October 22, 20187 yr I have two nics on my unraid box, one is the configured management interface, the other I have enabled with no ip address. I use that port as a tap interface, as my switch mirrors the routers uplink port to it, I used to run QRadar on this machine. When I tcpdump the interface on unraid's shell I see all the traffic I expect. However, when I dump that interface with just CentOS minimal installed in a vm and both interfaces passed to the vm (br0, and br1) I see only broadcast traffic. Why? tldr; unraid tcpdump br1 = everything vm tcpdump br1 = broadcasts only help
October 24, 20187 yr Author Surely someone has run into this besides me. I'd pass the NIC through to the VM, but System Information page says my IOMMU is disabled. I haven't found a way to enable IOMMU on this old HP 8300 Elite just yet. Edit: Assuming that IOMMU relies on VT-d then it's my CPU that prevents passing the NIC through to bypass the problem. I've got a i5-3450, and that feature is not included until you reach the i5-3550 or i5-3570. But the bridge interface not passing TCP traffic is still an issue. Edited October 24, 20187 yr by lurkio update and formatting
October 24, 20187 yr Author We're 90% of the way there, but I likely need someone who knows unRAID better than I to get me that last 10%. Basically, I was trying to run Security Onion in a VM, great tool if you haven't used it. The issue is that a linux bridge acts just like a hardware bridge (ie, switch), it won't forward frames that aren't destined for the correct interface MAC. There is a way around this: brctl setageing br1 0 brctl setfd br1 0 This essentially turns the bridge into a hub, blindly forwarding all packets. Great! Now how do I get that to survive reboot? Should this somehow end up in the flash/config/network.cfg? Can I execute bridge-control (brctl) commands there? I'm thinking not. Help!
June 27, 20197 yr Did this get you fully up and running? I'm looking into getting a SecOnion VM on my Unraid box, and I want to know if it's fully possible or not. If not, I'll just keep it running on a dedicated box.
Archived
This topic is now archived and is closed to further replies.