Date: Sun, 25 Oct 2020 13:32:57 -0400 From: D'Arcy Cain <darcy@druid.net> To: freebsd-net@freebsd.org Subject: Bridge woes Message-ID: <c955de31-6ea9-318b-d5c7-fcfcb4463b03@druid.net>
next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--ukcHSk4yT6xuriUcua6QNe4HII3hchC7M
Content-Type: multipart/mixed; boundary="fQk8NWtQjQ1W8YzL5tsFMbvjcPRQJR0cH";
protected-headers="v1"
From: D'Arcy Cain <darcy@druid.net>
To: freebsd-net@freebsd.org
Message-ID: <c955de31-6ea9-318b-d5c7-fcfcb4463b03@druid.net>
Subject: Bridge woes
--fQk8NWtQjQ1W8YzL5tsFMbvjcPRQJR0cH
Content-Type: multipart/mixed;
boundary="------------6F0C35D91F48B55915269250"
Content-Language: en-US
This is a multi-part message in MIME format.
--------------6F0C35D91F48B55915269250
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: quoted-printable
I have been trying to solve this problem for a week now. I have been=20
emailing the virtualization list (Re: When is a switch not a switch?)=20
because it had to do with vm-bhyve but now I am wondering if it is someth=
ing=20
else. Maybe some of the network experts here can help.
Basically I have the following in my rc.conf:
set -- $(/sbin/ifconfig -l ether); eth0=3D$1 eth1=3D$2
eval "ifconfig_${eth0}_name=3D\"eth0\"" # Public facing network
eval "ifconfig_${eth1}_name=3D\"eth1\"" # Private network
ifconfig_eth0=3D"inet 0x629e8b${me}/27"
ifconfig_eth0_ipv6=3D"inet6 2605:2600:1001::${me}/64"
ifconfig_eth1=3D"inet 0xc0a897${me}/24"
ifconfig_eth1_ipv6=3D"inet6 fc00:97:97::${me}/64"
vm_enable=3D"YES"
vm_dir=3D"zfs:zroot/VM"
vm_delay=3D"5"
Everything there does what it is supposed to do. In rc.local I do this:
sysctl -w net.inet.ip.forwarding=3D1
sysctl -w net.inet6.ip6.forwarding=3D1
vm switch create public
vm switch add public eth0
vm switch create private
vm switch add private eth1
I know that I can put those sysctls in /etc/sysctl.conf but I have reason=
s=20
for doing it this way.
So far so good. I then fire up a VM by running "vm install". I haven't =
been able to get an actual working system yet due to the following proble=
,
In the VM I set an IP address on the same network as the host:
vtnet0: flags=3D8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> m=
etric=20
0 mtu 1500
options=3D80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
ether 22:22:22:22:22:41
inet 98.158.139.71 netmask 0xffffffe0 broadcast 98.158.139.95
media: Ethernet 10Gbase-T <full-duplex>
status: active
nd6 options=3D29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
I set up /etc/resolv.conf and default routes as expected. At that point =
I=20
can ping any IP address on my internal network as well as any ICMP friend=
ly=20
sites anywhere on the Internet. However, I can't make a TCP connection t=
o=20
anywhere except to the host or, for some odd reason, one other host on my=
=20
network.
I have tried putting the public IP on the bridge but other than complicat=
ing=20
my startup scripts it acts exactly the same.
Can anyone make any sense out of this?
--=20
D'Arcy J.M. Cain <darcy@druid.net> | Democracy is three wolves
http://www.druid.net/darcy/ | and a sheep voting on
+1 416 788 2246 (DoD#0082) (eNTP) | what's for dinner.
IM: darcy@VybeNetworks.com, VoIP: sip:darcy@druid.net
Disclaimer: By sending an email to ANY of my addresses you
are agreeing that:
1. I am by definition, "the intended recipient".
2. All information in the email is mine to do with as I see
fit and make such financial profit, political mileage, or
good joke as it lends itself to. In particular, I may quote
it where I please.
3. I may take the contents as representing the views of
your company if I so wish.
4. This overrides any disclaimer or statement of
confidentiality that may be included or implied in
your message.
--------------6F0C35D91F48B55915269250--
--fQk8NWtQjQ1W8YzL5tsFMbvjcPRQJR0cH--
--ukcHSk4yT6xuriUcua6QNe4HII3hchC7M
Content-Type: application/pgp-signature; name="OpenPGP_signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="OpenPGP_signature"
-----BEGIN PGP SIGNATURE-----
wnsEABYIACMWIQSQJTNYM0vv3aTmBCs/5DDweYZnXQUCX5W2yQUDAAAAAAAKCRA/5DDweYZnXdEG
AP9GlxiggFNri6oBE96vY+trpzp7G9frbO5QhRTJ+CeLcAD9Fdf1c/gFlExyfDoIhhdjwLD6tdiR
EuH8+kcG0sGLUAY=
=BK6y
-----END PGP SIGNATURE-----
--ukcHSk4yT6xuriUcua6QNe4HII3hchC7M--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?c955de31-6ea9-318b-d5c7-fcfcb4463b03>