I've been a long-time Fusion 2 user, but going to Lion finally forced me to upgrade to Fusion 4.
Some of my virtual machines are configured with host-only networking, so net.inet.ip.forwarding is enabled. However, others use bridged networking, via WLAN. The interesting side effect is that the latter get every packet from the network twice.
Apparently, that's because:
- When using bridged networking via wireless, Fusion 4 guests will use the host MAC address to communicate with the outside. This makes sense in some way, as a couple of access points (e.g. from Cisco, possibly others) won't accept the bridged address.
Other APs can cope with that just fine, and it would be great have an option to restore the old behaviour of using the virtual address.
- As such, a packet destined to the bridged VM interface will be be sent to the host's MAC address. The host accepts the packet (after all, IP forwarding is enabled), and forwards it to the virtual machine. However: In parallel, the bridged-networking code accepts the packet, and forwards it to the virtual machine, too. Et voilà, that's where the dupes come from.
I've played around with a couple of the VMX file parameters, but to no avail. There doesn't seem to be any configuration option to modify this behaviour.
Luckily, Lion comes with an implementation of OpenBSD's "pf" packet filter. Adding
pass in quick on en1 from any to (en1)
pass in quick on en1 from any to (en1:broadcast)
block in quick on en1 from any to (en1:network)
pass in quick all
pass out quick all
to /etc/pf.conf, followed by sudo pfctl -ef /etc/pf.conf greatly helped to get rid of the duplicates (en1 is my wireless interface).
Not sure about host OS stability implications yet. I remember reading some reports that relate OSX crashes to the PF implementation.
Anyway, it would be great if that hack wouldn't be needed.