QEMU networking notes
The default network settings allow the guest to connect to the Internet (via TCP and UDP but not e.g. ICMP/ping), and to the host at 10.0.2.2.
If, for example, you're running a web server locally on the host, the guest can `curl http://10.0.2.2/
`. A local firewall won't necessarily prevent this because QEMU makes the guest's network request from your computer and your user account. If your web server has rewrite rules based on the HTTP Host header, try changing Host using `curl -H "Host: localhost" http://10.0.2.2/
` (use -v
/--verbose
to make curl
show request and response headers).
Networking can be completely disabled by passing qemu -net none
.
hostfwd=
can be used to let the host (and possibly other machines on the host's network) connect to the guest; see the man page for details. The following lets me ssh from the host to the guest (provided I've installed and enabled an ssh server on the guest): -net nic -net user,hostfwd=:127.0.0.1:12345-:22
; then use ssh username@127.0.0.1 -p 12345
. Adding restrict=y
to the -net
option group disables guest access to the host and internet. It claims to still allow hostfwd/guestfwd options to work, but I haven't found out how to make that work yet.
More SSH variations (the latter uses sshfs):
scp [-r] -P 12345 some-file username@127.0.0.1:.
sshfs -p 12345 root@127.0.0.1:/ local-mountpoint
And/or sshfs with another user in order to be creating/editing guest files as that user instead.