We bring to the Internet a public QEMU virtual machine without a network card and try to mine

There are cases when a happy user of a public virtual machine may face the fact that a virtual machine does not have access to the Internet. The user is provided with a processor, memory, disk with the operating system, basic interfaces, port of remote access and all.

In this case, the hoster can also be understood; it is easier for him to disable Internet access today so as not to wrestle with the user's activity on the Internet tomorrow, as the various offended and offended users first of all begin to sort out their relationship with the hoster. For example, in some countries, the practice of pre-trial blocking of IP addresses of a hoster is widespread, from which innocent users suffer, not the malicious user.

New method of accessing the Internet

Previously, in order to bring a virtual machine without a network to the Internet, a client could only forward a physical USB device that distributes the Internet from its address: a modem, a network adapter.

Today, a user can forward ports to a VPN or proxy server by analogy with SSH. To do this, it is necessary that all three sides of the client, the host and the virtual machine are built on the basis of the FlexVDI code, i.e. it is necessary to rebuild and install software packages that are used for remote access via the Spice protocol.

FlexVDI is an enhanced version of the open remote access protocol SPICE and an additional layer of abstraction from a company of the same name. All necessary code is available in github repositories.

Connection

In order to get a spice client from FlexVDI, a Linux user can either compile the client manually or perform several actions on the client's appImage image:

First you need to download the appImage-image of the client from the official site, make it an executable file and unpack it with the command:

./flexvdi-linux-client-2.2.15-x86_64.AppImage --appimage-extract

After the command is executed, the image files will be located in the directory with the file in the squashfs-root directory. We are interested in the spicy client, but the direct execution of the file fails as the application tries to use the libraries located in the system rather than in the image. To run spicy, create a copy of the AppRun file. In the copy file at the end we comment or delete the line:

  ./python2.7 ./flexvdi_launcher.pyc "$@"

and instead add a line like:

 ./spicy --uri=spice://vpla.umvirt.com?port=6060 -R 3128:127.0.0.1:3128 --spice-debug

Here, the connection to the port of remote access via the spice-protocol to the public virtual machine RetroGamer on the server vpla.umvirt.com is configured and we forward port 3128 from squid to the virtual machine with output of debug information.

Save the file, install the Squid Proxy server and check its performance using a browser.

Below is a screenshot of the Proxy server settings for Firefox:

If the browser works with the proxy successfully, reserve access to the virtual machine and run the generated startup file with redirection of the output to the file, for example:

 ./myApp > spicy.log

The following messages should appear in the log file:

 (spicy:10702): GSpice-DEBUG: port-forward.c:183 Created new port forwarder

and

 (spicy:10702): GSpice-DEBUG: port-forward.c:231 Associate guest (null), port 3128 -> 127.0.0.1 port 3128

If the message does not appear, it means either on the host or in the virtual machine the code of the original spice packets is not replaced with the Flexvdi code.

In the virtual machine: