From owner-freebsd-jail@freebsd.org Fri Jun 26 17:29:02 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id E53A035C546 for ; Fri, 26 Jun 2020 17:29:02 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49tkQ60rBLz4tZ9 for ; Fri, 26 Jun 2020 17:29:01 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: by mail-io1-xd2e.google.com with SMTP id q8so10657899iow.7 for ; Fri, 26 Jun 2020 10:29:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=ENAiKV0t/SrFIuprbr7NpR3Hlm2uhbk6wTfuNCZaQac=; b=Wq5dAr00l5AuTC/tvN3/RRVO3zk+qIipLj4RXEP34zypPj5FxdKo6TWSJP79vP+e6H mQ5JD9x1oiaM4ZBmH69E0x43OGL4fek2lz5IEN5ynfNMFbtblmOnjTTJXTBQrxeAr5tH zOKSS084nNgGeyfRVu+RiwINlm+d38u8CXC/9Sdq2ajhkRAMVvyfrTDcz+1AICILoPoj cMjR4iOS8uK4uCnFKz3G0O2aKEpoaI+H4U2ehwQAp/grF0l11R2XRcJ7RLbjJg/OwFW/ 1o1Xjja2q3v+f3Z+Vb7xpBZpJDiS63teAX/16erpwymQz3VKlIIE2vlouLHFNHB1Rjlz yieA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=ENAiKV0t/SrFIuprbr7NpR3Hlm2uhbk6wTfuNCZaQac=; b=a0KWX5gyuJ9Eh26S36ow4TtW/w4OSYasNEkxuXcabPT1fRfb/WkhCtvz2hmxJoYGOq V11JsnM7dtnGTXb5GJmvLlc/0PQ5vBo7465eaco9l9wvXnDXGSCYNmranRK/CtD9Euup ZXS2124HRC1JkNSFZ4ranK7tTxl8enUBvz/1048NRaiW6yk5t8lPzgKraizIMTv94C5y CjM8Qf3Un9H+ER4kAfRXhZb/mSBJqfevBguOLMf16Er7FQESIkblO/7Vq/ANiePyRz7P J8ldxRKkrLGKgsKcFIVx9dAMrvG2bjuX++IO1fDWNi3Fv+1t5jAGR0KvWzjAv4biscTk qTWQ== X-Gm-Message-State: AOAM533rNjf5qnl2zvbOENQ7h1SC0Km1pEZ85bHzNxAsHAwyrsSr+mkM Oryr2PrQrLhFJjfwYbN44j/5vss+ecVjv/2ktDBDwgxD X-Google-Smtp-Source: ABdhPJyIygUtWzaX6idWVKXXaBb31n4l5nphy8I1T+q/dB/1mgYFlF2ajR5gsjWm/qTZ2qdSVtWV47Azc+xoYSwpVUo= X-Received: by 2002:a6b:780b:: with SMTP id j11mr4538252iom.178.1593192540726; Fri, 26 Jun 2020 10:29:00 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a4f:3b52:0:0:0:0:0 with HTTP; Fri, 26 Jun 2020 10:29:00 -0700 (PDT) From: David Mehler Date: Fri, 26 Jun 2020 13:29:00 -0400 Message-ID: Subject: IPv6 jails and webserver To: freebsd-jail@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 49tkQ60rBLz4tZ9 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=Wq5dAr00; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of davemehler@gmail.com designates 2607:f8b0:4864:20::d2e as permitted sender) smtp.mailfrom=davemehler@gmail.com X-Spamd-Result: default: False [-3.29 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.00)[-1.003]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; TO_DN_NONE(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-1.02)[-1.023]; TO_MATCH_ENVRCPT_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::d2e:from]; NEURAL_HAM_SHORT(-0.26)[-0.259]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jun 2020 17:29:03 -0000 Hello, I've got a /64 IPv6 block. I've got a jailed webserver running Apache. I am wondering if I can have a different IPv6 address for each virtual web site, is this doable with the jail? Thanks. Dave. From owner-freebsd-jail@freebsd.org Fri Jun 26 17:33:45 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 037FE35CA9C for ; Fri, 26 Jun 2020 17:33:45 +0000 (UTC) (envelope-from cedric.maunoury@gmail.com) Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49tkWW6VXHz4tdp for ; Fri, 26 Jun 2020 17:33:43 +0000 (UTC) (envelope-from cedric.maunoury@gmail.com) Received: by