Trying to spoof guest NIC to transparently relay to host NIC

wrobelda

New Member
Apr 13, 2022
7
0
1
I am trying to set up OPNSense inside Proxmox. Unfortunately I cannot pass the interface as is, due to lack of IOMMU support, as I am running this in a nested Azure VM, so I need to get by using bridges.

The host configuration is:
– eth0
– vmbr0 with eth0 assigned to it

Code:
iface eth0 inet manual

auto vmbr0
iface vmbr0 inet manual
    bridge-ports eth0
    bridge-stp off
    bridge-fd 0

The guest configuration is:
– VirtIO NIC attached to vmbr0, with MAC overridden using same address as the eth0
– Firewall: NO
– MAC Filter: NO

Running dhclient on eth0 or vmbr0 correctly discovers and assigns an IP address.

Now, I am trying to get the OPNSense in a VM to get that IP address instead and to relay its traffic via the vmbr0 transparently outside of the host. I have done something very similar previously between OpenWRT running in a VM and another VM, using OpenWRT's "trivial relay" (kmod-trelay, see https://forum.openwrt.org/t/howto-kmod-trelay/49610/2, also https://github.com/openwrt/openwrt/commit/c3bba7f8c61ee98265bcffef8ee86e22aa89bbe9), and despite that this particular case is much simpler, I can't get the VM to communicate with the ISP properly. I tried simply by spoofing the eth0's MAC address by setting the OPNSense VM's interface to it, but that's not enough. Any idea what could be done here?
 
Last edited:

wrobelda

New Member
Apr 13, 2022
7
0
1
I checked the traffic on both ends using tcpdump, and, interestingly, vmbr0 does see the DHCP requests coming from the VM, and the ISP does respond, but that response never reaches the VM, nor the tap interface corresponding to the VM that Proxmox assigned to the bridge.

What am I missing here?
 
Last edited:

About

The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get your own in 60 seconds.

Buy now!