Date: Wed, 25 Jan 2012 13:54:05 +0100 From: public profile <ilavsky.martin@gmail.com> To: freebsd-emulation@FreeBSD.org Subject: FreeBSD 9.0; VirtualBox v4.0.14; PF rules when using bridged interface Message-ID: <CAN5QJX_vaa2YbmdQutBOztG%2BuTujQx0W8Ew_GTjUHLaj82T4ew@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello Guys, I'm struggling with an issue I can't find answers to nor able to figure out myself. I found this email address on wiki.freebsd.org, hopefully somebody can give me some further hints. I've started a thread on forums too: http://forums.freebsd.org/showthread.php?t=29111 To describe the problem: Setup: FreeBSD 9.0 amd64 with virtualbox-ose-4.0.14 installed. internet facing interface em0, virtual machine (VM) is using this interface when bridged network is selected both server and VM have public IP address active firewall - PF - on host Goal to achieve: Do a traffic accounting for all VMs which have public IP addresses, something like: IP_VM_PUB_1 total bytes in/out IP_VM_PUB_2 total bytes in/out ... etc Problem: PF rules for IPs which are active on VM which have bridged network are being ignored. Example: I want to disable port 80 for each and every VM running on host (bridged NW): Egress iface: em0 VM virtual IP: 192.0.2.2 pf.conf sample on host: block in quick on em0 proto tcp from any to 192.0.2.2 port 80 Does nothing when rules are reloaded. However, I can see this traffic passed by with tcpdump. I suspect that vboxnetflt kernel driver might have something to do with it (bypassing the whole PF). Please can you confirm this? Is there a way for hosts to do a per IP filtering for VMs used on bridged network? Thanks for any hints, Martin Ilavsky __ ..life is hard, and then you die..
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAN5QJX_vaa2YbmdQutBOztG%2BuTujQx0W8Ew_GTjUHLaj82T4ew>