Date: Mon, 25 Mar 2019 17:52:29 +0000 From: Marcin Cieslak <saper@saper.info> To: Mathias Picker <Mathias.Picker@virtual-earth.de> Cc: "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org> Subject: Re: vm-bhyve, routing a subnet behind the main ip, is this a good / "correct" solution? Message-ID: <nycvar.OFS.7.76.4444.1903251746150.84924@z.fncre.vasb> In-Reply-To: <86sgvbdtl5.fsf@virtual-earth.de> References: <86sgvbdtl5.fsf@virtual-earth.de>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Mon, 25 Mar 2019, Mathias Picker wrote:
> Hi all,
>
> this is the first time I tried to use bhyve.
>
> This is 12.0-RELEASEp3 and vm-bhyve 1.2.3.
>
> My hosting provider hetzner.de is giving out subnets which are routed through
> the main ip of the server,
> so if my main IP is xxx.xxx.xxx.63 the subnet yyy.yyy.yyy.224/28 is routed as
> if it was "behind" the main ip xxx.xxx.xxx.xxx.
This is a typical routing situation. You cannot get from yyy.yyy.yyy to the
Internet via bridging alone. You have to have a normal routing done on
the xxx.xxx.xxx.63 machine.
> I first didn't know that and tried the solution mentioned in the vm-bhyve
> wiki, usiing a bridge and adding the network card (em0) to it, which didn't
> work.
Hetzner will not allow you to show additional MAC adresses behind your main
IP (xxx.xxx.xxx.63), that's the reason why some descriptions "on the Internet"
may not work for you.
I don't have luxury of the IPv4 subnet behind my single IPv4, so I had
to create two bridge interfaces (bridge0 and bridge1) - one is for
a routed IPv6 subnet, the other one is for RFC1918 IPv4 addresses.
bridge1 is being subject to NAT. bridge0 is subject to IPv6 routing.
(I use Xen but that does not matter for the networking discussion).
Marcin
[-- Attachment #2 --]
0K *H
<0810
`He�0
*H
00HjD\=H
0
*H
�0L1 0
U
GlobalSign Root CA - R310U
GlobalSign10U
GlobalSign0
160615000000Z
240615000000Z0]1
0 UBE10U
GlobalSign nv-sa1301U*GlobalSign PersonalSign 1 CA - SHA256 - G30"0
*H
��0
�ʰkM
8}feA};�1
M<
&8d;rT\dEބqNU{ܣx
Ij:+j
;P@ q3DG>#cj
l1yƆ: 43A,DPi\dR0*[x=KtL@Dʢ.(Cu͓(؟PFyxxi26
t�AYw;>eYM#x�d0`0U
0'U
% 0
+++ 0U
0�0
U
'¥
zzdco2Ҙ±0 U
#0K.E$MPc0>+2000.+0"http://ocsp2.globalsign.com/rootr306U
/0-0+)'%http://crl.globalsign.com/root-r3.crl0YU
R0P0
+2(0A +2_0402+&https://www.globalsign.com/repository/0
*H
��wF
|NR
,ȎwبkEoB"s)!YbUy\a،Ğ8wIrۅJmϦPa9
Q_ A Mz%-Mmf!=EL8TfP&G)\`9\(
#�$v.OlVGc ViV
C7_)P{YXDHKr˟*˜
2:
q4wt
\I$
ϱ.jp!?00٠
N{a
90
*H
�0]1
0 UBE10U
GlobalSign nv-sa1301U*GlobalSign PersonalSign 1 CA - SHA256 - G30
170525084416Z
200525084416Z0<10U
saper@saper.info1 0
*H
saper@saper.info0"0
*H
��0
�÷in
YcYuFp\اtyc@/W<lL\@.kWW3Ø٤&55IN15PQdw],(;p..3E }zgAN3̑m\'IR"@{d֘P$
'ɹ
Sxi~"5H
dA !ڲQi-̓[73zB&Tgˆ
P?c
V+jAT{'dusѧS]\be3p' F=xG6_{<8([ݤ2
�+,+Jr+z!Y%!-
gAJ5*Xoc -!
,xr)b ֆT7w9z
͝
YIVp
No
U`Ale@εL[b-t=lJ)m�I#
�00U
0+00M+0Ahttp://secure.globalsign.com/cacert/gspersonalsign1sha2g3ocsp.crt0=+01http://ocsp2.globalsign.com/gspersonalsign1sha2g30LU
E0C0A +2(0402+&https://www.globalsign.com/repository/0 U
0�0DU
=0;09753http://crl.globalsign.com/gspersonalsign1sha2g3.crl0U
0saper@saper.info0
U
%0++0
U
^ZB¬(F0 U
#0'¥
zzdco2Ҙ±0
*H
��
EJ2JyN*Wm{*
8_fEe
`&t4C
$Z$Ԅ;&nU`s'{0iED,WʍI8
LN)-
ߓfū,wmmθhWobLfLpIk%,7kdA_
@ֵ@ȇDAW-o�j;iړ|̠|HZZw_GX)Fqjsʵ3Ķu埰10{0m0]1
0 UBE10U
GlobalSign nv-sa1301U*GlobalSign PersonalSign 1 CA - SHA256 - G3
N{a
90
`He�0 *H
1
*H
0
*H
1
190325175229Z0/ *H
1" GjQh`^kOk
@
10y *H
1l0j0
`He*0
`He0
`He0
*H
0*H
�0
*H
@0+0
*H
(0
*H
��j& ҅2?"3V6YzD7z*K~
S\r%
DYBnUMr9%A5*4:F
Q
+dd=J\!Ф-`-9m?yϛx3^Vt hpL Jıe'spMq(2{RQ�!({`ňÌ:vW]+
zq-)rN~):<)v!& f>$LNz1
[51SwnS' Ge A1
;0r?ݸ%EX1f%E<>D4�u^v&aIĞ.
Ԥy^˷By*
|D)>FqrW߳[Q<IWbG(cQ% <ںpt\;
*><1˞|>(jYBO`wq]%]/Md
ii1WV&J1p_M8)w
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?nycvar.OFS.7.76.4444.1903251746150.84924>