mail-wm1-x32f.google.com with SMTP id g75so9531868wme.5 for ; Fri, 26 Jun 2020 10:33:43 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Sf//kxE6hNk8pefrloCYqfbusZLbPqOEbnmjjbGGxkI=; b=sYPoekH8E9rDdwlrzNwy9ChP9qpd6MW+k6ck+adGqhOdJqPmwPsz+k2IznVwzeZT5k K2hDDU8BQo74UlkdhBiaYpOszDPnL2zxe4/pxAaAqYkX6z0UsTMLmRyosKoGU6LQMQFw PNgCZNob27mjg6XrySS7MeTYhvK+pU5xkeX2HKxZGbist0SuxSUb8JZP1i3Su/HhIoRs nuCv0tioAK6Yq7owKA456Tp4h1EZLwNozYWKeuXQJo093VyD7SxTXYm1iPmYJiWUtXvj J1oopd1Hpw5N7amSUHxlztijMJTrWy6R+IrOtPlOc0wj1AAALjflYeYsai3TpBztS/Yd LO2w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=Sf//kxE6hNk8pefrloCYqfbusZLbPqOEbnmjjbGGxkI=; b=i0qUWoShXumxb8bqhui7la/s+5ZiZ+e46BbhhMIvNxWqlAngCOXu2SQSo2xSTVW0tW 15hjd398Ut4NZOEXawwc3evaiQkFJA+IuyTNnNUq0iU64lo3wzSmTL9fLXZogosDcCNY pylbOMpisM+lcPovpspIJV1WgFG5d30GSXm95vhkIVqsndDjKib5/uNCHYCsGVdw9Acl h11Pf4Pgr6Q8fsC3HtEu8qQx/8han6JAz/2E8MlJ62paFNbd4/Nv4k++hbPLRfxJ6D29 MYvcaj4hqCfn+MpSgLCkrU6BjdQsY3rchELlEJ1MJIGtbsTtd20eXIaNBBWWiunYHOR9 S2NQ== X-Gm-Message-State: AOAM531hvFdi8HDwmQgkb/IKNapK3VxoNiaX57aARfjPf1V2YU4H/SgR TAwQQJ6iHhwPy/sN0r3z4No= X-Google-Smtp-Source: ABdhPJx9E6DVt1NLYLxavn3X09Apl7lBlU0mft0UWd56Ap986T+GhtGVlZWf0fEm7+EEbhT6r9CW5A== X-Received: by 2002:a1c:48c5:: with SMTP id v188mr4185881wma.58.1593192821588; Fri, 26 Jun 2020 10:33:41 -0700 (PDT) Received: from ?IPv6:2a01:cb08:83d5:9f00:a808:fdc8:e9a8:2047? (2a01cb0883d59f00a808fdc8e9a82047.ipv6.abo.wanadoo.fr. [2a01:cb08:83d5:9f00:a808:fdc8:e9a8:2047]) by smtp.gmail.com with ESMTPSA id f12sm8015331wrj.48.2020.06.26.10.33.40 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 26 Jun 2020 10:33:40 -0700 (PDT) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (1.0) Subject: Re: IPv6 jails and webserver From: =?utf-8?Q?C=C3=A9dric_Maunoury?= X-Mailer: iPhone Mail (15G77) In-Reply-To: Date: Fri, 26 Jun 2020 19:33:39 +0200 Cc: freebsd-jail@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: References: To: David Mehler X-Rspamd-Queue-Id: 49tkWW6VXHz4tdp X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=sYPoekH8; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of cedricmaunoury@gmail.com designates 2a00:1450:4864:20::32f as permitted sender) smtp.mailfrom=cedricmaunoury@gmail.com X-Spamd-Result: default: False [-2.84 / 15.00]; RCVD_VIA_SMTP_AUTH(0.00)[]; TO_DN_SOME(0.00)[]; R_SPF_ALLOW(-0.20)[+ip6:2a00:1450:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MV_CASE(0.50)[]; RCVD_COUNT_THREE(0.00)[3]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; NEURAL_HAM_SHORT(-1.00)[-0.996]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; R_MIXED_CHARSET(0.71)[subject]; FREEMAIL_ENVFROM(0.00)[gmail.com]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_FROM(0.00)[]; ASN(0.00)[asn:15169, ipnet:2a00:1450::/32, country:US]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.04)[-1.039]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; NEURAL_HAM_LONG(-1.02)[-1.021]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; TO_MATCH_ENVRCPT_SOME(0.00)[]; RCVD_IN_DNSWL_NONE(0.00)[2a00:1450:4864:20::32f:from]; RCVD_TLS_ALL(0.00)[] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 26 Jun 2020 17:33:45 -0000 Hi Dave, You can do that. You will have to