From owner-freebsd-net@FreeBSD.ORG Thu Oct 28 10:22:56 2010 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 969E4106566C for ; Thu, 28 Oct 2010 10:22:56 +0000 (UTC) (envelope-from dave.evans55@googlemail.com) Received: from mail-wy0-f182.google.com (mail-wy0-f182.google.com [74.125.82.182]) by mx1.freebsd.org (Postfix) with ESMTP id 271458FC08 for ; Thu, 28 Oct 2010 10:22:55 +0000 (UTC) Received: by wyb42 with SMTP id 42so1684607wyb.13 for ; Thu, 28 Oct 2010 03:22:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from :user-agent:mime-version:to:subject:x-enigmail-version:content-type :content-transfer-encoding; bh=cDVPTA0elNvX4/L/kM3/1kIamkRNQCetHYTfqxIyI/s=; b=JACCQQrP22vGmFNZR9tbPPQQ42QhTAO6rr2ZBLzSAstFnNbpu5vFwTsCF+CRSn/LHr YPx0I1QfRU+oEWOZZ1Dblmo7olydaHhWuT6iAau1P+HAxBpA3Fug681BPDBqKX1ZisHG TU/cwmKrAVz2ZKEQrnj/MALL0n28OltgGkVRQ= DomainKey-Signature: a=rsa-sha1; c=nofws; d=googlemail.com; s=gamma; h=message-id:date:from:user-agent:mime-version:to:subject :x-enigmail-version:content-type:content-transfer-encoding; b=uH46yUONmOk0LWv09e/ht/W2pGG3E3NzoTFWKo0Gzzy/6ri/i8ZsBSH5xhu49U5D7i NMwPkVKcNOUoX3BcYod59TLIBRKm9qswaFpBx1XTz4OmNF9OvDPT1UiNsMA0IuXORT4F p495mIaXQqAozVf1ol4/dEGl+qXSmpItDJhDs= Received: by 10.227.134.201 with SMTP id k9mr5982017wbt.177.1288261375010; Thu, 28 Oct 2010 03:22:55 -0700 (PDT) Received: from two.pearl (dsl-fixed-77-44-81-131.interdsl.co.uk [77.44.81.131]) by mx.google.com with ESMTPS id ga16sm789415wbb.1.2010.10.28.03.22.52 (version=TLSv1/SSLv3 cipher=RC4-MD5); Thu, 28 Oct 2010 03:22:53 -0700 (PDT) Message-ID: <4CC94EFB.1020904@googlemail.com> Date: Thu, 28 Oct 2010 11:22:51 +0100 From: David Evans User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.11) Gecko/20101013 Lightning/1.0b2 Thunderbird/3.1.5 MIME-Version: 1.0 To: FreeBSD Net X-Enigmail-Version: 1.1.1 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Subject: Subject: Re: Bridge problems, possibly due to proxy arp on Parallels Desktop X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 28 Oct 2010 10:22:56 -0000 [ posted to freebsd-net@freebsd.org 2010-10-28 ] I believe I have now found the answer to my problem. The rule is simple: You cannot bridge a Desktop virtual NIC. The reason for this, I believe so far, is that Parallels have only implemented a simplified version of bridging on their bridged networking scheme. If you try to use more than one MAC address per NIC, it get confused and fails in mysterious ways: ping only works when another ping is running; ARP replies go to the wrong NIC; ping does not work for certain combinations of hosts. Obviously, what Parallels have implemented is perfectly adequate for 99.9999% of users; it's only people like me who insist on testing everything to destruction. I have now built a VPN on top of the existing network without using any bridging to a Desktop virtual NIC. On one VM I am running FreeBSD with 3 VPN servers bridged together. On another VM I am running a FreeBSD client. Another FreeBSD client runs on a PC. A third client runs on OS X. It is all working just like I expected. Of course you would not normally run 3 servers on one machine but would combine them into one, but I'm only testing. It is certainly very useful to be able to run all this on virtual machines. There is no way I could have tested this out on my available hardware. It has been an interesting learning experience.