I was referring to is the virtual network device virbr1, which needs to have ports 68,67,53 open in order for DHCP to be able to assign an ip address to Kicksecure’s eth0 interface. Libvirt creates these iptables automatically.
-A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_INP -i virbr1 -p udp -m udp --dport 67 -j ACCEPT
-A LIBVIRT_INP -i virbr1 -p tcp -m tcp --dport 67 -j ACCEPT
-A LIBVIRT_OUT -o virbr1 -p udp -m udp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr1 -p tcp -m tcp --dport 53 -j ACCEPT
-A LIBVIRT_OUT -o virbr1 -p udp -m udp --dport 68 -j ACCEPT
-A LIBVIRT_OUT -o virbr1 -p tcp -m tcp --dport 68 -j ACCEPT
HulaHoop pointed out that the VM sits behind the NAT, thus open ports on virbr1 would not pose a security risk.
I am deeply researching this at the moment, because I’ve found conflicting opinions on the subject.
Thanks again to both of you for the time and information.