From owner-freebsd-net@FreeBSD.ORG Wed Oct 29 02:34:30 2008 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id EFCA41065680 for ; Wed, 29 Oct 2008 02:34:29 +0000 (UTC) (envelope-from mike@jellydonut.org) Received: from mu-out-0910.google.com (mu-out-0910.google.com [209.85.134.184]) by mx1.freebsd.org (Postfix) with ESMTP id CD6178FC16 for ; Wed, 29 Oct 2008 02:34:27 +0000 (UTC) (envelope-from mike@jellydonut.org) Received: by mu-out-0910.google.com with SMTP id i2so2568678mue.3 for ; Tue, 28 Oct 2008 19:34:26 -0700 (PDT) Received: by 10.181.228.15 with SMTP id f15mr36226bkr.152.1225246098726; Tue, 28 Oct 2008 19:08:18 -0700 (PDT) Received: by 10.181.17.8 with HTTP; Tue, 28 Oct 2008 19:08:18 -0700 (PDT) Message-ID: <1de79840810281908i616a8086r474d4329de184f37@mail.gmail.com> Date: Tue, 28 Oct 2008 22:08:18 -0400 From: "Michael Proto" To: "Marc G. Fournier" In-Reply-To: MIME-Version: 1.0 References: Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Content-Disposition: inline X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-net@freebsd.org, freebsd-stable@freebsd.org Subject: Re: Problem with Bridging ... and bge devices under FreeBSD 7.x? X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 29 Oct 2008 02:34:30 -0000 On Tue, Oct 28, 2008 at 7:56 PM, Marc G. Fournier wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > > I'm trying to run a QEMU VM on top of a FreeBSD 7.x server ... I've tried > the > exact same setup on my desktop, using 192.168.1.x and an fxp device, and it > all > works perfectly, but as soon as I do this on another machine on a public > IP, > I'm not getting any routing, I can't even ping it from the same machine ... > > My first thought was that there was an issue with IP aliases already on > the > bge device, but tried doing the following: > > ifconfig bridge0 destroy > ifconfig tap0 destroy > ifconfig fxp0 -alias 192.168.1.101 > ifconfig fxp0 alias 192.168.1.101 netmask 255.255.255.255 > ifconfig bridge0 create > ifconfig tap0 create > ifconfig bridge0 addm fxp0 addm tap0 up > > on my desktop here and then starting up the qemu image, and all worked as > expected, so having an alias on the interface, before or after, doesn't > make a > difference ... at least with the fxp device ... > > Using VNC to connect to the VM, I can look at the interface, and it says it > is > connected ... and the IP/Gateway are all set right for the network I'm on, > netmask is set to 255.255.255.0, same as on the 'private network' ... > > Please note that when I say "it works" on my private network / desktop, I'm > using it to connect to my work computer, across the Internet, via Windows > RDP, > and it works flawlessly ... > > Looking at /var/log/messages, you can see the bridge being setup: > > > Oct 27 18:53:21 io kernel: bridge0: Ethernet address: ce:44:c7:1b:47:40 > > as well as the tap device: > > Oct 27 18:53:25 io kernel: tap0: Ethernet address: 00:bd:96:ae:67:00 > Oct 27 18:53:41 io kernel: tap0: promiscuous mode enabled > > and the ethernet going promiscuous: > > Oct 26 20:53:56 ganymede kernel: fxp0: promiscuous mode enabled > > So, all I have left is that everything is being setup okay, but there is > something I'm missing here ... something with bridge<->bge, maybe? I've > even > tries to compare the output of 'ifconfig -a' as far as the bridge0 and tap0 > devices are concerned, and other then the mac address, they look identical > also > ... > > So, pointers to what I may be missing here? a sysctl value that I need to > set > for this interface? > > I'm having a little trouble understanding the setup you have. In your test case, is the IP of your VM 192.168.1.101? If so, then I don't think you want that IP aliased on the physical interface of your bridge. The VM NIC will answer for packets destined on your local segment, which the bridge would forward to the physical interface. If you assign the VM's IP to that physical interface, then your host would think that traffic is destined for itself and not pass it to the bridge. If I'm misunderstanding and the 192.168.1.101 alias (or whatever the equiv in your production setup) isn't being used by your VM then I would start looking at the ARP traffic crossing both the tap0, lo0, and physical interfaces. What does an 'ifconfig -a' look like on both systems? netstat -rn? Any packet filtering? -Proto