From nobody Sun May 7 20:50:18 2023 X-Original-To: freebsd-questions@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4QDxQJ3cy8z49VKX for ; Sun, 7 May 2023 20:50:32 +0000 (UTC) (envelope-from tomek@cedro.info) Received: from mail-yb1-xb2b.google.com (mail-yb1-xb2b.google.com [IPv6:2607:f8b0:4864:20::b2b]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1D4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4QDxQJ1gchz4cKw for ; Sun, 7 May 2023 20:50:31 +0000 (UTC) (envelope-from tomek@cedro.info) Authentication-Results: mx1.freebsd.org; none Received: by mail-yb1-xb2b.google.com with SMTP id 3f1490d57ef6-b9dea9d0360so5314764276.1 for ; Sun, 07 May 2023 13:50:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cedro.info; s=google; t=1683492630; x=1686084630; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=fj4Cwa1FfR4gzk+ewKq++0bZvgLwnWPlv9Zo1AIggic=; b=dYvfNLyfDFNhSQ2yt6P+IEFW0rz80+HZPj+06jQTwGlyY7GwlRzdK8g/h6zhKZJE1Q /dSsXFDjl+eGwstVNu3/HjMEzml77nNSbVGfKUZt57Ka4DNT64IeVc8XuPFt8lSNRXTt Umk16I/bX7I+9FtLnLifym5Ob/MmJQuE6ZTkigTNn5QeswInreKQ/c6rFPo1cJueSgcR H6ju1Z85i51Os/cIVgpzL0L/tu/GXdOY4SSTDPiOqyhfiz6a9a1yNz06yjTcI2bB6rS0 uIoulQRWUGSEHS8Jjfz7nYPRMSy3tYIh4SgwQdwm7KStFHvpTXyo1FpHrRhQJRfYwuPk dOfA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1683492630; x=1686084630; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=fj4Cwa1FfR4gzk+ewKq++0bZvgLwnWPlv9Zo1AIggic=; b=RQxHpPBOjudc6oJdMcM6Ka8EJWwklJSUcvKMNk9QeL9kGS1K/b+vgo7FT4Bz6o4IS9 S9S8phwAd0seb6yNEZF3sHyTlG0IIgzGDXWsulba/SW0YhnDNbsXRFakRaq46TTVQFQO tLuqPrLYKO/foYevkB8kaYQLE3micI/Ll2DCKkCfSjuADf52PqlbMst/3H05fStbrjr0 16AfmlcJpPdqDMbhab0XEgjZOf3TqOkLHLfI5B+PyDhhxz7bbCLy0Nrm37Qnk3uksex6 4+b//0UE+tNDk6MexuM//EIAQ8ryHo9BEsq1jwOkS39lInPXlfioD4m1TcauVZ0g0c2y 1K0g== X-Gm-Message-State: AC+VfDxwzaT4Vexe4QpuljzGDTbM79iOE8WlnXTFlLrilDC7cobobv+K cSgYgVTG9KShHttrojaowNcPRo9Ghq34nEu/VEs= X-Google-Smtp-Source: ACHHUZ7WuqOoAZI45kRRrxwm8uoquoKEzX447jvw8Kllv11Yd+5nnKWPN/NMfYng2jevJRIcecbCcA== X-Received: by 2002:a25:7788:0:b0:b67:3785:823c with SMTP id s130-20020a257788000000b00b673785823cmr11081505ybc.36.1683492630228; Sun, 07 May 2023 13:50:30 -0700 (PDT) Received: from mail-yb1-f177.google.com (mail-yb1-f177.google.com. [209.85.219.177]) by smtp.gmail.com with ESMTPSA id a81-20020a251a54000000b00b7767ca749esm1917858yba.59.2023.05.07.13.50.29 for (version=TLS1_3 cipher=TLS_AES_128_GCM_SHA256 bits=128/128); Sun, 07 May 2023 13:50:29 -0700 (PDT) Received: by mail-yb1-f177.google.com with SMTP id 3f1490d57ef6-b9d9dad9edfso5308386276.2 for ; Sun, 07 May 2023 13:50:29 -0700 (PDT) X-Received: by 2002:a25:688b:0:b0:b9a:6349:f3a with SMTP id d133-20020a25688b000000b00b9a63490f3amr8771150ybc.56.1683492629289; Sun, 07 May 2023 13:50:29 -0700 (PDT) List-Id: User questions List-Archive: https://lists.freebsd.org/archives/freebsd-questions List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-questions@freebsd.org X-BeenThere: