Lima Ubuntu VM setup on Mac

Posted on by Haco

Homebrew

https://gitee.com/cunkai/HomebrewCN/blob/master/error.md

Installation

/bin/zsh -c "$(curl -fsSL https://gitee.com/cunkai/HomebrewCN/raw/master/Homebrew.sh)"

Uninstallation

/bin/zsh -c "$(curl -fsSL https://gitee.com/cunkai/HomebrewCN/raw/master/HomebrewUninstall.sh)"

Lima

Lima launches Linux virtual machines with automatic file sharing and port forwarding (similar to WSL2).

# Install
brew install lima

# Create VM
limactl create --cpus=8 --memory=8 --name=default template://ubuntu
limactl list

# Start && Enter
limactl start default
limactl shell default


# Stop
limactl stop default
# Delete
limactl delete default
# Protect && Unprotect
limactl protect default
limactl unprotect default

# Copy
# Host -> VM
limactl cp ~/Downloads/test.png default:/tmp
# VM -> Host
limactl cp default:/tmp/test.png ~/Downloads

Port Fowarding(SSH)

eg. Forward traffic from 0.0.0.0:2222 to 127.0.0.1:60022

1. Local Port Forwarding on the Same Machine

# socat
brew install socat
socat TCP-LISTEN:2222,bind=0.0.0.0,reuseaddr,fork TCP:127.0.0.1:60022

2. Remote Port Forwarding via SSH

Access a service on the remote server that’s only bound to 127.0.0.1 (not exposed to the internet).

ssh -N -L 2222:127.0.0.1:60022 user@remote-server
  • -N: Tells SSH not to execute any remote commands (no shell session; just port forwarding).
  • -L 2222:127.0.0.1:60022: Sets up local port forwarding:
    • Local Port2222 (on your machine).
    • Remote Target127.0.0.1:60022 (a service running on the remote server’s localhost, accessible only from the server itself).

When you connect to localhost:2222 on your machine, the traffic is encrypted and sent through the SSH tunnel to 127.0.0.1:60022 on the remote server.

    3. Firewall Rules (Linux/macOS)

    For advanced setups, use firewall rules to forward traffic:

    Linux (iptables):

    sudo iptables -t nat -A PREROUTING -p tcp --dport 2222 -j DNAT --to-destination 127.0.0.1:60022
sudo iptables -t nat -A OUTPUT -p tcp --dport 2222 -j DNAT --to-destination 127.0.0.1:60022

    macOS (pfctl):

    Edit /etc/pf.conf and Apply the rules:

      rdr pass on en0 proto tcp from any to any port 2222 -> 127.0.0.1 port 60022
# Replace en0 with your network interface.

sudo pfctl -f /etc/pf.conf
sudo pfctl -e

      VS Code Remote SSH

      1. copy ~/.lima/_config/user on Mac to ~/.ssh/lima-user on local machine
      2. chmod 600 ~/.ssh/lima-user
      Host lima-default
  IdentityFile "/home/haco/.ssh/lima-user"
  StrictHostKeyChecking no
  UserKnownHostsFile /dev/null
  NoHostAuthenticationForLocalhost yes
  GSSAPIAuthentication no
  PreferredAuthentications publickey
  Compression no
  BatchMode yes
  IdentitiesOnly yes
  Ciphers "^aes128-gcm@openssh.com,aes256-gcm@openssh.com"
  User haco
  # ControlMaster auto
  # ControlPath "/Users/haco/.lima/default/ssh.sock"
  # ControlPersist yes
  Hostname 127.0.0.1
  Port 2222
      Post Views: 26

      Leave a Reply

      Your email address will not be published. Required fields are marked *

      Understanding the LLVM Compiler

      • Haco
      • December 19, 2024
      • 21 min read

      https://medium.com/@abhilashkrish/understanding-the-llvm-compiler-a-comprehensive-guide-to-code-translation-and-optimization-decea91fe29d#:~:text=Middle%2Dend%3A%20Optimizes%20the%20LLVM,%2C%20registers%2C%20and%20instruction%20set. https://www.npopov.com/2023/04/07/LLVM-middle-end-pipeline.html Components of LLVM: LLVM is designed with a three-phase architecture: Frontend, Middle-end,…

      Enabling PAC and BTI on AArch64 for Linux

      • Haco
      • March 18, 2025
      • 34 min read

      https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/enabling-pac-and-bti-on-aarch64 https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/p2-enabling-pac-and-bti-on-aarch64 https://community.arm.com/arm-community-blogs/b/architectures-and-processors-blog/posts/p3-enabling-pac-and-bti-on-aarch64 Source code for the examples can be…