I have two nics on my unraid box, one is the configured management interface, the other I have enabled with no ip address. I use that port as a tap interface, as my switch mirrors the routers uplink port to it, I used to run QRadar on this machine. When I tcpdump the interface on unraid's shell I see all the traffic I expect. However, when I dump that interface with just CentOS minimal installed in a vm and both interfaces passed to the vm (br0, and br1) I see only broadcast traffic. Why?



Surely someone has run into this besides me. I'd pass the NIC through to the VM, but System Information page says my IOMMU is disabled. I haven't found a way to enable IOMMU on this old HP 8300 Elite just yet.


Edit: Assuming that IOMMU relies on VT-d then it's my CPU that prevents passing the NIC through to bypass the problem. I've got a i5-3450, and that feature is not included until you reach the i5-3550 or i5-3570. But the bridge interface not passing TCP traffic is still an issue.

We're 90% of the way there, but I likely need someone who knows unRAID better than I to get me that last 10%.

Basically, I was trying to run Security Onion in a VM, great tool if you haven't used it. The issue is that a linux bridge acts just like a hardware bridge (ie, switch), it won't forward frames that aren't destined for the correct interface MAC.

There is a way around this:

brctl setageing br1 0
brctl setfd br1 0

This essentially turns the bridge into a hub, blindly forwarding all packets. Great! Now how do I get that to survive reboot? Should this somehow end up in the flash/config/network.cfg? Can I execute bridge-control (brctl) commands there? I'm thinking not. Help!

