unable to use port forwarding with softnet

[remarkov]

While attempting to switch to using softnet we noticed that it is not possible to use port forwarding to forward packets to a VM from the host like we normally do with a pf rule like

echo "rdr pass inet proto tcp from any to any port {some random port} -> {VM's IP address from `tart ip`} port 22" | sudo pfctl -ef -

That would allow us to use SSH on the VM by connecting to the host using that "random port" specified in the pf rule. Unfortunately that does not work if VM is running with softnet, we're getting a connection timeout.

Any help or advice on this would be much appreciated!

[edigaryev]

Softnet prevents communication with non-globally routable networks, is that your case?

[remarkov]

Yes, I think that is the root cause of the issue. Is there any workaround for that or does it require changes to softnet?

[abehn-lbi]

Would this be similar to, not being able to route network traffic down an established VPN connection on the MacOS Host?

[edigaryev]

Would this be similar to, not being able to route network traffic down an established VPN connection on the MacOS Host?

I think this is more similar to https://github.com/cirruslabs/tart/issues/473, shared networking (NAT) used in both Tart and the Softnet only supports VPN apps utilizing the Network Extension.

[fkorotkov]

Orchard allows to port-forward and SSH to VMs created with Softnet:

orchard create vm --net-softnet --image ghcr.io/cirruslabs/macos-ventura-base:latest ventura-base
orchard ssh vm ventura-base

We don't see a compelling reason to bake similar functionality in Tart directly.