freebsd-questions@freebsd.org MIME-Version: 1.0 References: <85ca379a-830d-897a-c2ed-240c9aca687a@Gmail.com> <4f1f9f93-47c2-6be9-b6dd-bcfd7e27a29f@Gmail.com> In-Reply-To: <4f1f9f93-47c2-6be9-b6dd-bcfd7e27a29f@Gmail.com> From: Tomek CEDRO Date: Sun, 7 May 2023 22:50:18 +0200 X-Gmail-Original-Message-ID: Message-ID: Subject: Re: no traffic from guest to host. guest can't get a dhcp response. ping says no route to host. To: Steven Friedrich Cc: FreeBSD Questions Mailing List Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 4QDxQJ1gchz4cKw X-Spamd-Bar: ---- X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US] X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-ThisMailContainsUnwantedMimeParts: N On Sun, May 7, 2023 at 5:44=E2=80=AFAM Steven Friedrich wrote: > In my /etc/rc.conf, i have: > cloned_interfaces=3D"bridge0" > ifconfig_bridge0=3D"addm re0" > where re0 is my network adapter on my host. > Are your lines the same? My rc.conf only has this part of vm-bhyve: vm_enable=3D"YES" vm_dir=3D"zfs:zroot/ztuff/vm/bhyve" Do not use rc.conf for vm-bhyve network configuration. The vm-bhyve configuration is stored under $vm_dir/.config/system.conf and mine is: switch_list=3D"public" type_public=3D"standard" ports_public=3D"em3" private_public=3D"no" This gives me network interface under vm. However, I use ipfw firewall in workstation mode that has quite strict filtering, this also affects vm network traffic, in rc.conf it is represented by: firewall_enable=3D"YES" firewall_type=3D"workstation" This is why I also need to disable packet filtering for bridge interfaces with these lines in /etc/sysctl.conf: sysctl net.link.bridge.ipfw=3D0 sysctl net.link.bridge.pfil_bridge=3D0 sysctl net.link.bridge.pfil_member=3D0 And this gives me packet moving also from/into the vm network. If you want to know meaning of the specific sysctl use -d switch: % sysctl -d sysctl net.link.bridge.ipfw sysctl: Sysctl internal magic sysctl.name: sysctl.next: sysctl.name2oid: sysctl.oidfmt: sysctl.oiddescr: sysctl.oidlabel: sysctl.nextnoskip: net.link.bridge.ipfw: Layer2 filter with IPFW % sysctl -d sysctl net.link.bridge.pfil_bridge sysctl: Sysctl internal magic sysctl.name: sysctl.next: sysctl.name2oid: sysctl.oidfmt: sysctl.oiddescr: sysctl.oidlabel: sysctl.nextnoskip: net.link.bridge.pfil_bridge: Packet filter on the bridge interface % sysctl -d sysctl net.link.bridge.pfil_member sysctl: Sysctl internal magic sysctl.name: sysctl.next: sysctl.name2oid: sysctl.oidfmt: sysctl.oiddescr: sysctl.oidlabel: sysctl.nextnoskip: net.link.bridge.pfil_member: Packet filter on the member interface I had to clean all configuration and restart from start several times at first until I got this working. Focus on the `man vm` and perform steps described from start (description, basic setup, zfs, quickstart) until things are working :-) Hope that helps :-) --=20 CeDeROM, SQ7MHZ, http://www.tomek.cedro.info