VM NIC not sending all traffic

Status
Not open for further replies.

short-stack

Explorer
Joined
Feb 28, 2017
Messages
80
I want to run an IDS in a VM on my FreeNAS 11.1. I'm finally able to connect multiple NICs to the VM, so I thought I would finally be able to take my IDS off of my Raspberry Pi.

I have the interface set in FreeNAS to promisc, and running tcpdump from the CLI shows all of the traffic the way that it should. However, something is happening between FreeNAS and the VM that is blocking the promiscuous traffic and only forwarding the broadcast stuff through.

em2 is my FreeNAS interface that is working as it should:
Screen Shot 2017-10-28 at 8.53.00 AM.png


Here it is attached to the VM:
Screen Shot 2017-10-28 at 8.54.59 AM.png


And here it is in the VM:
Screen Shot 2017-10-28 at 8.50.59 AM.png



Did I totally miss a setting thats filtering the traffic? Or is this a bhyve limitation?
 

short-stack

Explorer
Joined
Feb 28, 2017
Messages
80
Ok, so I've narrowed this down the the bridge interface as the issue, but I'm still not sure why it's not passing all the traffic.

Screen Shot 2017-10-28 at 1.10.45 PM.png


I've set the bridge itself to promisc, but running tcpdump on em2 vs bridge0 shows everything vs only broadcast traffic. I was looking at the bridge configurations and SPAN would be ideal, but it doesn't work in this configuration. Ideas on what I need to do to fix this?
 

short-stack

Explorer
Joined
Feb 28, 2017
Messages
80
Just so it's here, in case someone comes across this. You need to set maxaddr to 0 for the bridge interface, this is what tells the bridge how many MAC addresses the bridge will keep in its forwarding table. By setting it to 0, it just forwards everything, thus just repeating my SPAN traffic.
I set a tunable in the FreeNAS GUI, of 'ifconfig_bridge0' to 'maxaddr 0 promisc' in rc.conf and now it should be good to go.
 
Status
Not open for further replies.
Top