From owner-freebsd-emulation@FreeBSD.ORG Wed Jan 25 13:19:38 2012 Return-Path: Delivered-To: freebsd-emulation@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EA253106564A for ; Wed, 25 Jan 2012 13:19:38 +0000 (UTC) (envelope-from ilavsky.martin@gmail.com) Received: from mail-pz0-f54.google.com (mail-pz0-f54.google.com [209.85.210.54]) by mx1.freebsd.org (Postfix) with ESMTP id C3EF38FC15 for ; Wed, 25 Jan 2012 13:19:38 +0000 (UTC) Received: by dadi14 with SMTP id i14so4238888dad.13 for ; Wed, 25 Jan 2012 05:19:38 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type; bh=vSV8gw0vIm9jtoKH6DrkWknFbtMu+QKawetIgiqSri4=; b=EDOrLy1fgmXA0ovtbm6Djzxz9gs8r9GoAXOQjjUtXfAtJdLgAB22EqU9fxu17OC6FE KR6jvhoPqI3Hgkicef3J4DfsSjAEHUESZc/GueHomSRkTG7NO2F5hlmptd6PSjr8M5ef +QsBEDy1W1zeMb8+2pz/MXqXY1J0TdjD4iwS0= MIME-Version: 1.0 Received: by 10.68.74.102 with SMTP id s6mr40553456pbv.81.1327496045525; Wed, 25 Jan 2012 04:54:05 -0800 (PST) Received: by 10.68.13.9 with HTTP; Wed, 25 Jan 2012 04:54:05 -0800 (PST) Date: Wed, 25 Jan 2012 13:54:05 +0100 Message-ID: From: public profile To: freebsd-emulation@FreeBSD.org Content-Type: text/plain; charset=ISO-8859-1 Cc: Subject: FreeBSD 9.0; VirtualBox v4.0.14; PF rules when using bridged interface X-BeenThere: freebsd-emulation@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Development of Emulators of other operating systems List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 25 Jan 2012 13:19:39 -0000 Hello Guys, I'm struggling with an issue I can't find answers to nor able to figure out myself. I found this email address on wiki.freebsd.org, hopefully somebody can give me some further hints. I've started a thread on forums too: http://forums.freebsd.org/showthread.php?t=29111 To describe the problem: Setup: FreeBSD 9.0 amd64 with virtualbox-ose-4.0.14 installed. internet facing interface em0, virtual machine (VM) is using this interface when bridged network is selected both server and VM have public IP address active firewall - PF - on host Goal to achieve: Do a traffic accounting for all VMs which have public IP addresses, something like: IP_VM_PUB_1 total bytes in/out IP_VM_PUB_2 total bytes in/out ... etc Problem: PF rules for IPs which are active on VM which have bridged network are being ignored. Example: I want to disable port 80 for each and every VM running on host (bridged NW): Egress iface: em0 VM virtual IP: 192.0.2.2 pf.conf sample on host: block in quick on em0 proto tcp from any to 192.0.2.2 port 80 Does nothing when rules are reloaded. However, I can see this traffic passed by with tcpdump. I suspect that vboxnetflt kernel driver might have something to do with it (bypassing the whole PF). Please can you confirm this? Is there a way for hosts to do a per IP filtering for VMs used on bridged network? Thanks for any hints, Martin Ilavsky __ ..life is hard, and then you die..