bhyve VM a NAT v PF
Miroslav Lachman
000.fbsd at quip.cz
Mon Feb 4 22:42:22 CET 2019
Zkousim si poprve hrat s bhyve. Guest VM mi bezi, mam v nem
nainstalovane FreeBSD 11.2, stejne jako na hostiteli.
Guest ma sitovku vtnet1 s IP 172.16.18.2 a abych z guestu mohl dostat
ven na net (stahnout balicky atd.), tak chci v hostiteli nastavit NAT v PF.
NAT v PF uz na par strojich provozuju a proto ma tak trochu prekvapuje,
ze mi to v tomhle pripade nechce fungovat.
V hostiteli je nastaveno
- sysctl net.inet.ip.forwarding=1
- verejny NIC je lagg0 slozeny z em0 a em1
- pro tu NATovanou sit pro virtualy slouzi bridge "vm-natlan" s IP
172.16.18.1
- bezi tam PF s NAT
nat pass on lagg0 inet from 172.16.18.0/24 to any -> (lagg0)
Kdyz pustim ping 8.8.8.8 v guestu, tak v hostiteli
"tcpdump -v -n -i vm-natlan icmp" mi spravne zobrazuje odchazejici
packety, ale zadne se nevraceji
"tcpdump -v -n -i lagg0 icmp" nevypise nic (nedojde k prekladu).
Takze co je spatne / co prehlizim?
Par detailu:
vm-natlan: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0
mtu 1500
ether 0e:a6:53:df:e6:7a
inet 172.16.18.1 netmask 0xffffff00 broadcast 172.16.18.255
nd6 options=1<PERFORMNUD>
groups: bridge vm-switch viid-7f7f3@
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 8 priority 128 path cost 2000000
tap1 je interface toho VM guestu
tap1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric
0 mtu 1500
description: vmnet-kotel-1-natlan
options=80000<LINKSTATE>
ether 00:bd:26:d9:fc:01
hwaddr 00:bd:26:d9:fc:01
inet6 fe80::2bd:26ff:fed9:fc01%tap1 prefixlen 64 tentative
scopeid 0x8
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet autoselect
status: active
groups: tap vm-port
Opened by PID 4288
Mirek
More information about the Users-l
mailing list