Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 11 Jul 2024 18:23:16 +0300
From:      Odhiambo Washington <odhiambo@gmail.com>
To:        FreeBSD virtualization <freebsd-virtualization@freebsd.org>
Subject:   Re: Suddenly unable to access VMs
Message-ID:  <CAAdA2WPp=nnRwMrsnyBPeBHmKqxERK_GzGDGAYjsbgPEJ1YNMw@mail.gmail.com>
In-Reply-To: <202407111449.46BEnLoP051380@gndrsh.dnsmgr.net>
References:  <CAAdA2WMaO8PPnFErZa0gcN-VPD6My4RtJB3u27BYi=8CWMZK=A@mail.gmail.com> <202407111449.46BEnLoP051380@gndrsh.dnsmgr.net>
next in thread | previous in thread | raw e-mail | index | archive | help 
--000000000000ba9175061cfa59a0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

On Thu, Jul 11, 2024 at 5:49=E2=80=AFPM Rodney W. Grimes <
freebsd-rwg@gndrsh.dnsmgr.net> wrote:

> > My bhyve VMs have been all fine until now.
> > I can't ping them and can't SSH into them. However, I can connect to th=
em
> > with VNCViewer from a remote host (my PC from my house) :-(
> >
> > I haven't done any changes on the host at all.
> > dnsmasq is running, but seems like the VMs aren't getting the IPs for
> some
> > reason.
> >
> > ```
> > cloned_interfaces=3D"bridge0 tap0 tap1 tap2 tap3 tap4 tap5"
> > ifconfig_bridge0_name=3D"vmbridge"
> > ifconfig_vmbridge=3D"addm em1 addm tap0 addm tap1 addm tap2 addm tap3 a=
ddm
> > tap4 addm tap5 up"
> > ifconfig_vmbridge_alias0=3D"inet 172.16.0.1 netmask 255.255.255.0"
> > ```
> > What might have happened?
> >
> >
> > root@gw:/home/wash # ifconfig vmbridge
> > vmbridge: flags=3D1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_=
UP>
> > metric 0 mtu 1500
> >         options=3D0
> >         ether 58:9c:fc:10:df:1d
> >         inet 172.16.0.1 netmask 0xffffff00 broadcast 172.16.0.255
> >         id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
> >         maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
> >         root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
> >         member: tap5 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> >                 ifmaxaddr 0 port 10 priority 128 path cost 2000000
> >         member: tap4 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> >                 ifmaxaddr 0 port 9 priority 128 path cost 2000000
> >         member: tap3 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> >                 ifmaxaddr 0 port 8 priority 128 path cost 2000000
> >         member: tap2 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> >                 ifmaxaddr 0 port 7 priority 128 path cost 2000000
> >         member: tap1 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> >                 ifmaxaddr 0 port 6 priority 128 path cost 2000000
> >         member: tap0 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> >                 ifmaxaddr 0 port 5 priority 128 path cost 2000000
> >         member: em1 flags=3D143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
> >                 ifmaxaddr 0 port 2 priority 128 path cost 55
> >         groups: bridge
> >         nd6 options=3D9<PERFORMNUD,IFDISABLED>
> > root@gw:/home/wash # ssh 172.16.0.99
> > ssh: connect to host 172.16.0.99 port 22: Permission denied
> > root@gw:/home/wash # ssh 172.16.0.100
> > ssh: connect to host 172.16.0.100 port 22: Permission denied
> > root@gw:/home/wash # ping 172.16.0.100
> > PING 172.16.0.100 (172.16.0.100): 56 data bytes
> > ping: sendto: Permission denied
> > ping: sendto: Permission denied
> > ping: sendto: Permission denied
> > ping: sendto: Permission denied
> > ^C
> > --- 172.16.0.100 ping statistics ---
> > 4 packets transmitted, 0 packets received, 100.0% packet loss
> > root@gw:/home/wash # ping 172.16.0.99
> > PING 172.16.0.99 (172.16.0.99): 56 data bytes
> > ping: sendto: Permission denied
> > ping: sendto: Permission denied
> > ping: sendto: Permission denied
> > ^C
> > --- 172.16.0.99 ping statistics ---
> > 3 packets transmitted, 0 packets received, 100.0% packet loss
> > root@gw:/home/wash # service dnsmasq status
> > dnsmasq is running as pid 4190.
> > root@gw:/home/wash #
>
> Permission denied is almost certainly coming from firewall,
> either ipfw or pf.
>

I haven't changed anything in my pf.conf either.
What also baffles me is that the VMs are not obtaining IP addresses from
dnsmasq.


