From owner-freebsd-questions@FreeBSD.ORG Fri Aug 11 10:40:14 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 2382516A4E0 for ; Fri, 11 Aug 2006 10:40:14 +0000 (UTC) (envelope-from artifact.one@googlemail.com) Received: from nf-out-0910.google.com (nf-out-0910.google.com [64.233.182.188]) by mx1.FreeBSD.org (Postfix) with ESMTP id 5F56943D53 for ; Fri, 11 Aug 2006 10:40:02 +0000 (GMT) (envelope-from artifact.one@googlemail.com) Received: by nf-out-0910.google.com with SMTP id g2so1004314nfe for ; Fri, 11 Aug 2006 03:40:01 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=googlemail.com; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=j2ztMtUzeAkrfN5JsMM2Qf9z9XBZfAbR3iPQFIHByUQsmFbN6b1g2d+Yikc2wnPo6v53IewBiy4qy8OGbEKqHHeUJD/mWM0cWFtLkp2+dO4GpBHcFoh82o+/fWU5nDUsUA8reQE5aDka+XwR/I+um1KbJGkp5vroCC8XxwYX7jQ= Received: by 10.78.183.8 with SMTP id g8mr2122604huf; Fri, 11 Aug 2006 03:40:01 -0700 (PDT) Received: by 10.78.43.9 with HTTP; Fri, 11 Aug 2006 03:40:01 -0700 (PDT) Message-ID: <8e96a0b90608110340o7f197a1dr2b23a414f8fe63bd@mail.gmail.com> Date: Fri, 11 Aug 2006 11:40:01 +0100 From: "mal content" To: freebsd-questions@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Content-Disposition: inline Subject: Once again lost in the woods with QEMU, pf, bridge.sh, tap... X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Aug 2006 10:40:14 -0000 Hello. I'm trying to get qemu with tap networking happening under FreeBSD 6.1. I did make some progress with the last solution given to me, but I still couldn't get it to work. Doing things this way seems to be the only method that works for me currently. The main problem I'm having is that I can't seem to get pf to do any packet filtering. My setup currently looks like this: /etc/pf.conf: nic0 = "fxp0" host_ip = "192.168.2.5" #----------------------------------------------------------------------# pass in log all pass out log all -- if-up2: #!/bin/sh -x ext_if="fxp0" tap_if="$1" sudo ifconfig $tap_if 0.0.0.0 up -- run-qemu2.sh: #!/bin/sh -x sudo sysctl net.link.tap.user_open=1 sudo ./bridge.sh start qemu \ -m 128 \ -net nic \ -net tap,script=if-up2 \ -hda openbsd_39_hda.img sudo ./bridge.sh stop sudo sysctl net.link.tap.user_open=0 -- 'bridge.sh' is the standard bridge.sh copied from /usr/src and edited for my interfaces: BRIDGE_NAME="bnet0" BRIDGE_IFACES="fxp0 tap0" LOCAL_IFACES="fxp0" Now, the OpenBSD guest is set up to have the IP address '192.168.2.7', and it does work. I can connect out from the guest and I can SSH in with no problems. HOWEVER - pf doesn't log the packets, and this is worrying. I seem to be somehow avoiding pf logging, despite the fact that I've told pf to log everything coming in or out of the machine (it also logs traffic on loopback, for now). I fully admit that I don't understand everything going on here, particularly the magic inside bridge.sh. I basically just want to be able to tell pf to filter all packets coming from the tap0 interface (doesn't seem to work) or all packets coming from 192.168.2.7 (unreliable, I would think, what if the guest OS spoofs the source address?). help, flames, etc, appreciated. MC