From owner-freebsd-virtualization@freebsd.org  Fri Nov  6 01:29:41 2020
Return-Path: <owner-freebsd-virtualization@freebsd.org>
Delivered-To: freebsd-virtualization@mailman.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.nyi.freebsd.org (Postfix) with ESMTP id A96562D75DA
 for <freebsd-virtualization@mailman.nyi.freebsd.org>;
 Fri,  6 Nov 2020 01:29:41 +0000 (UTC) (envelope-from
 010001759b2c6171-3d48f141-38d9-4c47-8741-dfe5dd74021c-000000@amazonses.com)
Received: from a48-102.smtp-out.amazonses.com (a48-102.smtp-out.amazonses.com
 [54.240.48.102])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-SHA256 (128/128 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 4CS2qm3x5gz3vv5
 for <freebsd-virtualization@freebsd.org>; Fri,  6 Nov 2020 01:29:40 +0000 (UTC)
 (envelope-from
 010001759b2c6171-3d48f141-38d9-4c47-8741-dfe5dd74021c-000000@amazonses.com)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/simple;
 s=224i4yxa5dv7c2xz3womw6peuasteono; d=amazonses.com; t=1604626178;
 h=Date:From:To:Cc:Subject:Message-ID:References:MIME-Version:Content-Type:In-Reply-To:Feedback-ID;
 bh=vMjoM2wHVc4YcLa56heiQ4wQ3wjvZCvznQ2VA5bncuU=;
 b=Q4fgoW77sjFBlvGbmNqn/xGb595xNXnAIwmQAsGsdd5wu2Ipm3PD4nZqn2fXHxz8
 p5g1XRMt60eqXqjUn6T9fVGp6Bnhs7X9VbkCiHuRHdtfWzHHgXcMJXyhfE84HBTxG78
 CJiRoH231JbRF37R+sIMwYL6sVHe2COoG+HYlqnc=
Date: Fri, 6 Nov 2020 01:29:38 +0000
From: Thomas Laus <lausts@acm.org>
To: Jason Tubnor <jason@tubnor.net>
Cc: freebsd-virtualization@freebsd.org
Subject: Re: Using OpenBSD guest as PF firewall
Message-ID: <010001759b2c6171-3d48f141-38d9-4c47-8741-dfe5dd74021c-000000@email.amazonses.com>
References: <01000175941a2783-79804ed8-eafa-4f80-92d4-3f500e9d7993-000000@email.amazonses.com>
 <CACLnyCJjdkxaLSu2=r2Ymjvdde_UzLVWcQpVt+tznEMepZNRhg@mail.gmail.com>
 <01000175986c2d21-4256d477-387f-4379-9dd3-8e60fc88b94a-000000@email.amazonses.com>
 <CACLnyCJJsuvCor9eMkjQrpcYnU42UXy8--Ya5E29QvmFLu7riQ@mail.gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <CACLnyCJJsuvCor9eMkjQrpcYnU42UXy8--Ya5E29QvmFLu7riQ@mail.gmail.com>
X-Operating-System: FreeBSD 12.2-RELEASE on an amd64
X-SES-Outgoing: 2020.11.06-54.240.48.102
Feedback-ID: 1.us-east-1.9pbSdi8VQuDGy3n7CRAr3/hYnLCug78GrsPo0xSgBOs=:AmazonSES
X-Rspamd-Queue-Id: 4CS2qm3x5gz3vv5
X-Spamd-Bar: --
Authentication-Results: mx1.freebsd.org;
 dkim=pass header.d=amazonses.com header.s=224i4yxa5dv7c2xz3womw6peuasteono
 header.b=Q4fgoW77; dmarc=none;
 spf=pass (mx1.freebsd.org: domain of
 010001759b2c6171-3d48f141-38d9-4c47-8741-dfe5dd74021c-000000@amazonses.com
 designates 54.240.48.102 as permitted sender)
 smtp.mailfrom=010001759b2c6171-3d48f141-38d9-4c47-8741-dfe5dd74021c-000000@amazonses.com
X-Spamd-Result: default: False [-2.20 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-1.00)[-1.000];
 R_DKIM_ALLOW(-0.20)[amazonses.com:s=224i4yxa5dv7c2xz3womw6peuasteono];
 FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[];
 R_SPF_ALLOW(-0.20)[+ip4:54.240.0.0/18];
 MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[acm.org];
 SPAMHAUS_ZRD(0.00)[54.240.48.102:from:127.0.2.255];
 TO_MATCH_ENVRCPT_SOME(0.00)[];
 DKIM_TRACE(0.00)[amazonses.com:+]; RCPT_COUNT_TWO(0.00)[2];
 RCVD_IN_DNSWL_NONE(0.00)[54.240.48.102:from];
 NEURAL_HAM_SHORT(-1.00)[-1.000];
 FORGED_SENDER(0.30)[lausts@acm.org,010001759b2c6171-3d48f141-38d9-4c47-8741-dfe5dd74021c-000000@amazonses.com];
 RCVD_COUNT_ZERO(0.00)[0];
 RWL_MAILSPIKE_POSSIBLE(0.00)[54.240.48.102:from];
 MIME_TRACE(0.00)[0:+];
 RBL_DBL_DONT_QUERY_IPS(0.00)[54.240.48.102:from];
 ASN(0.00)[asn:14618, ipnet:54.240.48.0/23, country:US];
 FROM_NEQ_ENVFROM(0.00)[lausts@acm.org,010001759b2c6171-3d48f141-38d9-4c47-8741-dfe5dd74021c-000000@amazonses.com];
 MAILMAN_DEST(0.00)[freebsd-virtualization]
X-BeenThere: freebsd-virtualization@freebsd.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: "Discussion of various virtualization techniques FreeBSD supports."
 <freebsd-virtualization.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-virtualization/>
List-Post: <mailto:freebsd-virtualization@freebsd.org>
List-Help: <mailto:freebsd-virtualization-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-virtualization>, 
 <mailto:freebsd-virtualization-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 06 Nov 2020 01:29:41 -0000

Jason Tubnor [jason@tubnor.net] wrote:
> On Thu, 5 Nov 2020 at 23:40, Thomas Laus <lausts@acm.org> wrote:
> 
> Review the vm-bhyve man page.  You just need to add an option to
> {guest}.conf file that references the device you are passing through.  The
> section you are looking for is passthruX
> 
> passthru0=Base/Slot/Function.
>
I have that entry and passthru is working fine for me.  It is only the
bridge function that is not working like the Forum article.  The 'vm
switch tap' creation gives me access to the OpenBSD guest, but I still
can't pass internet traffic from the FreeBSD host through the guest
OpenBSD PF and then onto the internet.  The forum article states that it
can be done by using the provided rc.local script.  I was asking for
vm-bhyve assistance to get the same functionality without resorting
to scripting.  Auto guest startup and shutdown is a lot cleaner using
'vm' commands.

Tom


-- 
Public Keys:
PGP KeyID = 0x5F22FDC1
GnuPG KeyID = 0x620836CF