Using OpenBSD guest as PF firewall
Thomas Laus
lausts at acm.org
Fri Nov 6 19:25:40 UTC 2020
On 11/5/20 9:24 PM, Jason Tubnor wrote:
>
> You could create a clone (lo) with an IP address, add that as an
> interface to a vm switch and then guest tap to that vm switch?
>I ended up getting this all to function by removing bridge 'public'
created by the vm-bhyve utility and manually making the loader.conf and
rc.conf changes listed in the forum article. My loader.conf:
vmm_load="YES"
if_tap_load="YES"
if_bridge_load="YES"
pptdevs=2/0/0
I edited my rc.conf and added:
cloned_interfaces="bridge0"
ifconfig_bridge0="inet 172.16.1.2 netmask 255.255.255.0"
defaultrouter="176.16.1.1"
gateway_enable-"YES"
The OpenBSD guest has a vio0 address set to 172.16.1.1 in hostname.vio0.
The OpenBSD guest sees the host motherboard NIC that is passed through
and is properly configured through DHCP.
The only hiccup is that I can't enable the tap0 interface in the host
/etc/rc.conf because the OpenBSD takes 35 seconds to boot and vio0 on
that end is not visible until the boot process has been completed. I
made a script for /usr/local/etc/rc.d on the host to add tap0 to
bridge0. It errors out during the host boot process, but runs fine when
getting a 'onestart' after the host is booted. I have already tried
adding a 'sleep 40' to the start of the script without success.
I now have a 'mostly' operational OpenBSD PF guest for my FreeBSD host.
Thanks for the help and a few pointers to the right direction.
Tom
--
Public Keys:
PGP KeyID = 0x5F22FDC1
GnuPG KeyID = 0x620836CF
More information about the freebsd-virtualization
mailing list