pf, vm-bhyve switch mit öffentl IP

teisho

Well-Known Member
Hi zusammen,
stehe gerade auf dem Schlauch..
Ich versuche in pf einen Port für eine VM mit einem bridge Interface zu öffnen und scheitere.
Ausgehender verkehr von der VM funktioniert.

Bash:
vm-public: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
    ether 52:0a:21:25:ab:aa
    id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
    maxage 20 holdcnt 6 proto stp-rstp maxaddr 2000 timeout 1200
    root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
    member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 6 priority 128 path cost 2000000
    member: em0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
            ifmaxaddr 0 port 1 priority 128 path cost 20000
    groups: bridge vm-switch viid-4c918@
    nd6 options=1<PERFORMNUD>
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
    description: vmnet-valheim-0-public
    options=80000<LINKSTATE>
    ether 58:9c:fc:10:ff:a6
    groups: tap vm-port
    media: Ethernet autoselect
    status: active
    nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
    Opened by PID 95277

Bash:
 ~# cat /etc/pf.conf

ext_if = "em0"
icmp_types = "{ echoreq, unreach }"
icmp6_types = "{ echoreq, routersol, routeradv, neighbradv, neighbrsol }"

foovm6 = "2a01:xxx:xxx:xxx::f00"

pass quick on lo0 no state
pass quick on vm-public keep state
pass quick on tap0 keep state

block in all

pass in inet6 proto tcp from any to $foovm6 port { 22 }

pass on $ext_if inet proto icmp all icmp-type $icmp_types keep state
pass on $ext_if inet6 proto icmp6 all icmp6-type $icmp6_types keep state

pass out all keep state
 
Oben