Date: Tue, 17 Jan 2012 14:51:43 -0700 From: "Peter" <fbsdq@peterk.org> To: freebsd-questions@freebsd.org Cc: Peter <fbsdq@peterk.org> Subject: solved - bridge firewall in virtualbox not passing traffic after upgrade to stable/9 Message-ID: <233fbb794c977415f3f8eab63581b87b.squirrel@pop.pknet.net> In-Reply-To: <0ba8bd0d2bf651d765eb04f5c8708420.squirrel@pop.pknet.net> References: <31f21c35fd0eec86fd61de0f8e5029c9.squirrel@pop.pknet.net> <0ba8bd0d2bf651d765eb04f5c8708420.squirrel@pop.pknet.net>
next in thread | previous in thread | raw e-mail | index | archive | help
>> Hello,
>>   Was running 8.2 and virtualbox 3 - wiped Freebsd 8.2, installed 9.0,
>> installed latest virtualbox port 4.0.14 and the networking broke in my
>> vms.
>>
>> Setup I had:
>>
>> {vm1,vm2,etc}---> vbox internal network -> em2[firewall VM]em1 -->
>> re0[physical box]-->ISP
>>
>> the firewall vm has this:
>> ifconfig_em0='172.20.6.210/24'
>> cloned_interfaces="bridge0"
>> ifconfig_bridge0="addm em1 addm em2 up"
>> ifconfig_em1="up"
>> ifconfig_em2="up"
>>
>> Firewall vm has this setup:
>> nic1 - bridge re0
>> nic2 - bridge re0
>> nic3 - internal network
>>
>> The VMs are still on 8.2, the only change was virtualbox from 3 to
>> 4.0.14
>> and host system fresh install of stable/9.
>>
>> vboxnet is loaded, if I change the VMs to just bridge re0, they are able
>> to get out, if I put them on the internal network, nothing gets out.
>>
>> internal networking works because without bridge and just setting static
>> IP on vm1 and firewall vm em2, they talk without problem.
>>
>> ]Peter[
>>   it can't be this hard.
>>
> Just a follow up with more info.
>
> Set 2 vms and booting from 9 release cd using live system option.
> Host system is stable/9, vbox 4.0.14:
> Per the handbook setup bridging on firewall_vm that has no IP, and only
> two interfaces [em0 - external, and em1 - internal networking]
> http://www.freebsd.org/doc/handbook/network-bridging.html
>
> On client_vm, em0 is connected to internal network and should pass through
> that bridge, but I get nothing:
>
> client_vm -> internal network -> em1[bridge vm]em0 -> internet
>
> ]Peter[
>   on bridge vm, doing dhclient bridge0 gets nothing, doing dhclient em0
> gets IP....
>
>
Another follow up and solution:
Virtualbox lost default promiscuous mode on version 4.0.6 and that option
did not appear under 'modifyvm' until 4.1.8. Followed this forum post and
used the vbox internal 'setextradata' to fix my firewall VM to allow
promiscuous mode.
https://forums.virtualbox.org/viewtopic.php?f=7&t=41036
For me that was:
VBoxManage setextradata chernogorsk.pknet.net
"VBoxInternal/Devices/e1000/0/LUN#0/Config/IfPolicyPromisc" "allow-all"
VBoxManage setextradata chernogorsk.pknet.net
"VBoxInternal/Devices/e1000/1/LUN#0/Config/IfPolicyPromisc" "allow-all"
VBoxManage setextradata chernogorsk.pknet.net
"VBoxInternal/Devices/e1000/2/LUN#0/Config/IfPolicyPromisc" "allow-all"
or modify the config file for the vm:
      <ExtraDataItem
name="VBoxInternal/Devices/e1000/0/LUN#0/Config/IfPolicyPromisc"
value="allow-all"/>
      <ExtraDataItem
name="VBoxInternal/Devices/e1000/1/LUN#0/Config/IfPolicyPromisc"
value="allow-all"/>
      <ExtraDataItem
name="VBoxInternal/Devices/e1000/2/LUN#0/Config/IfPolicyPromisc"
value="allow-all"/>
That allowed the nics to pass all data and turns off mac security - In
Vbox 4.1.8 [on Windows] that option is in the GUI, this was pure luck I
decided to upgrade my 4.1.2 to 4.1.8 for further testing and that option
appeared.
]Peter[
  ahh, all the little hidden internals of vbox...
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?233fbb794c977415f3f8eab63581b87b.squirrel>
