Date: Tue, 17 Oct 2023 16:05:51 +0100 From: void <void@f-m.fm> To: freebsd-virtualization@freebsd.org Subject: Re: Running a webserver inside a bhyve host and exposing it to the world via PF Message-ID: <ZS6iz_6vF8RWpOAp@int21h> In-Reply-To: <CAAdA2WNzTb6Fvk=Z%2BtAx376mBRztgxY_M75aXBzDFN1bb9yOuQ@mail.gmail.com> References: <CAAdA2WNzTb6Fvk=Z%2BtAx376mBRztgxY_M75aXBzDFN1bb9yOuQ@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Oct 17, 2023 at 05:00:54PM +0300, Odhiambo Washington wrote: >I am stuck on how I can achieve this. >I have a Linux VM running under bhyve. I have installed a webserver running >on port 80 that I'd like to expose to the outside world. >I am unable to figure out how to achieve this with PF running on the host >machine. > >1. I am able to access my VM using VNC Viewer >2. My VM is able to access the Internet >3. I am NOT able to ping my VM from the host >4. I am unable to SSH into the VM from the host. > >My hunch tells me it's about my PF.conf, but is there a guide somewhere on >achieving the above? I've been asking a similar question [1]. PF on the host blocks guests because each guest uses a tap interface which is bridged to the real hardware interface. I thought the only way to differentiate and filter based on these interfaces is with layer 2. PF is layer-3 only. So it is my understanding that PF won't work as required/expected on the host. Because, to PF, it's the same interface. Try blocking port 80 on the host and allowing ping. If you're seeing what I think you're describing, you'll be able to ping the host and the guest but access port 80 on neither. I tried looking at IPFW. But IPFW (of which I have next to zero knowledge) although it understands and can filter layer2, is really layer 2+3. What I'd like to do is get ipfw to "leave these MAC addresses here alone, only process this one further" and I've not found a way to do that yet, or even if it's possible. [1] https://lists.freebsd.org/archives/freebsd-net/2023-October/004061.html --
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZS6iz_6vF8RWpOAp>