FreeBSD 9.0; VirtualBox v4.0.14;
PF rules when using bridged interface
public profile
ilavsky.martin at gmail.com
Wed Jan 25 13:19:39 UTC 2012
Hello Guys,
I'm struggling with an issue I can't find answers to nor able to
figure out myself. I found this email address on wiki.freebsd.org,
hopefully somebody can give me some further hints.
I've started a thread on forums too:
http://forums.freebsd.org/showthread.php?t=29111
To describe the problem:
Setup:
FreeBSD 9.0 amd64 with virtualbox-ose-4.0.14 installed.
internet facing interface em0, virtual machine (VM) is using this
interface when bridged network is selected
both server and VM have public IP address
active firewall - PF - on host
Goal to achieve:
Do a traffic accounting for all VMs which have public IP addresses,
something like:
IP_VM_PUB_1 total bytes in/out
IP_VM_PUB_2 total bytes in/out
... etc
Problem: PF rules for IPs which are active on VM which have bridged
network are being ignored.
Example:
I want to disable port 80 for each and every VM running on host (bridged NW):
Egress iface: em0
VM virtual IP: 192.0.2.2
pf.conf sample on host:
block in quick on em0 proto tcp from any to 192.0.2.2 port 80
Does nothing when rules are reloaded. However, I can see this traffic
passed by with tcpdump.
I suspect that vboxnetflt kernel driver might have something to do
with it (bypassing the whole PF).
Please can you confirm this? Is there a way for hosts to do a per IP
filtering for VMs used on bridged network?
Thanks for any hints,
Martin Ilavsky
__
..life is hard, and then you die..
More information about the freebsd-emulation
mailing list