Re: I can’t get veb/vport to work with vmd.
On 2021-05-06, Luke Small wrote: > I got it working. I have a pretty hefty amount of vether0 and > vether0:network in my pf.conf that I changed to vport0 and vport0:network. > > That fixed every single thing! > > I somehow completely forgot about all the vether0 pf rules which isolates > the the various local systems so VMs are isolated from being able to do > anything malicious to any local systems. > > I silently redirect the VMs' dns and ntp calls to my OpenBSD services to > harden them a bit too. > > -Luke > Make sure you remember you've done this when you try to debug a DNS problem on the VMs. Recursive and authoritative DNS lookups aren't interchangeable... If you want to force a specific DNS server I recommend blocking others, not silently redirecting.
Re: I can’t get veb/vport to work with vmd.
I got it working. I have a pretty hefty amount of vether0 and vether0:network in my pf.conf that I changed to vport0 and vport0:network. That fixed every single thing! I somehow completely forgot about all the vether0 pf rules which isolates the the various local systems so VMs are isolated from being able to do anything malicious to any local systems. I silently redirect the VMs' dns and ntp calls to my OpenBSD services to harden them a bit too. -Luke
Re: I can’t get veb/vport to work with vmd.
On 6 May at 04:04, Luke Small wrote:
> There seems to be ZERO examples of using veb/vport vs bridge/vether. I am
> running 6.9 now and I substituted the bridge0 usage in vm.conf and I copied
> the hostname.vether0 into hostname.vport0 and hostname.bridge0 uses vether0
> so I used vport0 in hostname.veb0 . I used ifconfig … down for bridge0 and
> vether0 and ifconfig … up for vport0 and veb0 and ran “sh /etc/netstart
> veb0 then ran the vm of choice and it gets no internet. I reverted
> everything back and I get internet.
>
> What am I missing?
Can you share your config?
I have it working with like:
root@server14:~ # ls /etc/hostname.* | xargs -n1 -t head -n5
head -n5 /etc/hostname.em0
up
head -n5 /etc/hostname.veb911
add vport911
up
head -n5 /etc/hostname.vlan910
vnetid 910 parent em0
inet 46.23.91.24 255.255.255.192
inet6 2a03:6000:910::24 64
up
head -n5 /etc/hostname.vport911
inet 46.23.91.65 255.255.255.192
root@server14:~ # cat /etc/vm.conf
switch "uplink_veb911" {
interface veb911
}
vm "vm01" {
disable
owner runbsd
memory 1G
disk "/var/vmm/vm01.qcow2" format qcow2
interface tap {
switch "uplink_veb911"
lladdr fe:e1:bb:d4:d4:01
}
}
Mischa
Re: I can’t get veb/vport to work with vmd.
On Wed, May 05, 2021 at 09:04:04PM -0500, Luke Small wrote: > There seems to be ZERO examples of using veb/vport vs bridge/vether. I am > running 6.9 now and I substituted the bridge0 usage in vm.conf and I copied > the hostname.vether0 into hostname.vport0 and hostname.bridge0 uses vether0 > so I used vport0 in hostname.veb0 . I used ifconfig … down for bridge0 and > vether0 and ifconfig … up for vport0 and veb0 and ran “sh /etc/netstart > veb0 then ran the vm of choice and it gets no internet. I reverted > everything back and I get internet. > > What am I missing? > -- > -Luke a tcpdump and what's in your pf.conf
I can’t get veb/vport to work with vmd.
There seems to be ZERO examples of using veb/vport vs bridge/vether. I am running 6.9 now and I substituted the bridge0 usage in vm.conf and I copied the hostname.vether0 into hostname.vport0 and hostname.bridge0 uses vether0 so I used vport0 in hostname.veb0 . I used ifconfig … down for bridge0 and vether0 and ifconfig … up for vport0 and veb0 and ran “sh /etc/netstart veb0 then ran the vm of choice and it gets no internet. I reverted everything back and I get internet. What am I missing? -- -Luke
