NATed or Private Network Setups

Allan Jude allanjude at freebsd.org
Sat Oct 25 01:29:24 UTC 2014 

On 2014-10-24 20:01, John Nielsen wrote:
>> On Oct 24, 2014, at 5:08 PM, Pete Wright <pete at nomadlogic.org> wrote:
>>
>> Hi All,
>> Has anyone deployed bhyve using NAT'd or private network setups?  I've
>> been able to deploy bridged interfaces, but I was wondering if anyone
>> has done other network topologies.  Is there anything preventing this
>> from happening code wise?  I reckon it could be achieved by creating a
>> pseudo interface?
> 
> Rather than supporting something like epair(4) directly, I believe the plan is to allow connecting a bhyve VM to a user-space virtual switch on the host. Neither is currently available to my knowledge.
> 
> For a NAT setup today you should be able to add your VM's tap(4) interface as the only member of a bridge on the host and assign an IP address to the bridge interface. Services like DHCP for this virtual subnet would need to also be configured on the host in addition to whatever NAT you want to use.
> 
> For an internal-only network between two or more VMs on the host you could also just use a bridge containing only the VM tap adapters. If you don't want the host to participate in the network then don't put an IP on the bridge.
> _______________________________________________
> freebsd-virtualization at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization
> To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe at freebsd.org"
> 

This sets up stupid-simple NAT to allow a bhyve instance to talk to the
internet.  This is especially useful when your connection is wireless so
you can't just bridge it. Assumes IPFW is already loaded note that it
loads with a default deny all.

in /etc/rc.conf:

firewall_enable="YES"
firewall_type="OPEN"
firewall_quiet="NO"
firewall_logging="YES"
gateway_enable="YES"


Run:

#this needs to be the same tap the bhyve uses, 1 per bhyve
ifconfig tap0 create
ifconfig tap0 10.0.9.1/30

#Load the IPFW nat module if it isn't already
kldload ipfw_nat

#create an IPFW NAT instance on your internet interface
ipfw nat 9999 config if wlan0

#pass outbound traffic from the internal network through NAT
ipfw add 9001 nat 9999 ip from 10.0.9.0/24 to any out via wlan0
ipfw add 9002 nat 9999 ip from any to any in via wlan0


Then just configure the bhyve to have an IP in the 10.0.9.0/24 network


-- 
Allan Jude

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-virtualization/attachments/20141024/4b61aa6d/attachment.sig>

More information about the freebsd-virtualization mailing list