Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 Jul 2024 18:23:16 +0300
From:      Odhiambo Washington <odhiambo@gmail.com>
To:        FreeBSD virtualization <freebsd-virtualization@freebsd.org>
Subject:   Re: Suddenly unable to access VMs
Message-ID:  <CAAdA2WPp=nnRwMrsnyBPeBHmKqxERK_GzGDGAYjsbgPEJ1YNMw@mail.gmail.com>
In-Reply-To: <202407111449.46BEnLoP051380@gndrsh.dnsmgr.net>
References:  <CAAdA2WMaO8PPnFErZa0gcN-VPD6My4RtJB3u27BYi=8CWMZK=A@mail.gmail.com> <202407111449.46BEnLoP051380@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help 

[-- Attachment #1 --]
On Thu, Jul 11, 2024 at 5:49 PM Rodney W. Grimes <
freebsd-rwg@gndrsh.dnsmgr.net> wrote:

> > My bhyve VMs have been all fine until now.
> > I can't ping them and can't SSH into them. However, I can connect to them
> > with VNCViewer from a remote host (my PC from my house) :-(
> >
> > I haven't done any changes on the host at all.
> > dnsmasq is running, but seems like the VMs aren't getting the IPs for
> some
> > reason.
> >
> > ```
> > cloned_interfaces="bridge0 tap0 tap1 tap2 tap3 tap4 tap5"
> > ifconfig_bridge0_name="vmbridge"
> > ifconfig_vmbridge="addm em1 addm tap0 addm tap1 addm tap2 addm tap3 addm
> > tap4 addm tap5 up"
> > ifconfig_vmbridge_alias0="inet 172.16.0.1 netmask 255.255.255.0"
> > ```
> > What might have happened?
> >
> >
> > root@gw:/home/wash # ifconfig vmbridge
> > vmbridge: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP>
> > metric 0 mtu 1500
> >         options=0
> >         ether 58:9c:fc:10:df:1d
> >         inet 172.16.0.1 netmask 0xffffff00 broadcast 172.16.0.255
> >         id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
> >         maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
> >         root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
> >         member: tap5 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> >                 ifmaxaddr 0 port 10 priority 128 path cost 2000000
> >         member: tap4 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> >                 ifmaxaddr 0 port 9 priority 128 path cost 2000000
> >         member: tap3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> >                 ifmaxaddr 0 port 8 priority 128 path cost 2000000
> >         member: tap2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> >                 ifmaxaddr 0 port 7 priority 128 path cost 2000000
> >         member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> >                 ifmaxaddr 0 port 6 priority 128 path cost 2000000
> >         member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> >                 ifmaxaddr 0 port 5 priority 128 path cost 2000000
> >         member: em1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> >                 ifmaxaddr 0 port 2 priority 128 path cost 55
> >         groups: bridge
> >         nd6 options=9<PERFORMNUD,IFDISABLED>
> > root@gw:/home/wash # ssh 172.16.0.99
> > ssh: connect to host 172.16.0.99 port 22: Permission denied
> > root@gw:/home/wash # ssh 172.16.0.100
> > ssh: connect to host 172.16.0.100 port 22: Permission denied
> > root@gw:/home/wash # ping 172.16.0.100
> > PING 172.16.0.100 (172.16.0.100): 56 data bytes
> > ping: sendto: Permission denied
> > ping: sendto: Permission denied
> > ping: sendto: Permission denied
> > ping: sendto: Permission denied
> > ^C
> > --- 172.16.0.100 ping statistics ---
> > 4 packets transmitted, 0 packets received, 100.0% packet loss
> > root@gw:/home/wash # ping 172.16.0.99
> > PING 172.16.0.99 (172.16.0.99): 56 data bytes
> > ping: sendto: Permission denied
> > ping: sendto: Permission denied
> > ping: sendto: Permission denied
> > ^C
> > --- 172.16.0.99 ping statistics ---
> > 3 packets transmitted, 0 packets received, 100.0% packet loss
> > root@gw:/home/wash # service dnsmasq status
> > dnsmasq is running as pid 4190.
> > root@gw:/home/wash #
>
> Permission denied is almost certainly coming from firewall,
> either ipfw or pf.
>

I haven't changed anything in my pf.conf either.
What also baffles me is that the VMs are not obtaining IP addresses from
dnsmasq.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' ¯\_(ツ)_/¯ :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

[-- Attachment #2 --]
<div dir="ltr"><div dir="ltr"><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Thu, Jul 11, 2024 at 5:49 PM Rodney W. Grimes &lt;<a href="mailto:freebsd-rwg@gndrsh.dnsmgr.net">freebsd-rwg@gndrsh.dnsmgr.net</a>&gt; wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">&gt; My bhyve VMs have been all fine until now.<br>
&gt; I can&#39;t ping them and can&#39;t SSH into them. However, I can connect to them<br>
&gt; with VNCViewer from a remote host (my PC from my house) :-(<br>
&gt; <br>
&gt; I haven&#39;t done any changes on the host at all.<br>
&gt; dnsmasq is running, but seems like the VMs aren&#39;t getting the IPs for some<br>
&gt; reason.<br>
&gt; <br>
&gt; ```<br>
&gt; cloned_interfaces=&quot;bridge0 tap0 tap1 tap2 tap3 tap4 tap5&quot;<br>
&gt; ifconfig_bridge0_name=&quot;vmbridge&quot;<br>
&gt; ifconfig_vmbridge=&quot;addm em1 addm tap0 addm tap1 addm tap2 addm tap3 addm<br>
&gt; tap4 addm tap5 up&quot;<br>
&gt; ifconfig_vmbridge_alias0=&quot;inet 172.16.0.1 netmask 255.255.255.0&quot;<br>
&gt; ```<br>
&gt; What might have happened?<br>
&gt; <br>
&gt; <br>
&gt; root@gw:/home/wash # ifconfig vmbridge<br>
&gt; vmbridge: flags=1008843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP&gt;<br>
&gt; metric 0 mtu 1500<br>
&gt;         options=0<br>
&gt;         ether 58:9c:fc:10:df:1d<br>
&gt;         inet 172.16.0.1 netmask 0xffffff00 broadcast 172.16.0.255<br>
&gt;         id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15<br>
&gt;         maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200<br>
&gt;         root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0<br>
&gt;         member: tap5 flags=143&lt;LEARNING,DISCOVER,AUTOEDGE,AUTOPTP&gt;<br>
&gt;                 ifmaxaddr 0 port 10 priority 128 path cost 2000000<br>
&gt;         member: tap4 flags=143&lt;LEARNING,DISCOVER,AUTOEDGE,AUTOPTP&gt;<br>
&gt;                 ifmaxaddr 0 port 9 priority 128 path cost 2000000<br>
&gt;         member: tap3 flags=143&lt;LEARNING,DISCOVER,AUTOEDGE,AUTOPTP&gt;<br>
&gt;                 ifmaxaddr 0 port 8 priority 128 path cost 2000000<br>
&gt;         member: tap2 flags=143&lt;LEARNING,DISCOVER,AUTOEDGE,AUTOPTP&gt;<br>
&gt;                 ifmaxaddr 0 port 7 priority 128 path cost 2000000<br>
&gt;         member: tap1 flags=143&lt;LEARNING,DISCOVER,AUTOEDGE,AUTOPTP&gt;<br>
&gt;                 ifmaxaddr 0 port 6 priority 128 path cost 2000000<br>
&gt;         member: tap0 flags=143&lt;LEARNING,DISCOVER,AUTOEDGE,AUTOPTP&gt;<br>
&gt;                 ifmaxaddr 0 port 5 priority 128 path cost 2000000<br>
&gt;         member: em1 flags=143&lt;LEARNING,DISCOVER,AUTOEDGE,AUTOPTP&gt;<br>
&gt;                 ifmaxaddr 0 port 2 priority 128 path cost 55<br>
&gt;         groups: bridge<br>
&gt;         nd6 options=9&lt;PERFORMNUD,IFDISABLED&gt;<br>
&gt; root@gw:/home/wash # ssh 172.16.0.99<br>
&gt; ssh: connect to host 172.16.0.99 port 22: Permission denied<br>
&gt; root@gw:/home/wash # ssh 172.16.0.100<br>
&gt; ssh: connect to host 172.16.0.100 port 22: Permission denied<br>
&gt; root@gw:/home/wash # ping 172.16.0.100<br>
&gt; PING 172.16.0.100 (172.16.0.100): 56 data bytes<br>
&gt; ping: sendto: Permission denied<br>
&gt; ping: sendto: Permission denied<br>
&gt; ping: sendto: Permission denied<br>
&gt; ping: sendto: Permission denied<br>
&gt; ^C<br>
&gt; --- 172.16.0.100 ping statistics ---<br>
&gt; 4 packets transmitted, 0 packets received, 100.0% packet loss<br>
&gt; root@gw:/home/wash # ping 172.16.0.99<br>
&gt; PING 172.16.0.99 (172.16.0.99): 56 data bytes<br>
&gt; ping: sendto: Permission denied<br>
&gt; ping: sendto: Permission denied<br>
&gt; ping: sendto: Permission denied<br>
&gt; ^C<br>
&gt; --- 172.16.0.99 ping statistics ---<br>
&gt; 3 packets transmitted, 0 packets received, 100.0% packet loss<br>
&gt; root@gw:/home/wash # service dnsmasq status<br>
&gt; dnsmasq is running as pid 4190.<br>
&gt; root@gw:/home/wash #<br>
<br>
Permission denied is almost certainly coming from firewall,<br>
either ipfw or pf.<br></blockquote><div><br></div><div>I haven&#39;t changed anything in my pf.conf either.</div><div>What also baffles me is that the VMs are not obtaining IP addresses from dnsmasq. </div></div><br><div><br></div><span class="gmail_signature_prefix">-- </span><br><div dir="ltr" class="gmail_signature"><div dir="ltr"><div dir="ltr"><div>Best regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004/+254 7 2274 3223</div><div><span style="color:rgb(34,34,34)"> In </span><span style="color:rgb(34,34,34)">an Internet failure case, the #1 suspect is a constant: DNS.</span><br>&quot;<span style="font-size:12.8px">Oh, the cruft.</span><span style="font-size:12.8px">&quot;, </span><span style="font-size:12.8px">egrep -v &#39;^$|^.*#&#39; </span><span style="background-color:rgb(34,34,34);color:rgb(238,238,238);font-family:&quot;Lucida Console&quot;,Consolas,&quot;Courier New&quot;,monospace;font-size:13.6px">¯\_(ツ)_/¯</span><span style="font-size:12.8px"> :-)</span></div><div><span style="font-size:12.8px">[How to ask smart questions: </span><span style="font-size:12.8px"><a href="http://www.catb.org/~esr/faqs/smart-questions.html" target="_blank">http://www.catb.org/~esr/faqs/smart-questions.html</a>]</span></div></div></div></div></div>;

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAdA2WPp=nnRwMrsnyBPeBHmKqxERK_GzGDGAYjsbgPEJ1YNMw>