On Wed, 24 Dec 2025 10:11:39 +1000
David Gwynne <[email protected]> wrote:
> i would try following the packets through the host with tcpdump. in
> this setup you should see the packets coming from the vm into the
> host on the tap interface, through veb0, and into vport0. so `tcpdump
> -ni tap0`, then `tcpdump -ni veb0`, and `tcpdump -ni vport`.
>
> if you dont see anything on tap0 then it sounds like a vm or vmm
> problem.
>
> did you ugprade the host at the same time? or just the vm?
I upgraded the Alpine VM well after upgrading to 7.8 on the host.
> while im here, i have a couple of notes on your setup below.
>
> if you're only going to be running the one vm then you don't need
> need veb in your topology, you can talk to the vm directly on the tap
> interface. without veb, you can think of the tap interface as having
> a cable between the host and the vm. adding veb plugs that connection
> into a switch, and vport then plugs the host into that same switch.
Oh, okay. That's much simpler. Hopefully I got this correct:
```
~ $ cat /etc/hostname.tap0
lladdr fe:e1:ba:d1:ca:57
inet 172.16.100.1 255.255.255.0
~ $ cat /etc/vm.conf
vm "alpine" {
disable
memory 768M
cdrom "/home/izder456/Downloads/alpine-virt-3.23.2-x86_64.iso"
disk "/home/izder456/VMs/Alpine.qcow2"
interface tap0 {
lladdr de:ed:ba:d4:99:a8
}
owner izder456
}
~ $ cat /etc/pf.conf
set skip on lo
set block-policy drop
set optimization normal
# vmm NAT
match out on egress received-on tap0 nat-to (egress)
# Multicast junk
pass proto udp to 224.0.0.251 port mdns allow-opts
pass inet6 proto udp to ff02::fb port mdns allow-opts
pass proto udp to 239.255.255.250 port ssdp allow-opts
pass inet6 proto udp to { ff02::c, ff05::c, ff08::c } port ssdp
allow-opts
# ICMP
pass inet proto icmp
pass inet6 proto icmp6
```
I *did* use the same mac addresses as you did for simplicity, shouldn't
be an issue though.
Did I get my setup correct based on how you explained it?
I deleted the disk of the old install as I had nothing important on it
just to start fresh, and attempted a tcpdump after setting up the
interfaces in the guest's installer environment.
Alpine guest (with above config):
```
localhost:~# setup-interfaces
Available interfaces are: eth0.
Enter '?' for help on bridges, bonding and vlans.
Which one do you want to initialize? (or '?' or 'done') [eth0]
Ip address for eth0? (or 'dhcp', 'none', '?') [dhcp] 172.16.100.2
Netmask? [255.255.0.0] 255.255.255.0
Gateway? (or 'none') [none] 172.16.100.1
Configuration for eth0:
type=static
address=172.16.100.2
netmask=255.255.255.0
gateway=172.16.100.1
Do you want to do any manual network configuration? (y/n) [n]
localhost:~# rc-service networking restart
* Starting networking ...
* lo ...
[ ok ]
* eth0 ...
[ ok ]
localhost:~# ping 8.8.8.8
PING 8.8.8.8 (8.8.8.8): 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 0 packets received, 100% packet loss
```
Host:
```
~ $ doas tcpdump -ni tap0
tcpdump: listening on tap0, link-type EN10MB
20:44:57.951248 00:00:00:00:00:00 00:00:00:00:00:00 ffff 54:
ffff ffff deed bad4 99a8 0806 0001 0800
0604 0001 deed bad4 99a8 ac10 6402 0000
0000 0000 ac10 6401
20:44:58.991110 00:00:00:00:00:00 00:00:00:00:00:00 ffff 54:
ffff ffff deed bad4 99a8 0806 0001 0800
0604 0001 deed bad4 99a8 ac10 6402 0000
0000 0000 ac10 6401
^C
2 packets received by filter
0 packets dropped by kernel
```
What's curious here is that tcpdump sees packets coming from the mac
address assigned to the VM's virtual ethernet card, but things aren't
going out to the internet through my host? What am I doing wrongly here?
--
iz (she/her)
> i like to say mundane things,
> there are too many uninteresting things
> that go unnoticed.
izder456 (dot) neocities (dot) org