--=20
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
 In an Internet failure case, the #1 suspect is a constant: DNS.
"Oh, the cruft.", egrep -v '^$|^.*#' =C2=AF\_(=E3=83=84)_/=C2=AF :-)
[How to ask smart questions:
http://www.catb.org/~esr/faqs/smart-questions.html]

--000000000000ba9175061cfa59a0
Content-Type: text/html; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div dir=3D"ltr"><br></div><br><div class=3D"gmail_quote">=
<div dir=3D"ltr" class=3D"gmail_attr">On Thu, Jul 11, 2024 at 5:49=E2=80=AF=
PM Rodney W. Grimes &lt;<a href=3D"mailto:freebsd-rwg@gndrsh.dnsmgr.net">fr=
eebsd-rwg@gndrsh.dnsmgr.net</a>&gt; wrote:<br></div><blockquote class=3D"gm=
ail_quote" style=3D"margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,=
204,204);padding-left:1ex">&gt; My bhyve VMs have been all fine until now.<=
br>
&gt; I can&#39;t ping them and can&#39;t SSH into them. However, I can conn=
ect to them<br>
&gt; with VNCViewer from a remote host (my PC from my house) :-(<br>
&gt; <br>
&gt; I haven&#39;t done any changes on the host at all.<br>
&gt; dnsmasq is running, but seems like the VMs aren&#39;t getting the IPs =
for some<br>
&gt; reason.<br>
&gt; <br>
&gt; ```<br>
&gt; cloned_interfaces=3D&quot;bridge0 tap0 tap1 tap2 tap3 tap4 tap5&quot;<=
br>
&gt; ifconfig_bridge0_name=3D&quot;vmbridge&quot;<br>
&gt; ifconfig_vmbridge=3D&quot;addm em1 addm tap0 addm tap1 addm tap2 addm =
tap3 addm<br>
&gt; tap4 addm tap5 up&quot;<br>
&gt; ifconfig_vmbridge_alias0=3D&quot;inet 172.16.0.1 netmask 255.255.255.0=
&quot;<br>
&gt; ```<br>
&gt; What might have happened?<br>
&gt; <br>
&gt; <br>
&gt; root@gw:/home/wash # ifconfig vmbridge<br>
&gt; vmbridge: flags=3D1008843&lt;UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LO=
WER_UP&gt;<br>
&gt; metric 0 mtu 1500<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0options=3D0<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ether 58:9c:fc:10:df:1d<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0inet 172.16.0.1 netmask 0xffffff00 br=
oadcast 172.16.0.255<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0id 00:00:00:00:00:00 priority 32768 h=
ellotime 2 fwddelay 15<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0maxage 20 holdcnt 6 proto rstp maxadd=
r 2000 timeout 1200<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0root id 00:00:00:00:00:00 priority 32=
768 ifcost 0 port 0<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0member: tap5 flags=3D143&lt;LEARNING,=
DISCOVER,AUTOEDGE,AUTOPTP&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ifmaxaddr=
 0 port 10 priority 128 path cost 2000000<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0member: tap4 flags=3D143&lt;LEARNING,=
DISCOVER,AUTOEDGE,AUTOPTP&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ifmaxaddr=
 0 port 9 priority 128 path cost 2000000<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0member: tap3 flags=3D143&lt;LEARNING,=
DISCOVER,AUTOEDGE,AUTOPTP&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ifmaxaddr=
 0 port 8 priority 128 path cost 2000000<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0member: tap2 flags=3D143&lt;LEARNING,=
DISCOVER,AUTOEDGE,AUTOPTP&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ifmaxaddr=
 0 port 7 priority 128 path cost 2000000<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0member: tap1 flags=3D143&lt;LEARNING,=
DISCOVER,AUTOEDGE,AUTOPTP&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ifmaxaddr=
