From owner-freebsd-net@freebsd.org Thu Dec 22 04:43:41 2016 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3EE89C8C160 for ; Thu, 22 Dec 2016 04:43:41 +0000 (UTC) (envelope-from vikashb@where-ever.za.net) Received: from mailbox.is.co.za (mailbox.is.co.za [196.35.45.20]) by mx1.freebsd.org (Postfix) with ESMTP id 13526AA4 for ; Thu, 22 Dec 2016 04:43:39 +0000 (UTC) (envelope-from vikashb@where-ever.za.net) X-AuthUser: vikashb@where-ever.za.net Received: from laptop.where-ever.za.net ([196.35.45.20]:64499) by mailbox.is.co.za with [XMail 1.22 ESMTP Server] id for from ; Thu, 22 Dec 2016 06:13:21 +0200 Subject: Re: tcp between tap interfaces To: dkleinh@phy.ucsf.edu References: <20161210215405.886061vp9d04ld6l@keck.ucsf.edu> From: Vikash Badal Cc: freebsd-net@freebsd.org Message-ID: <43529428-d97e-31c4-8ffb-95393cdbeb9b@where-ever.za.net> Date: Thu, 22 Dec 2016 06:13:18 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:45.0) Gecko/20100101 Thunderbird/45.5.1 MIME-Version: 1.0 In-Reply-To: <20161210215405.886061vp9d04ld6l@keck.ucsf.edu> Content-Type: text/plain; charset=windows-1252; format=flowed Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 22 Dec 2016 04:43:41 -0000 On 11/12/2016 07:54, dkleinh@phy.ucsf.edu wrote: > I'm trying to setup a private testing environment using the bhyve > hypervisor and some virtual machines connected with tap interfaces > to a bridge. My network configuration for this environment looks like > this: > > I have a bridge interface with 5 tap interfaces, but no real interface as > this is to be virtual. The bridge interface has interface: 192.168.1.1 > This is the gateway for the VMs. Each tap interface on the (virtual) bridge > to each VM is on the 192.168.1.0/24 network. I nat the private network out > through a real interface on the host. > > I use the pf packet filter and nat is working great, each VM can connect out > to the world. The host can connect into each VM through the bridge and icmp > and udp seem to work great between the VMs on the private network, but tcp > does not seem to work. add skip on bridgeX to your pf rules alternatively you can add the filtering rules you want > That is, I cannot ssh between the VMs, but ping works and I've setup a DNS > server on one of the VMs and that works for resolving the different private VM > host names and external names. The host can ssh into each VM OK. > > I'm totally at a loss where to go with this. > > I'm running FreeBSD 10.1 on the host. > > > > > > _______________________________________________ > freebsd-net@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >