# Unable to get bhve guest internet working



## z662 (Sep 3, 2017)

I used to have a working install of a bhyve guest (FBSD) that had internet, but it has been a few minor versions since then and my configuration no longer seems to be valid.  I am hoping someone can help me spot where I need to update things.   I have posted my primary config files below for the host and guest OS.  Any help would be greatly appreciated.

Host (10.3)

```
brad@mercury:/home/brad$ cat /etc/rc.conf
hostname="mercury.milkyway"
keyrate="fast"
#ifconfig_re0="192.168.0.101 netmask 255.255.255.0"
ifconfig_re0="SYNCDHCP"
ifconfig_bridge0="addm re1 addm tap0"
cloned_interfaces="bridge0 tap0"
cloned_interfaces="${cloned_interfaces} lo1"
pf_enable="YES"
#pflog_enable="YES"
#gateway_enable="YES"
pf_rules="/etc/pf.conf"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="NO"
zfs_enable="YES"
sshd_enable="YES"
ntpd_enable="YES"
ntpd_sync_on_start="YES"
ezjail_enable="YES"
#nfs_client_enable="YES"
kern_securelevel_enable="YES"
kern_securelevel="3"
local_unbound_enable="YES"
accounting_enable="YES"



brad@mercury:/home/brad$ cat /etc/pf.conf
set skip on lo0
interface="re1"
apacheJail="192.168.0.102"
ircJail="192.168.0.103"
plexJail="192.168.0.104"
scrub in all

#rdr pass on $interface proto tcp from any to $interface port 80 -> $apacheJail
#rdr pass on $interface proto tcp from any to $interface port 6667 -> $ircJail

block in on $interface


pass in on $interface proto tcp from any to $apacheJail port 80
pass in on $interface proto tcp from any to $ircJail port 1738
pass in on $interface proto tcp from any to any port 2662
#plex
pass in on $interface proto udp from any to any port 1900
pass in on $interface proto tcp from any to any port 32400
pass in on $interface proto tcp from any to any port 32469
#pass in on $interface proto tcp from any to any port 8324
#pass in on $interface proto tcp from any to any port 3005
#pass in on $interface proto udp from any to any port 5353
pass in on $interface proto udp from any to any port 32410:32414
pass out on $interface proto {tcp,udp,icmp} all




brad@mercury:/home/brad$ ifconfig
re0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
        ether 74:d4:35:3f:2c:df
        inet 192.168.0.101 netmask 0xffffff00 broadcast 192.168.0.255
        inet 192.168.0.103 netmask 0xffffffff broadcast 192.168.0.103
        inet 192.168.0.102 netmask 0xffffffff broadcast 192.168.0.102
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:fe:4a:c8:9c:00
        nd6 options=9<PERFORMNUD,IFDISABLED>
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
tap0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80000<LINKSTATE>
        ether 00:bd:45:35:00:00
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect
        status: active
        Opened by PID 1752
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet 127.0.1.2 netmask 0xffffffff
        inet 127.0.1.1 netmask 0xffffffff
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
```

Guest (10.3)   (I am hoping to use 192.168.0.1 in the resolve instead of google DNS if possible?)

```
root@virtualPlex:~ # cat /etc/rc.conf
hostname="virtualPlex"
ifconfig_vtnet0="inet 192.168.0.104 netmask 255.255.255.0"
defaultrouter="192.168.0.1"
ntpd_enable="YES"
powerd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"



root@virtualPlex:~ # cat /etc/resolv.conf
nameserver 8.8.8.8
root@virtualPlex:~ #
```


----------



## SirDice (Sep 4, 2017)

Turn this back on:

```
#gateway_enable="YES"
```


----------



## z662 (Sep 5, 2017)

I made the change in the host OS but am still unable to get replies back.  I then changed the DNS references to google back to my router (192.168.0.1) with the same results.   Any other files that I should post to confirm they are configured correctly?


```
root@virtualPlex:~ # cat /etc/resolv.conf
search milkyway
nameserver 192.168.0.1
root@virtualPlex:~ # ping google.com
ping: cannot resolve google.com: Host name lookup failure
root@virtualPlex:~ # drill google.com
Error: error sending query: Error creating socket
root@virtualPlex:~ #
```


----------



## SirDice (Sep 6, 2017)

DNS resolving should only be attempted when you're actually connected. Check by IP first. Make sure NAT (if needed/required) is set up properly and/or basic routing (try pinging the default gateway) works. It's no use trying to resolve DNS queries if there's no IP connectivity.


----------



## z662 (Sep 6, 2017)

Good call, I assumed it was, but it is in fact not working if I ping by IP directly (even to the gateway).   Based on the config files I had provided do you think I need to make mods to the host OS or just the VM? (or both?).  I am wondering if my pf.conf needs to be adjusted.  Not sure what else to do for the NAT, it has been a good while since I had modified any of that setup.


----------



## SirDice (Sep 7, 2017)

Just take it one step at a time in a logical order. Make sure the host is set up correctly, it has IP connectivity, can resolve, etc. Basically make sure the host is fully operational. Then add the VM, enable the firewall only for NAT (no rules means everything is allowed). Configure the VM and see what happens. Once you get it going again start adding rules to firewall it properly.


----------



## z662 (Sep 7, 2017)

I am able to ping the world from the Host so I believe everything on that end is fine.  If I disable pftcl I still cannot ping anything from the VM, so I don't think that is the issue but am not sure about anything specific to the VM config or that gateway/bridging stuff.  From what I am reading now the bridge isn't required anymore, but something doesn't feel right with the NAT portion.   Just not sure what else to try or modify at this point.  I don't need any pf running on the VM correct?   If so, and if my pf is disabled on the host, that would mean that the issue is the VM being able to talk to anything beyond the Host I believe....but not sure what else to modify or try.   Let me know if any config files being posted will help.


----------