 0 port 6 priority 128 path cost 2000000<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0member: tap0 flags=3D143&lt;LEARNING,=
DISCOVER,AUTOEDGE,AUTOPTP&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ifmaxaddr=
 0 port 5 priority 128 path cost 2000000<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0member: em1 flags=3D143&lt;LEARNING,D=
ISCOVER,AUTOEDGE,AUTOPTP&gt;<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0ifmaxaddr=
 0 port 2 priority 128 path cost 55<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0groups: bridge<br>
&gt;=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0nd6 options=3D9&lt;PERFORMNUD,IFDISAB=
LED&gt;<br>
&gt; root@gw:/home/wash # ssh 172.16.0.99<br>
&gt; ssh: connect to host 172.16.0.99 port 22: Permission denied<br>
&gt; root@gw:/home/wash # ssh 172.16.0.100<br>
&gt; ssh: connect to host 172.16.0.100 port 22: Permission denied<br>
&gt; root@gw:/home/wash # ping 172.16.0.100<br>
&gt; PING 172.16.0.100 (172.16.0.100): 56 data bytes<br>
&gt; ping: sendto: Permission denied<br>
&gt; ping: sendto: Permission denied<br>
&gt; ping: sendto: Permission denied<br>
&gt; ping: sendto: Permission denied<br>
&gt; ^C<br>
&gt; --- 172.16.0.100 ping statistics ---<br>
&gt; 4 packets transmitted, 0 packets received, 100.0% packet loss<br>
&gt; root@gw:/home/wash # ping 172.16.0.99<br>
&gt; PING 172.16.0.99 (172.16.0.99): 56 data bytes<br>
&gt; ping: sendto: Permission denied<br>
&gt; ping: sendto: Permission denied<br>
&gt; ping: sendto: Permission denied<br>
&gt; ^C<br>
&gt; --- 172.16.0.99 ping statistics ---<br>
&gt; 3 packets transmitted, 0 packets received, 100.0% packet loss<br>
&gt; root@gw:/home/wash # service dnsmasq status<br>
&gt; dnsmasq is running as pid 4190.<br>
&gt; root@gw:/home/wash #<br>
<br>
Permission denied is almost certainly coming from firewall,<br>
either ipfw or pf.<br></blockquote><div><br></div><div>I haven&#39;t change=
d anything in my pf.conf either.</div><div>What also baffles me is that the=
 VMs are not obtaining IP addresses from dnsmasq.=C2=A0</div></div><br><div=
><br></div><span class=3D"gmail_signature_prefix">-- </span><br><div dir=3D=
"ltr" class=3D"gmail_signature"><div dir=3D"ltr"><div dir=3D"ltr"><div>Best=
 regards,<br>Odhiambo WASHINGTON,<br>Nairobi,KE<br>+254 7 3200 0004/+254 7 =
2274 3223</div><div><span style=3D"color:rgb(34,34,34)">=C2=A0In=C2=A0</spa=
n><span style=3D"color:rgb(34,34,34)">an Internet failure case, the #1 susp=
ect is a constant: DNS.</span><br>&quot;<span style=3D"font-size:12.8px">Oh=
, the cruft.</span><span style=3D"font-size:12.8px">&quot;,=C2=A0</span><sp=
an style=3D"font-size:12.8px">egrep -v &#39;^$|^.*#&#39;=C2=A0</span><span =
style=3D"background-color:rgb(34,34,34);color:rgb(238,238,238);font-family:=
&quot;Lucida Console&quot;,Consolas,&quot;Courier New&quot;,monospace;font-=
size:13.6px">=C2=AF\_(=E3=83=84)_/=C2=AF</span><span style=3D"font-size:12.=
8px">=C2=A0:-)</span></div><div><span style=3D"font-size:12.8px">[How to as=
k smart questions:=C2=A0</span><span style=3D"font-size:12.8px"><a href=3D"=
http://www.catb.org/~esr/faqs/smart-questions.html" target=3D"_blank">http:=
//www.catb.org/~esr/faqs/smart-questions.html</a>]</span></div></div></div>=
</div></div>

--000000000000ba9175061cfa59a0--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAAdA2WPp=nnRwMrsnyBPeBHmKqxERK_GzGDGAYjsbgPEJ1YNMw>