Bridge woes

D'Arcy Cain darcy at druid.net
Sun Oct 25 17:33:00 UTC 2020 

I have been trying to solve this problem for a week now.  I have been 
emailing the virtualization list (Re: When is a switch not a switch?) 
because it had to do with vm-bhyve but now I am wondering if it is something 
else.  Maybe some of the network experts here can help.

Basically I have the following in my rc.conf:
   set -- $(/sbin/ifconfig -l ether); eth0=$1 eth1=$2
   eval "ifconfig_${eth0}_name=\"eth0\"" # Public facing network
   eval "ifconfig_${eth1}_name=\"eth1\"" # Private network
   ifconfig_eth0="inet 0x629e8b${me}/27"
   ifconfig_eth0_ipv6="inet6 2605:2600:1001::${me}/64"
   ifconfig_eth1="inet 0xc0a897${me}/24"
   ifconfig_eth1_ipv6="inet6 fc00:97:97::${me}/64"
   vm_enable="YES"
   vm_dir="zfs:zroot/VM"
   vm_delay="5"

Everything there does what it is supposed to do.  In rc.local I do this:
   sysctl -w net.inet.ip.forwarding=1
   sysctl -w net.inet6.ip6.forwarding=1
   vm switch create public
   vm switch add public eth0
   vm switch create private
   vm switch add private eth1

I know that I can put those sysctls in /etc/sysctl.conf but I have reasons 
for doing it this way.

So far so good.  I then fire up a VM by running "vm install".  I haven't 
been able to get an actual working system yet due to the following proble,

In the VM I set an IP address on the same network as the host:
   vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 
0 mtu 1500
         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
         ether 22:22:22:22:22:41
         inet 98.158.139.71 netmask 0xffffffe0 broadcast 98.158.139.95
         media: Ethernet 10Gbase-T <full-duplex>
         status: active
         nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

I set up /etc/resolv.conf and default routes as expected.  At that point I 
can ping any IP address on my internal network as well as any ICMP friendly 
sites anywhere on the Internet.  However, I can't make a TCP connection to 
anywhere except to the host or, for some odd reason, one other host on my 
network.

I have tried putting the public IP on the bridge but other than complicating 
my startup scripts it acts exactly the same.

Can anyone make any sense out of this?

-- 
D'Arcy J.M. Cain <darcy at druid.net>         |  Democracy is three wolves
http://www.druid.net/darcy/                |  and a sheep voting on
+1 416 788 2246     (DoD#0082)    (eNTP)   |  what's for dinner.
IM: darcy at VybeNetworks.com, VoIP: sip:darcy at druid.net

Disclaimer: By sending an email to ANY of my addresses you
are agreeing that:

1.  I am by definition, "the intended recipient".
2.  All information in the email is mine to do with as I see
     fit and make such financial profit, political mileage, or
     good joke as it lends itself to. In particular, I may quote
     it where I please.
3.  I may take the contents as representing the views of
     your company if I so wish.
4.  This overrides any disclaimer or statement of
     confidentiality that may be included or implied in
     your message.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 236 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-net/attachments/20201025/fa8200b8/attachment.sig>

More information about the freebsd-net mailing list