declare each IP in your configuration. Cedric Envoy=C3=A9 de mon iPhone > Le 26 juin 2020 =C3=A0 19:29, David Mehler a =C3=A9= crit : >=20 > Hello, >=20 > I've got a /64 IPv6 block. I've got a jailed webserver running Apache. > I am wondering if I can have a different IPv6 address for each virtual > web site, is this doable with the jail? >=20 > Thanks. > Dave. > _______________________________________________ > freebsd-jail@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org" From owner-freebsd-jail@freebsd.org Sat Jun 27 15:27:10 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 149E3354398 for ; Sat, 27 Jun 2020 15:27:10 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mailman.nyi.freebsd.org (unknown [127.0.1.3]) by mx1.freebsd.org (Postfix) with ESMTP id 49vHg16tkCz44TQ for ; Sat, 27 Jun 2020 15:27:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: by mailman.nyi.freebsd.org (Postfix) id EC713354132; Sat, 27 Jun 2020 15:27:09 +0000 (UTC) Delivered-To: jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id EC382354396 for ; Sat, 27 Jun 2020 15:27:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49vHg1639fz44RJ for ; Sat, 27 Jun 2020 15:27:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2610:1c1:1:606c::50:1d]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id CB3D927520 for ; Sat, 27 Jun 2020 15:27:09 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org ([127.0.1.5]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id 05RFR9dn007167 for ; Sat, 27 Jun 2020 15:27:09 GMT (envelope-from bugzilla-noreply@freebsd.org) Received: (from www@localhost) by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id 05RFR9A5007166 for jail@FreeBSD.org; Sat, 27 Jun 2020 15:27:09 GMT (envelope-from bugzilla-noreply@freebsd.org) X-Authentication-Warning: kenobi.freebsd.org: www set sender to bugzilla-noreply@freebsd.org using -f From: bugzilla-noreply@freebsd.org To: jail@FreeBSD.org Subject: [Bug 247572] /usr/share/examples/jails jib & jng NOT working Date: Sat, 27 Jun 2020 15:27:09 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: misc X-Bugzilla-Version: 12.1-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: lwhsu@FreeBSD.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: jail@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: assigned_to cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2020 15:27:10 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D247572 Li-Wen Hsu changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|bugs@FreeBSD.org |jail@FreeBSD.org CC| |lwhsu@FreeBSD.org --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-jail@freebsd.org Sat Jun 27 17:09:37 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 046A6357799 for ; Sat, 27 Jun 2020 17:09:37 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: from mail-io1-xd2e.google.com (mail-io1-xd2e.google.com [IPv6:2607:f8b0:4864:20::d2e]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49vKxD0YwHz4Cq4 for ; Sat, 27 Jun 2020 17:09:35 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: by mail-io1-xd2e.google.com with SMTP id k23so12976047iom.10 for ; Sat, 27 Jun 2020 10:09:35 