I have a situation where I would like to work with a layer 2 network (ie: an ethernet bridge), however the problem I am facing is vmware appears to be filtering packets to the guest OS.
I have found the simplest test case to repeat this is as follows:
\- Have the guest VM connected to a bridge network (vmnet0).
\- Send a packet to a non-existent MAC on the LAN from a host on the LAN.
\- Packet is visible in the host OS when sniffing in promiscuous mode, but not the guest OS. (the same thing occurs in a host only vmnet).
To implement this, I did the following:
\- Sent a packet to the LAN from a PC on the LAN, I used scapy (a one file Python program that allows raw packets to be sent easily over the wire):
>>> conf.iface='eth0'
>>> sendp(Ether(src="00:ff:ff:ff:ff:ff", dst="00:aa:aa:aa:aa:aa")/"XXX Test payload")
.
Sent 1 packets.[/b]
\- Configured the guest OS (in this case Fedora, but also tested with several other Linux variants) to listen in promiscuous mode for packets from the fake source MAC address:
# tcpdump -i eth0 -n -e ether host 00:ff:ff:ff:ff:ff
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
0 packets captured
0 packets received by filter
0 packets dropped by kernel[/b]
\- However if the host OS is configured to also look for packets with tcpdump the packet is visible:
# tcpdump -i eth0 -n -e ether host 00:ff:ff:ff:ff:ff
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:04:04.386701 00:ff:ff:ff:ff:ff > 00:aa:aa:aa:aa:aa, 802.3, length 60: LLC, dsap Unknown (0x58), ssap Unknown (0x58), cmd 0x58, sap 58 I (s=44,r=16,C) len=42
1 packets captured
1 packets received by filter
0 packets dropped by kernel[/b]
To make sure it is not anything else, I tried sending a packet to the MAC address of the guest OS. From scapy again:
>>> sendp(Ether(src="00:ff:ff:ff:ff:ff", dst="00:0c:29:81:24:60")/"XXX Test payload")
.
Sent 1 packets.
However this time from the guest OS:
# tcpdump -i eth0 -n -e ether host 00:ff:ff:ff:ff:ff
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:07:48.015423 00:ff:ff:ff:ff:ff > 00:0c:29:81:24:60, 802.3, length 60: LLC, dsap Unknown (0x58), ssap Unknown (0x58), cmd 0x58, sap 58 I (s=44,r=16,C) len=42
1 packets captured
1 packets received by filter
0 packets dropped by kernel[/b]
The packet is also visible from the host OS as well (as would be expected):
# tcpdump -i eth0 -n -e ether host 00:ff:ff:ff:ff:ff
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes
09:07:46.132665 00:ff:ff:ff:ff:ff > 00:0c:29:81:24:60, 802.3, length 60: LLC, dsap Unknown (0x58), ssap Unknown (0x58), cmd 0x58, sap 58 I (s=44,r=16,C) len=42
1 packets captured
3 packets received by filter
0 packets dropped by kernel[/b]
So, my question is: Is there a way to turn off the MAC address filtering for packets entering the guest OS?
A couple of other things I have tried:
\- Searching the fourums and Google for other people with similar problems.
\- Changing the MAC address of the guest OS interface (ip link set eth0 address 00:aa:aa:aa:aa:aa), it worked exactly as above with the new MAC address.
\- Turning on ip_forward on the host OS, this didn't do anything (I was not really expecting it to as this is a layer 2 problem).
Thanks in advance.