How to assign public IP to a bhyve virtual instance?

ikevin8me

Member


Messages: 54

Hi,

I'm trying to figure out to assign a real IP address to a bhyve vm running Ubuntu. (Real IP address means a public facing IP address assigned by the provider.)

I add:

vm switch add public em0

Then, I should omit:
Code:
   ifconfig_igb0_alias0="17.28.44.219 netmask n.n.n.n"
in the rc.conf

and just set the IP address within the virtual machine.

Is this the right way to do it?

I don't want any internal IP to be inside the virtual machine.
 
OP
OP
I

ikevin8me

Member


Messages: 54

I've configured my VM as described above.

The VM is responding to incoming pings.

However, traffic can't go out. I can't do any ping to external servers and I can't resolve any DNS (host and nslookup does not work) from within the VM. curl does not work either.

My firewall settings are:
Code:
pass in quick on igb0 inet proto {tcp,udp,icmp} from any to 17.28.44.219
pass out quick on igb0 inet proto {tcp,udp,icmp} from 17.28.44.219 to any
block drop log all
pass in on bridge0 keep state
pass out on bridge0 keep state
Please note that I've removed this line from rc.conf:
Code:
ifconfig_igb0_alias0="17.28.44.219 netmask n.n.n.n"
(It does not show up when I do a ifconfig -a)

I'm trying to understand whether pf (firewall) has control over this IP address (17.28.44.219) because it is not configured as an ifconfig_igb0_alias0 and does not show up in ifconfig -a. Do I actually need to configure pf for a bhyve vm which uses the IP address directly?

More info:
Code:
# vm switch list
NAME            TYPE       IDENT       VLAN      NAT          PORTS
public          auto       bridge0     -         -            igb0

# vm switch info
------------------------
Virtual Switch: public
------------------------
  type: auto
  ident: bridge0
  vlan: -
  nat: -
  physical-ports: igb0
  bytes-in: 114468 (111.785K)
  bytes-out: 3177041 (3.029M)
Anyone could help me resolve my problem would be very much appreciated. I need all incoming and outgoing traffic to be opened (just like there is no firewall). Thanks!
 
OP
OP
I

ikevin8me

Member


Messages: 54

Turns out that I had to add:
Code:
pass in on tap0 keep state
pass out on tap0 keep state
and everything is working now.
 
OP
OP
I

ikevin8me

Member


Messages: 54

With just the above configuration, I realize that it wont' accept incoming traffic.

I have to add:

pass in quick on igb0 inet proto {tcp,udp} from any to17.28.44.219
pass out quick on igb0 inet proto {tcp,udp} from17.28.44.219 to any
 
OP
OP
I

ikevin8me

Member


Messages: 54

I have a question:

It works whether or not I add:
ifconfig_igb0_alias0="17.28.44.219 netmask n.n.n.n"

What is the difference? Should i add this for a public IP address assigned to a bhyve vm?
 

SirDice

Administrator
Staff member
Administrator
Moderator

Reaction score: 7,277
Messages: 29,707

No, you do not want to add that IP address to the host. That will cause an IP conflict as the VM and the host will try to use the same IP address. View a VM as you would a separate machine (which it is), consider what would happen if two different machines on the same network have the same IP address.
 

al mello

Member

Reaction score: 2
Messages: 38

I'm trying to figure out to assign a real IP address to a bhyve vm running Ubuntu.
You do realize your VM will be open to the entire world, I'm sure. All my VMs are on a private IP and I only NAT whatever port I need from pfSense - also a VM.
 
Top