Hi,
I use VMWare Fusion Pro 7.1.1 on my Mac Mini Server (OSX 10.10.2) to host a linux Firewall. This works very well at all, but there are some major issues when it comes to 802.1q.
Goal:
Provide a Guest Wifi, using 802.1q to separate this network and create custom rules on the VMWare Firewall.
Setup 1:
Guest Wifi (dd-wrt) Router with VLAN4 Tagged going to my Netgear ProSafe GS108Ev2 Switch to a tagged Interface. My Mac Mini Server is connected to a different Port on the same Switch, also VLAN4 tagged. I created a VLAN Tagged Interface in OSX and shared this Interface to my Linux VMWare Firewall. I can ping my firewall from my Wifi, but at all, no traffic is passed from the Mac Mini to the VMWare. Using tcpdump on the Mac Mini Server, I can see all incoming packets from my Wifi on the vlan0 Interface, but if I take a tcpdump on my Linux VMWare Firewall, there are only a few packets, on the same shared bridged Interface! DHCP works, and PING works, also https to the Firewall. But DNS to google or any other access outside the network never reaches the Linux Firewall.
Bug: The Mac Mini gets all packets on vlan0 (VLAN4 tagged), but VMWare Fusion does not see them, or discards them. Who knows.
So my findings, 802.1q does not work at all with Fusion.
Which leads me to Setup 2.
Setup 2:
Guest Wifi (dd-wrt) Router with VLAN4 Tagged going to my Netgear ProSafe GS108Ev2 Switch to a tagged Interface. The Mac Mini Server is connected to an untagged Port in VLAN4. Now all everything works, my guest wifi is able to reach the outside world.
But! There is another bug, when it comes to reboot the Mac Mini Server. Usually I use the "vmrun -T ws start firewall.vsx nogui" command to start the virtual machine in the background. Using LaunchDaemons. This works very stable.
Now the bug: After the reboot the Guest Wifi does not work anymore! The packets are forwarded to the Firewall, but now I can see this in tcpdump (Linux Firewall - VMWare):
| Header 1 |
|---|
02:47:43.282504 eth0 IP truncated-ip - 4 bytes missing!0.0.0.0.30587 > 255.255.255.255.30591: udp 1438 [ttl 1] 02:47:43.981059 eth0 IP truncated-ip - 4 bytes missing!0.0.0.0.30587 > 255.255.255.255.30591: udp 1438 [ttl 1] |
Communication does not work!
Workaround:
Using LaunchDaemon does cause the issue, so I used the feature, to start the VMWare Firewall when I log in to my Mac Mini. After this, everything is fine. My guess, if I use LaunchDaemons the virtual machine starts to early, which leads to the issue mentioned above.
But why is this? Looks like a bug and I really would like to use the vmrun commands to start the firewall after reboot!!
Any ideas?
Thanks