From owner-freebsd-net@freebsd.org  Sun Oct 25 17:33:00 2020
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7F3264543E8
 for <freebsd-net@mailman.nyi.freebsd.org>;
 Sun, 25 Oct 2020 17:33:00 +0000 (UTC) (envelope-from darcy@druid.net)
Received: from mail.vex.net (mail.vex.net [98.158.139.68])
 by mx1.freebsd.org (Postfix) with ESMTP id 4CK4mq3fc7z4KQn
 for <freebsd-net@freebsd.org>; Sun, 25 Oct 2020 17:32:59 +0000 (UTC)
 (envelope-from darcy@druid.net)
Received: from imp.druid.net (unknown [98.158.128.36])
 (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested) (Authenticated sender: darcy)
 by mail.vex.net (Postfix) with ESMTPSA id 1E1B439F1A
 for <freebsd-net@freebsd.org>; Sun, 25 Oct 2020 13:32:58 -0400 (EDT)
To: freebsd-net@freebsd.org
From: D'Arcy Cain <darcy@druid.net>
Autocrypt: addr=darcy@druid.net; keydata=
 xjMEXu32OxYJKwYBBAHaRw8BAQdAD839OEQVMqCs45KVwLKg4srvl51WsVhMpTGOd9z3Ym3N
 HUQnQXJjeSBDYWluIDxkYXJjeUBkcnVpZC5uZXQ+wpYEExYIAD4WIQSQJTNYM0vv3aTmBCs/
 5DDweYZnXQUCXu32OwIbAwUJCWYBgAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA/5DDw
 eYZnXWAxAP9cDL1j4koUFRBNQyC4iMp/cx5KnozmtsFtiTrWdZBrIwD6A2rLFx60tJryd/qp
 SZpXk7UPDLH/PY1hstjx9WUbXQjOOARe7fY7EgorBgEEAZdVAQUBAQdAbK0SOaTRrkI2QAWz
 rCz29D2RDOgGTvEbDpyWiyA5RhQDAQgHwn4EGBYIACYWIQSQJTNYM0vv3aTmBCs/5DDweYZn
 XQUCXu32OwIbDAUJCWYBgAAKCRA/5DDweYZnXaNOAQDC77ymNjoMZQVgDCcmgZEk6IZxn45k
 nyW17OYCpRctvgD9Fg3aocAbHK7V9AhmSbDPxLNQygQUPjjU7Cyn97b1cQs=
Subject: Bridge woes
Message-ID: <c955de31-6ea9-318b-d5c7-fcfcb4463b03@druid.net>
Date: Sun, 25 Oct 2020 13:32:57 -0400
User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101
 Thunderbird/78.3.2
MIME-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha256;
 protocol="application/pgp-signature";
 boundary="ukcHSk4yT6xuriUcua6QNe4HII3hchC7M"
X-Rspamd-Queue-Id: 4CK4mq3fc7z4KQn
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none;
 spf=none (mx1.freebsd.org: domain of darcy@druid.net has no SPF policy when
 checking 98.158.139.68) smtp.mailfrom=darcy@druid.net
X-Spamd-Result: default: False [-2.66 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[];
 ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[];
 FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[];
 NEURAL_HAM_LONG(-0.85)[-0.852]; HAS_ATTACHMENT(0.00)[];
 MIME_GOOD(-0.20)[multipart/signed,multipart/mixed,text/plain,application/pgp-keys];
 TO_DN_NONE(0.00)[]; AUTH_NA(1.00)[]; RCPT_COUNT_ONE(0.00)[1];
 PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org];
 NEURAL_HAM_SHORT(-0.23)[-0.230]; DMARC_NA(0.00)[druid.net];
 NEURAL_HAM_MEDIUM(-0.48)[-0.482]; SIGNED_PGP(-2.00)[];
 R_SPF_NA(0.00)[no SPF record]; RCVD_NO_TLS_LAST(0.10)[];
 FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[];
 MIME_TRACE(0.00)[0:+,1:+,2:+,3:+,4:+,5:~];
 ASN(0.00)[asn:19842, ipnet:98.158.139.0/24, country:CA];
 RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-net]
X-Content-Filtered-By: Mailman/MimeDel 2.1.33
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.33
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 25 Oct 2020 17:33:00 -0000

