How to assign public IP to a bhyve virtual instance?


I'm trying to figure out to assign a real IP address to a bhyve vm running Ubuntu. (Real IP address means a public facing IP address assigned by the provider.)

I add:

vm switch add public em0

Then, I should omit:
   ifconfig_igb0_alias0=" netmask n.n.n.n"
in the rc.conf

and just set the IP address within the virtual machine.

Is this the right way to do it?

I don't want any internal IP to be inside the virtual machine.
I've configured my VM as described above.

The VM is responding to incoming pings.

However, traffic can't go out. I can't do any ping to external servers and I can't resolve any DNS (host and nslookup does not work) from within the VM. curl does not work either.

My firewall settings are:
pass in quick on igb0 inet proto {tcp,udp,icmp} from any to
pass out quick on igb0 inet proto {tcp,udp,icmp} from to any
block drop log all
pass in on bridge0 keep state
pass out on bridge0 keep state
Please note that I've removed this line from rc.conf:
ifconfig_igb0_alias0=" netmask n.n.n.n"
(It does not show up when I do a ifconfig -a)

I'm trying to understand whether pf (firewall) has control over this IP address ( because it is not configured as an ifconfig_igb0_alias0 and does not show up in ifconfig -a. Do I actually need to configure pf for a bhyve vm which uses the IP address directly?

More info:
# vm switch list
NAME            TYPE       IDENT       VLAN      NAT          PORTS
public          auto       bridge0     -         -            igb0

# vm switch info
Virtual Switch: public
  type: auto
  ident: bridge0
  vlan: -
  nat: -
  physical-ports: igb0
  bytes-in: 114468 (111.785K)
  bytes-out: 3177041 (3.029M)
Anyone could help me resolve my problem would be very much appreciated. I need all incoming and outgoing traffic to be opened (just like there is no firewall). Thanks!
Turns out that I had to add:
pass in on tap0 keep state
pass out on tap0 keep state
and everything is working now.
With just the above configuration, I realize that it wont' accept incoming traffic.

I have to add:

pass in quick on igb0 inet proto {tcp,udp} from any to17.28.44.219
pass out quick on igb0 inet proto {tcp,udp} from17.28.44.219 to any
I have a question:

It works whether or not I add:
ifconfig_igb0_alias0=" netmask n.n.n.n"

What is the difference? Should i add this for a public IP address assigned to a bhyve vm?
No, you do not want to add that IP address to the host. That will cause an IP conflict as the VM and the host will try to use the same IP address. View a VM as you would a separate machine (which it is), consider what would happen if two different machines on the same network have the same IP address.
I'm trying to figure out to assign a real IP address to a bhyve vm running Ubuntu.

You do realize your VM will be open to the entire world, I'm sure. All my VMs are on a private IP and I only NAT whatever port I need from pfSense - also a VM.