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=flQ/PxmdxWyd4IZGxfaA7KuPQtj96M23lrq+t0qBmoM=; b=VGwmeqAnxlT2WhzRAYqqsczxi02GfSXVs7K2MkQYYRGM5pH/iQ6z47sL/ho8RtOqNL K9mYtrBaN+2cE5JYer3wg8p6pFTMYrrIvYgerfoAcrIrSt+xC4DIP+NXjVNBOnEW15T8 27maMPj5STbPuZcwM1o08qHSTfU8uzncobIz4m5rASqZ+aWpH4PQw/52Pq8Ar66lnQ6O eU0Rvx6xOmHSQ5/lQ5Kj+PLRHn9Y/0mxBZk/5QpE9opzzr74yD47prglevHKHUK29oB/ OxN2qJEuoDwNRN0T2+nSjNSyJq08h07cecUF+l2dtfNqeZBD1aVGHDx8J4VlkbQzUDzb 4pHA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=flQ/PxmdxWyd4IZGxfaA7KuPQtj96M23lrq+t0qBmoM=; b=bO5enP51d+AnAgBWtCsv1KXIviEMIFgHwFNHDtvnals5NPeKoAoQzaN/U5JoM+Y/xC hyBthVwxy7yataNgAO6I+25sBOTZ5VX88O8kfaYdv87b8EVRTJ/Wxv9NODwg+SrLAoKv g6Mr1K+k21pNrU4UjA4B85VVlfoho+aNRGbj9PUUx5KgJTSIRFwhiE7wXgJVVhcZiFVn YpQS9oaUY7CYFIeEtQEYMRcMIvWBxTgSF+k+dRQ14KFxzfCRsCtuJNzA3vH+IkhVlUER HtvYB+EZWmy0hzNlHWZi1f0FquAzpTe4Alj7X7CBPGVOh+krPGWVr5ZxPaFIlIEPg+Ad k8Lg== X-Gm-Message-State: AOAM5333uBvA3iv5rQbh7OwCBtDWTAtpZUrDbSSzGtYuPt29Q9+4C2SN HBY6h7LhpOou/sx6YFukFyyufYIjZAEPHOG8LYLl31ns X-Google-Smtp-Source: ABdhPJw4SrQwlKtusOTypR/hr5a/QpdtkysvCm0vwn87MtVMHlYBIY+g6/nWMBQaioTLqugFtBJ1RcI9Ni8ULyP/k4I= X-Received: by 2002:a02:3402:: with SMTP id x2mr9064869jae.11.1593277774679; Sat, 27 Jun 2020 10:09:34 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a4f:3b52:0:0:0:0:0 with HTTP; Sat, 27 Jun 2020 10:09:34 -0700 (PDT) From: David Mehler Date: Sat, 27 Jun 2020 13:09:34 -0400 Message-ID: Subject: FreeBSD 12.1, vnet jail, and internet access To: freebsd-jail Content-Type: text/plain; charset="UTF-8" X-Rspamd-Queue-Id: 49vKxD0YwHz4Cq4 X-Spamd-Bar: --- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=VGwmeqAn; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of davemehler@gmail.com designates 2607:f8b0:4864:20::d2e as permitted sender) smtp.mailfrom=davemehler@gmail.com X-Spamd-Result: default: False [-3.59 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.01)[-1.013]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; FROM_HAS_DN(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36:c]; FREEMAIL_FROM(0.00)[gmail.com]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; NEURAL_HAM_LONG(-0.94)[-0.936]; RCPT_COUNT_ONE(0.00)[1]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::d2e:from]; NEURAL_HAM_SHORT(-0.64)[-0.645]; TO_MATCH_ENVRCPT_ALL(0.00)[]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2020 17:09:37 -0000 Hello, I'm trying to get vnet jails going on FreeBSD 12.1-p6. I can start and stop it and interfaces come up and go down, on the jail it can ping the gateway but pings fail. Am I missing a step? I've got a single IPv4 address and am using private IPv4 addresses. As of now I have not set an IPv6 address to this jail. The routing tables all look good. Here's my configuration: On the host: #ifconfig bridge0 ifconfig: interface bridge0 does not exist #ifconfig epair0a ifconfig: interface epair0a does not exist #ifconfig epair0b ifconfig: interface epair0b does not exist #cat rc.conf hostname="xxxxxxxxxxxxxx" ifconfig_vtnet0="DHCP" ifconfig_vtnet0_ipv6="inet6 accept_rtadv" jail_enable="YES" #ifconfig vtnet0 vtnet0: flags=8843 metric 0 mtu 1500 options=6c07bb ether f2:3c:92:bc:54:37 inet6 fe80::f03c:92ff:febc:5437%vtnet0 prefixlen 64 scopeid 0x1 