From nobody Thu Jul 11 14:49:21 2024
X-Original-To: freebsd-virtualization@mlmmj.nyi.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
	by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WKd0w0Xk4z5Qn38
	for <freebsd-virtualization@mlmmj.nyi.freebsd.org>; Thu, 11 Jul 2024 14:49:36 +0000 (UTC)
	(envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: from gndrsh.dnsmgr.net (pdx.rh.CN85.dnsmgr.net [65.75.216.6])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by mx1.freebsd.org (Postfix) with ESMTPS id 4WKd0v2dLYz51VM
	for <freebsd-virtualization@FreeBSD.org>; Thu, 11 Jul 2024 14:49:35 +0000 (UTC)
	(envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Authentication-Results: mx1.freebsd.org;
	none
Received: from gndrsh.dnsmgr.net (localhost [127.0.0.1])
	by gndrsh.dnsmgr.net (8.13.3/8.13.3) with ESMTP id 46BEnMvS051381;
	Thu, 11 Jul 2024 07:49:22 -0700 (PDT)
	(envelope-from freebsd-rwg@gndrsh.dnsmgr.net)
Received: (from freebsd-rwg@localhost)
	by gndrsh.dnsmgr.net (8.13.3/8.13.3/Submit) id 46BEnLoP051380;
	Thu, 11 Jul 2024 07:49:21 -0700 (PDT)
	(envelope-from freebsd-rwg)
From: "Rodney W. Grimes" <freebsd-rwg@gndrsh.dnsmgr.net>
Message-Id: <202407111449.46BEnLoP051380@gndrsh.dnsmgr.net>
Subject: Re: Suddenly unable to access VMs
In-Reply-To: <CAAdA2WMaO8PPnFErZa0gcN-VPD6My4RtJB3u27BYi=8CWMZK=A@mail.gmail.com>
To: Odhiambo Washington <odhiambo@gmail.com>
Date: Thu, 11 Jul 2024 07:49:21 -0700 (PDT)
CC: FreeBSD virtualization <freebsd-virtualization@FreeBSD.org>
X-Mailer: ELM [version 2.4ME+ PL121h (25)]
List-Id: Discussion <freebsd-virtualization.freebsd.org>
List-Archive: https://lists.freebsd.org/archives/freebsd-virtualization
List-Help: <mailto:virtualization+help@freebsd.org>
List-Post: <mailto:virtualization@freebsd.org>
List-Subscribe: <mailto:virtualization+subscribe@freebsd.org>
List-Unsubscribe: <mailto:virtualization+unsubscribe@freebsd.org>
X-BeenThere: freebsd-virtualization@freebsd.org
Sender: owner-freebsd-virtualization@FreeBSD.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset=US-ASCII
X-Spamd-Bar: ----
X-Rspamd-Pre-Result: action=no action;
	module=replies;
	Message is reply to one we originated
X-Spamd-Result: default: False [-4.00 / 15.00];
	REPLY(-4.00)[];
	ASN(0.00)[asn:10494, ipnet:65.75.216.0/23, country:US]
X-Rspamd-Queue-Id: 4WKd0v2dLYz51VM

> My bhyve VMs have been all fine until now.
> I can't ping them and can't SSH into them. However, I can connect to them
> with VNCViewer from a remote host (my PC from my house) :-(
> 
> I haven't done any changes on the host at all.
> dnsmasq is running, but seems like the VMs aren't getting the IPs for some
> reason.
> 
> ```
> cloned_interfaces="bridge0 tap0 tap1 tap2 tap3 tap4 tap5"
> ifconfig_bridge0_name="vmbridge"
> ifconfig_vmbridge="addm em1 addm tap0 addm tap1 addm tap2 addm tap3 addm
> tap4 addm tap5 up"
> ifconfig_vmbridge_alias0="inet 172.16.0.1 netmask 255.255.255.0"
> ```
> What might have happened?
> 
> 
> root@gw:/home/wash # ifconfig vmbridge
> vmbridge: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP>
> metric 0 mtu 1500
>         options=0
>         ether 58:9c:fc:10:df:1d
>         inet 172.16.0.1 netmask 0xffffff00 broadcast 172.16.0.255
>         id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
>         maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
>         root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
>         member: tap5 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                 ifmaxaddr 0 port 10 priority 128 path cost 2000000
>         member: tap4 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                 ifmaxaddr 0 port 9 priority 128 path cost 2000000
>         member: tap3 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                 ifmaxaddr 0 port 8 priority 128 path cost 2000000
>         member: tap2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                 ifmaxaddr 0 port 7 priority 128 path cost 2000000
>         member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                 ifmaxaddr 0 port 6 priority 128 path cost 2000000
>         member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                 ifmaxaddr 0 port 5 priority 128 path cost 2000000
>         member: em1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
>                 ifmaxaddr 0 port 2 priority 128 path cost 55
>         groups: bridge
>         nd6 options=9<PERFORMNUD,IFDISABLED>
> root@gw:/home/wash # ssh 172.16.0.99
> ssh: connect to host 172.16.0.99 port 22: Permission denied
> root@gw:/home/wash # ssh 172.16.0.100
> ssh: connect to host 172.16.0.100 port 22: Permission denied
> root@gw:/home/wash # ping 172.16.0.100
> PING 172.16.0.100 (172.16.0.100): 56 data bytes
> ping: sendto: Permission denied
> ping: sendto: Permission denied
> ping: sendto: Permission denied
> ping: sendto: Permission denied
> ^C
> --- 172.16.0.100 ping statistics ---
> 4 packets transmitted, 0 packets received, 100.0% packet loss
> root@gw:/home/wash # ping 172.16.0.99
> PING 172.16.0.99 (172.16.0.99): 56 data bytes
> ping: sendto: Permission denied
> ping: sendto: Permission denied
> ping: sendto: Permission denied
> ^C
> --- 172.16.0.99 ping statistics ---
> 3 packets transmitted, 0 packets received, 100.0% packet loss
> root@gw:/home/wash # service dnsmasq status
> dnsmasq is running as pid 4190.
> root@gw:/home/wash #

Permission denied is almost certainly coming from firewall,
either ipfw or pf.


-- 
Rod Grimes                                                 rgrimes@freebsd.org