Date: Fri, 24 Oct 2014 21:29:40 -0400 From: Allan Jude <allanjude@freebsd.org> To: freebsd-virtualization@freebsd.org Subject: Re: NATed or Private Network Setups Message-ID: <544AFD04.3060509@freebsd.org> In-Reply-To: <AB046E94-BFB7-4A57-BF86-0CA28DAD7673@jnielsen.net> References: <544ADBEB.2030907@nomadlogic.org> <AB046E94-BFB7-4A57-BF86-0CA28DAD7673@jnielsen.net>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --QLRtCdVkLDHj6I7eA1o73w8LFRsAlVTN1 Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 2014-10-24 20:01, John Nielsen wrote: >> On Oct 24, 2014, at 5:08 PM, Pete Wright <pete@nomadlogic.org> wrote: >> >> Hi All, >> Has anyone deployed bhyve using NAT'd or private network setups? I've= >> been able to deploy bridged interfaces, but I was wondering if anyone >> has done other network topologies. Is there anything preventing this >> from happening code wise? I reckon it could be achieved by creating a= >> pseudo interface? >=20 > Rather than supporting something like epair(4) directly, I believe the = plan is to allow connecting a bhyve VM to a user-space virtual switch on = the host. Neither is currently available to my knowledge. >=20 > For a NAT setup today you should be able to add your VM's tap(4) interf= ace as the only member of a bridge on the host and assign an IP address t= o the bridge interface. Services like DHCP for this virtual subnet would = need to also be configured on the host in addition to whatever NAT you wa= nt to use. >=20 > For an internal-only network between two or more VMs on the host you co= uld also just use a bridge containing only the VM tap adapters. If you do= n't want the host to participate in the network then don't put an IP on t= he bridge. > _______________________________________________ > freebsd-virtualization@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-virtualization > To unsubscribe, send any mail to "freebsd-virtualization-unsubscribe@fr= eebsd.org" >=20 This sets up stupid-simple NAT to allow a bhyve instance to talk to the internet. This is especially useful when your connection is wireless so you can't just bridge it. Assumes IPFW is already loaded note that it loads with a default deny all. in /etc/rc.conf: firewall_enable=3D"YES" firewall_type=3D"OPEN" firewall_quiet=3D"NO" firewall_logging=3D"YES" gateway_enable=3D"YES" Run: #this needs to be the same tap the bhyve uses, 1 per bhyve ifconfig tap0 create ifconfig tap0 10.0.9.1/30 #Load the IPFW nat module if it isn't already kldload ipfw_nat #create an IPFW NAT instance on your internet interface ipfw nat 9999 config if wlan0 #pass outbound traffic from the internal network through NAT ipfw add 9001 nat 9999 ip from 10.0.9.0/24 to any out via wlan0 ipfw add 9002 nat 9999 ip from any to any in via wlan0 Then just configure the bhyve to have an IP in the 10.0.9.0/24 network --=20 Allan Jude --QLRtCdVkLDHj6I7eA1o73w8LFRsAlVTN1 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (MingW32) iQIcBAEBAgAGBQJUSv0HAAoJEJrBFpNRJZKfLlcQAIt2H1r4DErkxixKuY1eQtf9 WZuJ1m17AORf1USM5dCtFqDxwCbN5jMEKB8vW4Alu4dGQIQ/iZ8VvddDAvu3eS+F R8WT6zslfA/sai5Jl47+agKhFmQnxi0qYNTdif/Q3fSohY6ITGkoTsikhuf8CpL7 JaMEHFjhrr70zBKo9RiwoRGrHGzVKDUFRwDPKUbpYwIsz1t16kLr7YXHOYWf5VMK 7n9JfmN3d95EntV24+/JJY5IjuuSKluygY+GfetfCOv7hya3/Ayx9adGUVsTTgth LT5SDbB7sliDG8y12rrjCOJBoYM71svJz4qtw+D58D48K0aHI+ixVeXZAsSnXDKE Evf0lGiBNHqP+ZNL8umrS4Z7QGF70lRjC9zliC5Sz1YT7uBJsPPoduDk1aJnLt8n wWTghV4RMgqn9DZgZX19F26n+nO3XJcDIu5dg3xL/JHwUP5CxncoG7LLbRzVd9c2 /8tyJGrB382iCdSibJuRphyOQgOb5CTg4XfuGE7P289XHlCP1wSRKWHTz6viOwAZ Uq24C7OkccIkC+46+dFL2j006ztJf4yHfaNdy2SxFgGR7sLnKdBzikyArv5fnXR3 9RVOKp+GTgPB7iIi0Y019vKTuT/MWQDf6YPbWLvcrYVWigoPTGDWuRzwcH/Sn4tR dCoQ+LVW6uIB58B/C4jL =ROMo -----END PGP SIGNATURE----- --QLRtCdVkLDHj6I7eA1o73w8LFRsAlVTN1--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?544AFD04.3060509>