inet6 xxx prefixlen 64 autoconf inet xxx.xxx.xxx.xxx netmask 0xffffff00 broadcast xxx.xxx.xxx.xxx media: Ethernet 10Gbase-T status: active nd6 options=23 #cat jail.conf loghost { host.hostname = "loghost"; path = "/jail/loghost"; mount.devfs; devfs_ruleset = "4"; exec.consolelog = "/var/log/console.loghost"; vnet = "new"; exec.clean; vnet.interface = "epair0b"; exec.prestart = "ifconfig epair0 create up"; exec.prestart += "ifconfig bridge0 create up"; exec.prestart += "ifconfig bridge0 inet 192.168.122.1/24 addm vtnet0"; exec.prestart += "ifconfig bridge0 addm epair0a"; exec.start = "/bin/sh /etc/rc"; exec.start += "ifconfig epair0b inet 192.168.122.50 netmask 255.255.255.0"; exec.start += "route add default 192.168.122.1"; exec.stop = "/bin/sh /etc/rc.shutdown"; exec.poststop = "ifconfig epair0a destroy"; exec.poststop += "ifconfig bridge0 deletem epair0a"; exec.poststop += "ifconfig bridge0 destroy"; } #service jail start Starting jails: loghost. #jls JID IP Address Hostname Path 3 loghost /jail/loghost #ifconfig bridge0 bridge0: flags=8843 metric 0 mtu 1500 ether 02:bf:cf:92:2c:00 inet 192.168.122.1 netmask 0xffffff00 broadcast 192.168.122.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: epair0a flags=143 ifmaxaddr 0 port 3 priority 128 path cost 2000 member: vtnet0 flags=143 ifmaxaddr 0 port 1 priority 128 path cost 2000 groups: bridge nd6 options=1 #ifconfig epair0a epair0a: flags=8943 metric 0 mtu 1500 options=8 ether 02:c0:11:e6:99:0a inet6 fe80::c0:11ff:fee6:990a%epair0a prefixlen 64 tentative scopeid 0x3 groups: epair media: Ethernet 10Gbase-T (10Gbase-T ) status: active nd6 options=29 #ifconfig epair0b ifconfig: interface epair0b does not exist #netstat -rn Routing tables Internet: Destination Gateway Flags Netif Expire default xxx.xxx.xxx.xxx UGS vtnet0 xxx.xxx.xxx.xxx/24 link#1 U vtnet0 xxx.xxx.xxx.xxx link#1 UHS lo0 127.0.0.1 link#2 UH lo0 192.168.122.0/24 link#5 U bridge0 192.168.122.1 link#5 UHS lo0 In the jail: #jexec loghost /bin/tcsh #ifconfig -a lo0: flags=8049 metric 0 mtu 16384 options=680003 inet6 ::1 prefixlen 128 inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 inet 127.0.0.1 netmask 0xff000000 groups: lo nd6 options=21 epair0b: flags=8843 metric 0 mtu 1500 options=8 ether 02:c0:11:e6:99:0b inet 192.168.122.50 netmask 0xffffff00 broadcast 192.168.122.255 groups: epair media: Ethernet 10Gbase-T (10Gbase-T ) status: active nd6 options=29 #cat /etc/rc.conf hostname="loghost" #ping -c 1 192.168.122.1 PING 192.168.122.1 (192.168.122.1): 56 data bytes 64 bytes from 192.168.122.1: icmp_seq=0 ttl=64 time=0.111 ms --- 192.168.122.1 ping statistics --- 1 packets transmitted, 1 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.111/0.111/0.111/0.000 ms #ping -c 1 1.1.1.1 PING 1.1.1.1 (1.1.1.1): 56 data bytes --- 1.1.1.1 ping statistics --- 1 packets transmitted, 0 packets received, 100.0% packet loss #netstat -rn Routing tables Internet: Destination Gateway Flags Netif Expire default 192.168.122.1 UGS epair0b 127.0.0.1 link#1 UH lo0 192.168.122.0/24 link#2 U epair0b 192.168.122.50 link#2 UHS lo0 Am I missing a step with vnet? I was under the impression that vnet jails have there own TCPIP stack separate from the host's stack. Thanks. Dave. From owner-freebsd-jail@freebsd.org Sat Jun 27 20:48:35 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 7603235C2D5 for ; Sat, 27 Jun 2020 20:48:35 +0000 (UTC) (envelope-from goya@eik.bme.hu) Received: from zero.eik.bme.hu (zero.eik.bme.hu [152.66.115.