I am running Qemu with 2 virtual machines. I have put the tap devices
into a bridge with a trunk interface, the trunk acts as a gateway,
allowing a virtual network inside the host server which can nat to
public IPs and be firewalled. For some reason the 2 vmhosts cannot
communicate. they will arp each other up but not actually ping each
other. THey are windows hosts. I have a site to site vpn back to my
house which i can ping both vm hosts successfully from my house
computer through the vpn. i can ping the trunk interface from the
hosts as well. just not vmhost to vmhost.
Any thoughts on why they can not ping each other?
thank you
Below is my pf.conf and output of ifconfig and brconfig
# gorilla.sporkton.com
#
# See pf.conf(5) and /usr/share/pf for syntax and examples.
# Remember to set net.inet.ip.forwarding=1 and/or net.inet6.ip6.forwarding=1
# in /etc/sysctl.conf if packets are to be forwarded between interfaces.
#NORMAL ORDER - see no set require-order rule
#Macros
#Tables
#Options
#Traffic Normalization (e.g. scrub)
#Queueing
#Translation (Various forms of NAT)
#Packet Filtering
ext_if="em0"
vm_if="trunk0"
gorilla="38.102.248.178"
table <ssh-attack> persist
table <private> const { 10/8, 172.16/12, 192.168/16 }
set skip on {enc0, lo0}
set block-policy drop
scrub in on $ext_if all fragment reassemble
no nat on $ext_if from <private> to <private>
nat on $ext_if from <private> to any -> ($ext_if:0)
#--Default--#
block in
pass out
pass in on $vm_if
pass in on $ext_if proto tcp to $gorilla port ssh
#--Custom--#
pass in on $ext_if proto esp
pass in on $ext_if proto udp to $gorilla port {isakmp, ipsec-nat-t}
pass in on $ext_if proto {udp, tcp} to $gorilla port domain
# ifconfig
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 33208
groups: lo
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x4
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:14:22:b0:d8:d2
groups: egress
media: Ethernet autoselect (100baseTX full-duplex)
status: active
inet 38.102.248.178 netmask 0xfffffff8 broadcast 38.102.248.183
inet6 fe80::214:22ff:feb0:d8d2%em0 prefixlen 64 scopeid 0x1
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:14:22:b0:d8:d3
media: Ethernet autoselect (none)
status: no carrier
enc0: flags=0<> mtu 1536
trunk0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
lladdr 00:00:00:00:00:00
trunk: trunkproto roundrobin
groups: trunk
media: Ethernet autoselect
status: no carrier
inet 10.0.1.1 netmask 0xffffff00 broadcast 10.0.1.255
inet6 fe80::214:22ff:feb0:d8d2%trunk0 prefixlen 64 scopeid 0x5
pflog0: flags=141<UP,RUNNING,PROMISC> mtu 33208
groups: pflog
tun0: flags=9942<BROADCAST,RUNNING,PROMISC,SIMPLEX,LINK0,MULTICAST> mtu 1500
lladdr 00:bd:be:64:87:01
groups: tun
inet6 fe80::2bd:beff:fe64:8701%tun0 prefixlen 64 scopeid 0x8
bridge0: flags=41<UP,RUNNING> mtu 1500
groups: bridge
tun1: flags=9942<BROADCAST,RUNNING,PROMISC,SIMPLEX,LINK0,MULTICAST> mtu 1500
lladdr 00:bd:3b:4f:63:02
groups: tun
inet6 fe80::2bd:3bff:fe4f:6302%tun1 prefixlen 64 scopeid 0xb
# brconfig
bridge0: flags=41<UP,RUNNING>
priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp
trunk0 flags=3<LEARNING,DISCOVER>
port 5 ifpriority 0 ifcost 0
tun1 flags=3<LEARNING,DISCOVER>
port 11 ifpriority 0 ifcost 0
tun0 flags=3<LEARNING,DISCOVER>
port 8 ifpriority 0 ifcost 0
Addresses (max cache: 100, timeout: 240):
#
--
-Lawrence
