Hello community! Long time thread reader, first time poster. Here is what I would like some help with if someone is available to do so.
I'm using OpenBSD 5.0 i386
I had followed this guide posted below, and I had successfully set up a couple VEPA connections using MacVTap on my Debian KVM server running libvirt. If you are unfamiliar with this type of VM connection, it does not allow the VM's or the host to talk to each other, all frames get sent to the LAN directly.
The advantage of this is that I can use my existing firewall rules in pf, and simply add the VM to the appropriate table and enjoy the benefits of OpenBSD security. All while still having my VM's isolated from the host and each other exactly the way I want them to be, managed from one location.
The issue is (according to the bridge(4) man page) that "If the destination is on the same segment as the origin segment, the bridge will drop the packet because the receiver has already had a chance to see the frame."
Now this is my issue here, I'm having a difficult time getting a work around together (that I'm assuming involves removing the interface in question from the bridge), mostly because I'm not sure what components of OpenBSD (like a !route line in hostname.if) are operating in the layer that I'm trying to deal with (layer2?). I have tried to disable stp on the port in question (using a line in the hostname.if), I have tried bridging vether devices together so I can merry-go-round the frames back to the interface, but the bridges won't seem to allow a vether device on more than one bridge. I have also tried integrating trunks and vlans, to no success.
The biggest thing that has brought me to the forum with this issue is that my experiments with the various psudo-devices are not doing what I am predicting they will in any way. I am guessing this is a result of the psudo-devices being designed to work concisely, and not in the way that I'm using them.
Linux has a 'Hairpin mode' and some physical switches offer ‘Reflective Relay’ mode, I had assumed that I could implement this in OpenBSD.
If someone could describe to me a theory that I could try to implement, I would me most appreciative.
https://seravo.fi/2012/virtualized-b...g-with-macvtap
Thank you,
Mike