Date: Fri, 6 Nov 2020 19:25:37 +0000 From: Thomas Laus <lausts@acm.org> To: Jason Tubnor <jason@tubnor.net> Cc: "freebsd-virtualization@freebsd.org" <freebsd-virtualization@freebsd.org> Subject: Re: Using OpenBSD guest as PF firewall Message-ID: <010001759f0579e5-9d7d33c4-ac14-4f53-baf9-de548f7adbd0-000000@email.amazonses.com> In-Reply-To: <CACLnyCLK=aYgCD-%2BS2ONq6wQRxB5VG2vwB%2BB5r5PbdM0ztnhRg@mail.gmail.com> References: <01000175941a2783-79804ed8-eafa-4f80-92d4-3f500e9d7993-000000@email.amazonses.com> <CACLnyCJjdkxaLSu2=r2Ymjvdde_UzLVWcQpVt%2BtznEMepZNRhg@mail.gmail.com> <01000175986c2d21-4256d477-387f-4379-9dd3-8e60fc88b94a-000000@email.amazonses.com> <CACLnyCJJsuvCor9eMkjQrpcYnU42UXy8--Ya5E29QvmFLu7riQ@mail.gmail.com> <010001759b2c6171-3d48f141-38d9-4c47-8741-dfe5dd74021c-000000@email.amazonses.com> <CACLnyCLK=aYgCD-%2BS2ONq6wQRxB5VG2vwB%2BB5r5PbdM0ztnhRg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On 11/5/20 9:24 PM, Jason Tubnor wrote: > > You could create a clone (lo) with an IP address, add that as an > interface to a vm switch and then guest tap to that vm switch? >I ended up getting this all to function by removing bridge 'public' created by the vm-bhyve utility and manually making the loader.conf and rc.conf changes listed in the forum article. My loader.conf: vmm_load="YES" if_tap_load="YES" if_bridge_load="YES" pptdevs=2/0/0 I edited my rc.conf and added: cloned_interfaces="bridge0" ifconfig_bridge0="inet 172.16.1.2 netmask 255.255.255.0" defaultrouter="176.16.1.1" gateway_enable-"YES" The OpenBSD guest has a vio0 address set to 172.16.1.1 in hostname.vio0. The OpenBSD guest sees the host motherboard NIC that is passed through and is properly configured through DHCP. The only hiccup is that I can't enable the tap0 interface in the host /etc/rc.conf because the OpenBSD takes 35 seconds to boot and vio0 on that end is not visible until the boot process has been completed. I made a script for /usr/local/etc/rc.d on the host to add tap0 to bridge0. It errors out during the host boot process, but runs fine when getting a 'onestart' after the host is booted. I have already tried adding a 'sleep 40' to the start of the script without success. I now have a 'mostly' operational OpenBSD PF guest for my FreeBSD host. Thanks for the help and a few pointers to the right direction. Tom -- Public Keys: PGP KeyID = 0x5F22FDC1 GnuPG KeyID = 0x620836CF
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?010001759f0579e5-9d7d33c4-ac14-4f53-baf9-de548f7adbd0-000000>