This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ukcHSk4yT6xuriUcua6QNe4HII3hchC7M
Content-Type: multipart/mixed; boundary="fQk8NWtQjQ1W8YzL5tsFMbvjcPRQJR0cH";
 protected-headers="v1"
From: D'Arcy Cain <darcy@druid.net>
To: freebsd-net@freebsd.org
Message-ID: <c955de31-6ea9-318b-d5c7-fcfcb4463b03@druid.net>
Subject: Bridge woes

--fQk8NWtQjQ1W8YzL5tsFMbvjcPRQJR0cH
Content-Type: multipart/mixed;
 boundary="------------6F0C35D91F48B55915269250"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------6F0C35D91F48B55915269250
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable

I have been trying to solve this problem for a week now.  I have been=20
emailing the virtualization list (Re: When is a switch not a switch?)=20
because it had to do with vm-bhyve but now I am wondering if it is someth=
ing=20
else.  Maybe some of the network experts here can help.

Basically I have the following in my rc.conf:
   set -- $(/sbin/ifconfig -l ether); eth0=3D$1 eth1=3D$2
   eval "ifconfig_${eth0}_name=3D\"eth0\"" # Public facing network
   eval "ifconfig_${eth1}_name=3D\"eth1\"" # Private network
   ifconfig_eth0=3D"inet 0x629e8b${me}/27"
   ifconfig_eth0_ipv6=3D"inet6 2605:2600:1001::${me}/64"
   ifconfig_eth1=3D"inet 0xc0a897${me}/24"
   ifconfig_eth1_ipv6=3D"inet6 fc00:97:97::${me}/64"
   vm_enable=3D"YES"
   vm_dir=3D"zfs:zroot/VM"
   vm_delay=3D"5"

Everything there does what it is supposed to do.  In rc.local I do this:
   sysctl -w net.inet.ip.forwarding=3D1
   sysctl -w net.inet6.ip6.forwarding=3D1
   vm switch create public
   vm switch add public eth0
   vm switch create private
   vm switch add private eth1

I know that I can put those sysctls in /etc/sysctl.conf but I have reason=
s=20
for doing it this way.

So far so good.  I then fire up a VM by running "vm install".  I haven't =

been able to get an actual working system yet due to the following proble=
,

In the VM I set an IP address on the same network as the host:
   vtnet0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> m=
etric=20
0 mtu 1500
         options=3D80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
         ether 22:22:22:22:22:41
         inet 98.158.139.71 netmask 0xffffffe0 broadcast 98.158.139.95
         media: Ethernet 10Gbase-T <full-duplex>
         status: active
         nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

I set up /etc/resolv.conf and default routes as expected.  At that point =
I=20
can ping any IP address on my internal network as well as any ICMP friend=
ly=20
sites anywhere on the Internet.  However, I can't make a TCP connection t=
o=20
anywhere except to the host or, for some odd reason, one other host on my=
=20
network.

I have tried putting the public IP on the bridge but other than complicat=
ing=20
my startup scripts it acts exactly the same.

Can anyone make any sense out of this?

--=20
D'Arcy J.M. Cain <darcy@druid.net>         |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 788 2246     (DoD#0082)    (eNTP)   |  what's for dinner.
IM: darcy@VybeNetworks.com, VoIP: sip:darcy@druid.net

Disclaimer: By sending an email to ANY of my addresses you
are agreeing that:

1.  I am by definition, "the intended recipient".
2.  All information in the email is mine to do with as I see
     fit and make such financial profit, political mileage, or
     good joke as it lends itself to. In particular, I may quote
     it where I please.
3.  I may take the contents as representing the views of
     your company if I so wish.
4.  This overrides any disclaimer or statement of
     confidentiality that may be included or implied in
     your message.

--------------6F0C35D91F48B55915269250--

--fQk8NWtQjQ1W8YzL5tsFMbvjcPRQJR0cH--

--ukcHSk4yT6xuriUcua6QNe4HII3hchC7M
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"

-----BEGIN PGP SIGNATURE-----

wnsEABYIACMWIQSQJTNYM0vv3aTmBCs/5DDweYZnXQUCX5W2yQUDAAAAAAAKCRA/5DDweYZnXdEG
AP9GlxiggFNri6oBE96vY+trpzp7G9frbO5QhRTJ+CeLcAD9Fdf1c/gFlExyfDoIhhdjwLD6tdiR
EuH8+kcG0sGLUAY=
=BK6y
-----END PGP SIGNATURE-----

--ukcHSk4yT6xuriUcua6QNe4HII3hchC7M--