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49vQnt4H0nz4R5R for ; Sat, 27 Jun 2020 20:48:34 +0000 (UTC) (envelope-from goya@eik.bme.hu) Received: from zero.eik.bme.hu (blah.eik.bme.hu [152.66.115.182]) by localhost (Postfix) with SMTP id 9612E74632C; Sat, 27 Jun 2020 22:48:31 +0200 (CEST) Received: by zero.eik.bme.hu (Postfix, from userid 884) id 7E01E74594E; Sat, 27 Jun 2020 22:48:31 +0200 (CEST) Date: Sat, 27 Jun 2020 22:48:31 +0200 From: =?utf-8?B?SsOBS8OTIEFuZHLDoXM=?= To: David Mehler Cc: freebsd-jail Subject: Re: FreeBSD 12.1, vnet jail, and internet access Message-ID: <20200627204831.GC77414@eik.bme.hu> References: MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Organization: Budapest University of Technology and Economics (BME) X-Spam-Checker-Version: Sophos PMX: 6.4.8.2820816, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2020.6.27.204218, AntiVirus-Engine: 5.74.0, AntiVirus-Data: 2020.6.26.5740003 X-Spam-Flag: NO X-Spam-Probability: 8% X-Spam-Level: X-Spam-Status: No, score=8% required=50% X-Rspamd-Queue-Id: 49vQnt4H0nz4R5R X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of goya@eik.bme.hu designates 152.66.115.2 as permitted sender) smtp.mailfrom=goya@eik.bme.hu X-Spamd-Result: default: False [-0.27 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx]; NEURAL_HAM_LONG(-0.77)[-0.772]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[bme.hu]; NEURAL_SPAM_SHORT(0.07)[0.067]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCVD_IN_DNSWL_MED(-0.20)[152.66.115.2:from]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_MEDIUM(-0.87)[-0.868]; FREEMAIL_TO(0.00)[gmail.com]; FORGED_SENDER(0.30)[jako.andras@eik.bme.hu,goya@eik.bme.hu]; R_DKIM_NA(0.00)[]; R_MIXED_CHARSET(1.50)[subject]; ASN(0.00)[asn:2547, ipnet:152.66.0.0/16, country:EU]; MIME_TRACE(0.00)[0:+]; FROM_NEQ_ENVFROM(0.00)[jako.andras@eik.bme.hu,goya@eik.bme.hu]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2020 20:48:35 -0000 Hello David, > I'm trying to get vnet jails going on FreeBSD 12.1-p6. I can start and > stop it and interfaces come up and go down, on the jail it can ping > the gateway but pings fail. Am I missing a step? I've got a single > IPv4 address and am using private IPv4 addresses. Do you have NAT set up on the host? András From owner-freebsd-jail@freebsd.org Sat Jun 27 21:06:03 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 44C1C35C9B2 for ; Sat, 27 Jun 2020 21:06:03 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: from mail-io1-xd32.google.com (mail-io1-xd32.google.com [IPv6:2607:f8b0:4864:20::d32]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "GTS CA 1O1" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49vRB202crz4T1M for ; Sat, 27 Jun 2020 21:06:01 +0000 (UTC) (envelope-from dave.mehler@gmail.com) Received: by mail-io1-xd32.google.com with SMTP id i4so13322034iov.11 for ; Sat, 27 Jun 2020 14:06:01 