KVM Interface Question


6 posts in this topic Last Reply

Recommended Posts

I have two nics on my unraid box, one is the configured management interface, the other I have enabled with no ip address. I use that port as a tap interface, as my switch mirrors the routers uplink port to it, I used to run QRadar on this machine. When I tcpdump the interface on unraid's shell I see all the traffic I expect. However, when I dump that interface with just CentOS minimal installed in a vm and both interfaces passed to the vm (br0, and br1) I see only broadcast traffic. Why?



unraid tcpdump br1 = everything

vm tcpdump br1 = broadcasts only


Link to post

Surely someone has run into this besides me. I'd pass the NIC through to the VM, but System Information page says my IOMMU is disabled. I haven't found a way to enable IOMMU on this old HP 8300 Elite just yet.


Edit: Assuming that IOMMU relies on VT-d then it's my CPU that prevents passing the NIC through to bypass the problem. I've got a i5-3450, and that feature is not included until you reach the i5-3550 or i5-3570. But the bridge interface not passing TCP traffic is still an issue.

Edited by lurkio
update and formatting
Link to post

We're 90% of the way there, but I likely need someone who knows unRAID better than I to get me that last 10%.

Basically, I was trying to run Security Onion in a VM, great tool if you haven't used it. The issue is that a linux bridge acts just like a hardware bridge (ie, switch), it won't forward frames that aren't destined for the correct interface MAC.

There is a way around this:

brctl setageing br1 0
brctl setfd br1 0

This essentially turns the bridge into a hub, blindly forwarding all packets. Great! Now how do I get that to survive reboot? Should this somehow end up in the flash/config/network.cfg? Can I execute bridge-control (brctl) commands there? I'm thinking not. Help!

Link to post
  • 8 months later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.