My idea was to build/simulate a typical firewall setup with a redundant firewall, where the secondary box takes over if the primary fails. After considering a Linux based solution, I decided to try a BSD based approach, since this OS family seemed very suitable for this kind of setup.

After playing around a bit with some open source based firewall appliances like m0n0wall and pfsense, I did what real men do - and settled for OpenBSD Continue reading "Failover firewalls with OpenBSD + VMware Server, part I: The network scenario"

Today I was playing around with VMware server and two OpenBSD virtual machines that resided on the same vmnet network. I noticed, that vmnet seemed to operate in "switch" mode. I was sending a ping from the host OS to VM1 and VM2 was not able to see the packet. After digging around the web, I found a solution:

1.) create a user group vmadm
2.) add the UID which is used tu run the VMs to this group
3.) change the group ownership of the vmnet interfaces to this group
4.) allow group members to read/write to the vmnet interfaces

e.g on Debian execute (VMs run as UID vmrun, VMs use vmnet1):

addgroup vmadm

adduser vmrun vmadm

chgrp vmnet /dev/vmnet1

chmod g+rw /dev/vmnet1