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-transfer-encoding; bh=yKNEKMPO0TPgkDkKoDaxHlwxaSd+E3b8L193BhgVVS8=; b=avxeSqpNMssVLZedCIUTKGj9S0bCWfhJ8TVatljhy+ycnqiFP2OunB0Zi0zICTPD7x R/eXYZVN7Y8xawDn/VEN5qSBakCHnhFG39YUGI9O6+fiyNOpYYADqvfLEhWWgADS+6YB /eUYBlB/h9GSysaFZtmtVfvBW6BKIehXrAsCxXVzXIin+KCIJZn6jIK6mZblSFosT4+f DeEIFmnatho6iHIwr0uApFYlzGS/01U3kpFcBLn86cRMapfmqnAW5PGpRBVW12cxlHSH 85Eg4kJAakNJex0KB1AgVrRbekZkk4iHdfgKSpmZB5TByJd1KRZ7K3tl8ThsC4lf9K3e 87IQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=yKNEKMPO0TPgkDkKoDaxHlwxaSd+E3b8L193BhgVVS8=; b=DoCgjGzDAf4FoX5WWSajQmR3t7jZ6FI4wx2mEUjLt4K+NUcSeQD0bpVVPRJohZ40Mx 68Ca5YJSlxptusACumyx/vh64EeL4hAuyuDqvKMmRaLr3H9clE2fSoHylUMCjlF2OaXv b3VZxHnVl8Dg1QqI2mfnjplLPupf3EQPSE/8jM4v1DyEkvG6Mvk1lPz1b8vWmvz2yKec n+LLe7k/7ZOnlgieTTmAVf50lj77n/JUwR9vsIR/SBlMUimcpLc0knYG7rbuftQuQahi 3NoE8mkSPitEYR2+JOnEIAHdza7Oo3fKuZX0HZAf+ve/cKEQJtbEmXqrevuxIIrsgDxM GteQ== X-Gm-Message-State: AOAM532LWXBM6uBIx2gYtrRIkHadckFPYS+igSQ46Oe4+fMNcmhB63XC 4mbbYE8pR3zo9h9aTHCf2AuggGyg2fureHoG7OihmVFn X-Google-Smtp-Source: ABdhPJx3lU43hCQn7szlABqvFqrgx6sxC1N//oB/6SwFfrK7GQNxjZNlnO/d3i88wHlh/Z7bWvrk/UptMakx2uzT2X0= X-Received: by 2002:a05:6602:2cd3:: with SMTP id j19mr10206330iow.111.1593291960795; Sat, 27 Jun 2020 14:06:00 -0700 (PDT) MIME-Version: 1.0 Received: by 2002:a4f:3b52:0:0:0:0:0 with HTTP; Sat, 27 Jun 2020 14:06:00 -0700 (PDT) In-Reply-To: <20200627204831.GC77414@eik.bme.hu> References: <20200627204831.GC77414@eik.bme.hu> From: David Mehler Date: Sat, 27 Jun 2020 17:06:00 -0400 Message-ID: Subject: Re: FreeBSD 12.1, vnet jail, and internet access To: =?UTF-8?B?SsOBS8OTIEFuZHLDoXM=?= Cc: freebsd-jail Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Rspamd-Queue-Id: 49vRB202crz4T1M X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=pass header.d=gmail.com header.s=20161025 header.b=avxeSqpN; dmarc=pass (policy=none) header.from=gmail.com; spf=pass (mx1.freebsd.org: domain of davemehler@gmail.com designates 2607:f8b0:4864:20::d32 as permitted sender) smtp.mailfrom=davemehler@gmail.com X-Spamd-Result: default: False [-2.66 / 15.00]; RCVD_TLS_ALL(0.00)[]; ARC_NA(0.00)[]; R_DKIM_ALLOW(-0.20)[gmail.com:s=20161025]; NEURAL_HAM_MEDIUM(-1.02)[-1.024]; FROM_HAS_DN(0.00)[]; FREEMAIL_FROM(0.00)[gmail.com]; R_SPF_ALLOW(-0.20)[+ip6:2607:f8b0:4000::/36]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-jail@freebsd.org]; NEURAL_HAM_LONG(-0.95)[-0.951]; NEURAL_SPAM_SHORT(0.32)[0.320]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; DKIM_TRACE(0.00)[gmail.com:+]; RCPT_COUNT_TWO(0.00)[2]; RCVD_IN_DNSWL_NONE(0.00)[2607:f8b0:4864:20::d32:from]; DMARC_POLICY_ALLOW(-0.50)[gmail.com,none]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; FREEMAIL_ENVFROM(0.00)[gmail.com]; RCVD_COUNT_TWO(0.00)[2]; ASN(0.00)[asn:15169, ipnet:2607:f8b0::/32, country:US]; TAGGED_FROM(0.00)[]; DWL_DNSWL_NONE(0.00)[gmail.com:dkim] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2020 21:06:03 -0000 Hello, Thanks for your reply. Can you please clarify? I was under the impression that the two stacks were separate? Should I nat on the bridge or epair? Thanks. Dave. On 6/27/20, J=C3=81K=C3=93 Andr=C3=A1s wrote: > Hello David, > >> I'm trying to get vnet jails