From owner-freebsd-questions@FreeBSD.ORG Tue Jan 17 21:51:48 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 83387106566C for ; Tue, 17 Jan 2012 21:51:48 +0000 (UTC) (envelope-from fbsdq@peterk.org) Received: from poshta.pknet.net (poshta.pknet.net [216.241.167.213]) by mx1.freebsd.org (Postfix) with ESMTP id 360388FC19 for ; Tue, 17 Jan 2012 21:51:48 +0000 (UTC) Received: (qmail 60648 invoked by uid 89); 17 Jan 2012 21:51:43 -0000 Received: from localhost (HELO pop.pknet.net) (127.0.0.1) by poshta.pknet.net with ESMTP; 17 Jan 2012 21:51:43 -0000 Received: from 74.63.162.21 (SquirrelMail authenticated user fbsdq@peterk.org) by pop.pknet.net with HTTP; Tue, 17 Jan 2012 14:51:43 -0700 Message-ID: <233fbb794c977415f3f8eab63581b87b.squirrel@pop.pknet.net> In-Reply-To: <0ba8bd0d2bf651d765eb04f5c8708420.squirrel@pop.pknet.net> References: <31f21c35fd0eec86fd61de0f8e5029c9.squirrel@pop.pknet.net> <0ba8bd0d2bf651d765eb04f5c8708420.squirrel@pop.pknet.net> Date: Tue, 17 Jan 2012 14:51:43 -0700 From: "Peter" To: freebsd-questions@freebsd.org User-Agent: SquirrelMail/1.4.21 MIME-Version: 1.0 Content-Type: text/plain;charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) Importance: Normal Cc: Peter Subject: solved - bridge firewall in virtualbox not passing traffic after upgrade to stable/9 X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 17 Jan 2012 21:51:48 -0000 >> Hello, >> Was running 8.2 and virtualbox 3 - wiped Freebsd 8.2, installed 9.0, >> installed latest virtualbox port 4.0.14 and the networking broke in my >> vms. >> >> Setup I had: >> >> {vm1,vm2,etc}---> vbox internal network -> em2[firewall VM]em1 --> >> re0[physical box]-->ISP >> >> the firewall vm has this: >> ifconfig_em0='172.20.6.210/24' >> cloned_interfaces="bridge0" >> ifconfig_bridge0="addm em1 addm em2 up" >> ifconfig_em1="up" >> ifconfig_em2="up" >> >> Firewall vm has this setup: >> nic1 - bridge re0 >> nic2 - bridge re0 >> nic3 - internal network >> >> The VMs are still on 8.2, the only change was virtualbox from 3 to >> 4.0.14 >> and host system fresh install of stable/9. >> >> vboxnet is loaded, if I change the VMs to just bridge re0, they are able >> to get out, if I put them on the internal network, nothing gets out. >> >> internal networking works because without bridge and just setting static >> IP on vm1 and firewall vm em2, they talk without problem. >> >> ]Peter[ >> it can't be this hard. >> > Just a follow up with more info. > > Set 2 vms and booting from 9 release cd using live system option. > Host system is stable/9, vbox 4.0.14: > Per the handbook setup bridging on firewall_vm that has no IP, and only > two interfaces [em0 - external, and em1 - internal networking] > http://www.freebsd.org/doc/handbook/network-bridging.html > > On client_vm, em0 is connected to internal network and should pass through > that bridge, but I get nothing: > > client_vm -> internal network -> em1[bridge vm]em0 -> internet > > ]Peter[ > on bridge vm, doing dhclient bridge0 gets nothing, doing dhclient em0 > gets IP.... > > Another follow up and solution: Virtualbox lost default promiscuous mode on version 4.0.6 and that option did not appear under 'modifyvm' until 4.1.8. Followed this forum post and used the vbox internal 'setextradata' to fix my firewall VM to allow promiscuous mode. https://forums.virtualbox.org/viewtopic.php?f=7&t=41036 For me that was: VBoxManage setextradata chernogorsk.pknet.net "VBoxInternal/Devices/e1000/0/LUN#0/Config/IfPolicyPromisc" "allow-all" VBoxManage setextradata chernogorsk.pknet.net "VBoxInternal/Devices/e1000/1/LUN#0/Config/IfPolicyPromisc" "allow-all" VBoxManage setextradata chernogorsk.pknet.net "VBoxInternal/Devices/e1000/2/LUN#0/Config/IfPolicyPromisc" "allow-all" or modify the config file for the vm: That allowed the nics to pass all data and turns off mac security - In Vbox 4.1.8 [on Windows] that option is in the GUI, this was pure luck I decided to upgrade my 4.1.2 to 4.1.8 for further testing and that option appeared. ]Peter[ ahh, all the little hidden internals of vbox...