VMs in "bridged" mode don't surf the internet

Report wireless and/or network connectivity problems in this forum.

Moderator: Moderators

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: VMs in "bridged" mode don't surf the internet

Post by Lantis »

And what is the contents of

Code: Select all

cat /etc/ethers
And

Code: Select all

cat /tmp/dhcp.leases
That ARP table tells most of the story though. The packets look like they're coming from the wrong mac. Is your bridged interface wifi or ethernet on the host?
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

lollapalooza
Posts: 122
Joined: Mon Jun 09, 2014 12:53 pm

Re: VMs in "bridged" mode don't surf the internet

Post by lollapalooza »

Here you are:

Code: Select all

root@PF:~# cat /etc/ethers
b0:b9:8a:5e:57:c4       192.168.0.10
78:d2:94:19:f3:08       192.168.0.11
b0:b9:8a:5e:51:93       192.168.0.12
c0:48:e6:2e:9b:ea       192.168.0.247

Code: Select all

root@PF:~# cat /tmp/dhcp.leases
1587751504 00:0c:29:3c:83:c5 192.168.0.133 paolo-linux-vm 01:00:0c:29:3c:83:c5
1587751228 98:22:ef:cf:3e:79 192.168.0.207 Y520-Paolo 01:98:22:ef:cf:3e:79
1587750376 18:74:2e:1c:c0:8d 192.168.0.125 amazon-ca6e4221f *
1587750056 90:8d:6c:52:53:81 192.168.0.237 iPadAir2Paolo 01:90:8d:6c:52:53:81
1587749827 84:8e:0c:33:da:8e 192.168.0.151 iPhone-di-Paolo 01:84:8e:0c:33:da:8e
1587716891 dc:4f:22:ee:97:6a 192.168.0.246 ESP_EE976A *
1587750361 34:2e:b6:8c:89:1a 192.168.0.163 HUAWEI_P20_Pro-a0a6ea84d6 01:34:2e:b6:8c:89:1a
1587750323 c0:48:e6:2e:9b:ea 192.168.0.247 ue55nu8000 01:c0:48:e6:2e:9b:ea
1587747305 b0:b9:8a:5e:57:c4 192.168.0.10 RBR40 *
1587746910 1c:4d:66:3c:a0:f6 192.168.0.169 amazon-ddd7c3f2d 01:1c:4d:66:3c:a0:f6
1587750342 b8:e9:37:b7:91:8e 192.168.0.150 SonosZP 01:b8:e9:37:b7:91:8e
1587750352 68:db:f5:7d:f1:8a 192.168.0.136 amazon-61680fc67 01:68:db:f5:7d:f1:8a
1587750559 78:d2:94:19:f3:08 192.168.0.11 RBS40V *
1587735820 f4:b8:5e:24:81:62 192.168.0.193 * *
The 1st two rows are the VM and the physical host.
In here the real MAC address is listed.

Physical host is using Wi-Fi adapter.

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: VMs in "bridged" mode don't surf the internet

Post by Lantis »

The short answer is that your configuration is not compatible with that Gargoyle option.
Why it was originally working and now isn't? No idea.
From my understanding of how this all works, it should never have worked at all.

A DHCP request contains the MAC address and requested IP. However, that packet still has to come from somewhere, and that MAC address is going to be that of your wifi card.
This is a good article about how the DHCP request looks: https://www.netmanias.com/en/post/techd ... ns-of-dhcp
The first diagram is good.

Due to the way the enforce DHCP rules are written, packets from your bridged VMs are going to be blocked.

The reason the MAC address doesn't work properly is because wifi bridges are not supported. OpenWrt has a good explanation:
https://oldwiki.archive.openwrt.org/doc ... ode_issues
Support from the VM driver is probably doing some hacky MAC address translation stuff. Like NAT.

If this was all ethernet based, you would have no trouble.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

lollapalooza
Posts: 122
Joined: Mon Jun 09, 2014 12:53 pm

Re: VMs in "bridged" mode don't surf the internet

Post by lollapalooza »

Ok... that's going to be a mistery :-|

One more question: what happens if I do not check the box "Enforce DHCP assignments", but I still put somw hosts in the list under there?

Will the IP addresses assigned as per the list?

Lantis
Moderator
Posts: 6735
Joined: Mon Jan 05, 2015 5:33 am
Location: Australia

Re: VMs in "bridged" mode don't surf the internet

Post by Lantis »

Yes :)

The only reason that option is useful is if you have a rogue device.
Say you set a quota on someone, but they figured out they can force change their IP to get around it.
Using this option helps to prevent that.
If you have a regular network, it isn't that useful.
http://lantisproject.com/downloads/gargoyle_ispyisail.php for the latest releases
Please be respectful when posting. I do this in my free time on a volunteer basis.

lollapalooza
Posts: 122
Joined: Mon Jun 09, 2014 12:53 pm

Re: VMs in "bridged" mode don't surf the internet

Post by lollapalooza »

That’s very good.
So... with the box unchecked, IP reservation works as best effort.

With the box checked, the rule is strictly applied and devices not respecting it will not be allowed out :-)

I think I can leave the box unchecked :-)

Thanks a lot for your help and for all your time.
You’ve been very kind.

Post Reply