going on FreeBSD 12.1-p6. I can start and >> stop it and interfaces come up and go down, on the jail it can ping >> the gateway but pings fail. Am I missing a step? I've got a single >> IPv4 address and am using private IPv4 addresses. > > Do you have NAT set up on the host? > > Andr=C3=A1s > From owner-freebsd-jail@freebsd.org Sat Jun 27 21:37:32 2020 Return-Path: Delivered-To: freebsd-jail@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id ABFDC35D485 for ; Sat, 27 Jun 2020 21:37:32 +0000 (UTC) (envelope-from goya@eik.bme.hu) Received: from zero.eik.bme.hu (zero.eik.bme.hu [152.66.115.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 49vRtN1jGzz4Vny for ; Sat, 27 Jun 2020 21:37:31 +0000 (UTC) (envelope-from goya@eik.bme.hu) Received: from zero.eik.bme.hu (blah.eik.bme.hu [152.66.115.182]) by localhost (Postfix) with SMTP id C7D7074632C; Sat, 27 Jun 2020 23:37:30 +0200 (CEST) Received: by zero.eik.bme.hu (Postfix, from userid 884) id AF45F74594E; Sat, 27 Jun 2020 23:37:30 +0200 (CEST) Date: Sat, 27 Jun 2020 23:37:30 +0200 From: =?utf-8?B?SsOBS8OTIEFuZHLDoXM=?= To: David Mehler Cc: freebsd-jail Subject: Re: FreeBSD 12.1, vnet jail, and internet access Message-ID: <20200627213730.GE77414@eik.bme.hu> References: <20200627204831.GC77414@eik.bme.hu> MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: 8bit In-Reply-To: Organization: Budapest University of Technology and Economics (BME) X-Spam-Checker-Version: Sophos PMX: 6.4.8.2820816, Antispam-Engine: 2.7.2.2107409, Antispam-Data: 2020.6.27.212717, AntiVirus-Engine: 5.74.0, AntiVirus-Data: 2020.6.26.5740003 X-Spam-Flag: NO X-Spam-Probability: 8% X-Spam-Level: X-Spam-Status: No, score=8% required=50% X-Rspamd-Queue-Id: 49vRtN1jGzz4Vny X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of goya@eik.bme.hu designates 152.66.115.2 as permitted sender) smtp.mailfrom=goya@eik.bme.hu X-Spamd-Result: default: False [-0.24 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.87)[-0.868]; RCVD_TLS_ALL(0.00)[]; FROM_HAS_DN(0.00)[]; R_SPF_ALLOW(-0.20)[+mx:c]; MID_RHS_MATCH_FROM(0.00)[]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[bme.hu]; NEURAL_SPAM_SHORT(0.10)[0.100]; HAS_ORG_HEADER(0.00)[]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; RCVD_IN_DNSWL_MED(-0.20)[152.66.115.2:from]; RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_LONG(-0.77)[-0.769]; FREEMAIL_TO(0.00)[gmail.com]; FORGED_SENDER(0.30)[jako.andras@eik.bme.hu,goya@eik.bme.hu]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:2547, ipnet:152.66.0.0/16, country:EU]; FROM_NEQ_ENVFROM(0.00)[jako.andras@eik.bme.hu,goya@eik.bme.hu]; R_MIXED_CHARSET(1.50)[subject]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 27 Jun 2020 21:37:32 -0000 > I was under the impression that the two stacks were separate? They are. But I don't think your ISP knows anything about your private subnet, so they won't send IP packets with your private destination address to you. And most probably they won't accept IP packets with your private source address from you. So you have to translate these private addresses if you want your ISP (and others) to forward them. > Should I nat on the bridge or epair? On the bridge, I guess. András