Hi,
I'm testing bhyve.
I moved VM from VirtualBox and successully run it usunig mainly Handbook: https://www.freebsd.org/doc/handbook/virtualization-host-bhyve.html and Wiki: https://wiki.freebsd.org/bhyve
Generally works, but I have a question about firewall. To get network working in the guest I had to reconfigure firewall on host:
I found that all packet goes by 3 interfaces: tap0 <-> bridge0 <-> lagg0
Is it normal?
How to avaoid filtering these packets?
How to configure firewall to pass DHCP to VM?
At configuration stage I've made:
An then run the VM:
Now I have on host:
At guest:
Both IPs, host_ip and guest_ip, are in the same subnet.
As I said at the beginning: generally works, but the rules in host firewall are necessary
I'm testing bhyve.
I moved VM from VirtualBox and successully run it usunig mainly Handbook: https://www.freebsd.org/doc/handbook/virtualization-host-bhyve.html and Wiki: https://wiki.freebsd.org/bhyve
Generally works, but I have a question about firewall. To get network working in the guest I had to reconfigure firewall on host:
Code:
ipfw add 20 allow ip from guest_ip to any
ipfw add 20 allow ip from any to guest_ipI found that all packet goes by 3 interfaces: tap0 <-> bridge0 <-> lagg0
Is it normal?
How to avaoid filtering these packets?
How to configure firewall to pass DHCP to VM?
At configuration stage I've made:
Code:
# ifconfig tap0 create
# sysctl net.link.tap.up_on_open=1
net.link.tap.up_on_open: 0 -> 1
# ifconfig bridge0 create
# ifconfig bridge0 addm lagg0 addm tap0
# ifconfig bridge0 upAn then run the VM:
Code:
grub-bhyve -m ubuntu_server_3.map -r hd0,msdos1 -M 16G ubuntu_server_3
bhyve -A -H -P -s 0:0,hostbridge -s 1:0,lpc -s 2:0,virtio-net,tap0 -s 3:0,virtio-blk,./ubuntu_server_3.raw -l com1,/dev/nmdm0A -c 16 -m 16G ubuntu_server_3 &Now I have on host:
Code:
lagg0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=a500b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6>
ether 00:25:90:ca:5e:14
inet host_ip netmask 0xffffff00 broadcast xxxx
laggproto failover lagghash l2,l3,l4
laggport: igb0 flags=5<MASTER,ACTIVE>
laggport: igb1 flags=0<>
groups: lagg
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=80000<LINKSTATE>
ether 00:bd:f3:1e:f7:00
groups: tap
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Opened by PID 75860
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:21:cd:90:56:00
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 5 priority 128 path cost 55
member: lagg0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 4 priority 128 path cost 20000
groups: bridge
nd6 options=9<PERFORMNUD,IFDISABLED>At guest:
Code:
enp0s2 Link encap:Ethernet HWaddr 00:a0:98:24:87:d4
inet addr:guest_ip Bcast:xxxx Mask:255.255.255.0
inet6 addr: fe80::2a0:98ff:fe24:87d4/64 Scope:Link
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:66146 errors:0 dropped:0 overruns:0 frame:0
TX packets:385 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:4015991 (4.0 MB) TX bytes:45631 (45.6 KB)Both IPs, host_ip and guest_ip, are in the same subnet.
As I said at the beginning: generally works, but the rules in host firewall are necessary
