Virtual Machines Disappearing From Device List

Comments

10 comments

  • Avatar
    Jason Reynolds

    I'm using the Bridged option for the network adapters, meaning each virtual NIC has a unique IP address and MAC. I can further confirm this when the device shows up in the device list for a short time. The IP address and MAC is unique and different than the host machine. For all intensive purposes, the virtual machine should just appear as any other physical device on the network from the perspective of Firewalla.

    1
    Comment actions Permalink
  • Avatar
    Jason Reynolds

    I did some more investigative work on my end. I did a tcpdump on the Firewalla and viewed the ARP table. Although unique MACs are assigned to the VMs on the VMware Workstation side, it appears the same MAC (host MAC) is presented to other devices on the network, including the Firewalla.

    I believe this is causing issues with Firewalla being able to correctly identify the virtual machines on the network. Is there any way to have Firewalla take into account this use case? I host my website on a virtual machine, and when the virtual machine disappears from the device list, the port forwarding rules disappear along with it. As long as the virtual machine shows up in the device list, the web server is accessible from the Internet. As soon as the virtual machine disappears from the device list, it is no longer accessible.

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    @Christer

    I have created a case for us to follow up with you. In general, if your MAC address is for sure different, then they should all show up on the devices page. Also, make sure the VM or real machine can respond to ping, or at least send some traffic to your WAN

    1
    Comment actions Permalink
  • Avatar
    Firewalla

    This depends on how your VM network is set up.   If they all bridge through a common network and share an adapter, it means they also share the same MAC (and also NAT).   In this case, firewalla will only see one MAC address, and all of your VM traffic will be from it. 

    0
    Comment actions Permalink
  • Avatar
    Jason Reynolds

    I finally got this to work by first changing the network adapter for the VM in VMware Workstation from Bridged to NAT. Second, I had to allow the necessary ports through Windows firewall on the host itself. Third, I had to forward these ports to the VM by editing the NAT settings through the virtual network editor in VMware Workstation.

    Although this works, I don't think it's an ideal solution. First, you can't control the VM directly through Firewalla. Second, this configuration is more cumbersome to implement. Third, it's not as secure, because you have to open up the ports destined for the VM on the VMware host itself.

    So just to reiterate, it would be nice if Firewalla could distinguish between devices with the same MAC but different IP addresses in the case of virtual machines. Or, and maybe easier to implement, allow for the configuration of port forwarding to an IP address on Firewalla without the need for the device to be present in the device list. This is how most WiFi routers function, as I've configured port forwarding to virtual machines on multiple WiFi routers without issue.

    Thanks for your time and a great product! I look forward to seeing how the functionality on the Firewalla evolves through continued user input and software development :)

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Have you tried to set a static MAC or configure VMware to use a dynamic MAC per VMware instance?  For example https://kb.vmware.com/s/article/219

    Not sure if this applies to the workstation or not. 

    0
    Comment actions Permalink
  • Avatar
    Christer Tysdal

    Thanks for investigating this Jason.
    I'm currently experience the same using Hyper-V clusters running both Windows and Linux Vm's. All VMs using their own ip as well as static MACs. 
    In Firewalla this appears as two devices showing up and disappearing, both having the same ip. The MAC's on these are of course different - one related to the VM and the other is the host's MAC.

    It's very unfortunate as my rules and NAT Port Forwarders disappears when the device is "gone". Should at least have an option in both rules and Port Forwarders to be able to see inactive rules. (In addition to solve the issue)

    0
    Comment actions Permalink
  • Avatar
    Christer Tysdal

    Thanks for the update and reaching out on email.
    I will make sure my VM's allow ping requests from Firewalla and let you know if that helps.

    0
    Comment actions Permalink
  • Avatar
    Tom van B

    Same here actually for virtualbox. I have made a DMZ for malware analysis . The Virtual Hosts disappear after some timeframe, when left switched off, but reappear when started again.

    0
    Comment actions Permalink
  • Avatar
    Firewalla

    Make sure your virtual machine is bridged directly to your main network, it has its own MAC. (not NAT via the physical host's network)

    0
    Comment actions Permalink

Please sign in to leave a comment.