Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 02 Nov 2015 08:47:37 -0500
From:      Shawn Webb <shawn.webb@hardenedbsd.org>
To:        freebsd-current@freebsd.org
Subject:   Re: pf NAT and VNET Jails
Message-ID:  <6607014.lfu2kQizLV@hbsd-dev-laptop>
In-Reply-To: <56354BD2.5060608@freebsd.org>
References:  <CAExMvs=jVsASLyiqU9nTpir0Hy_s_DfChgf4XKeGWv-8yojNBw@mail.gmail.com> <56354BD2.5060608@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 

--nextPart1600692.zBKYFc2zeL
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="us-ascii"

On Sunday, 01 November 2015 07:16:34 AM Julian Elischer wrote:
> On 11/1/15 2:50 AM, Shawn Webb wrote:
> > I'm at r290228 on amd64. I'm not sure which revision I was on last =
when it
> > last worked, but it seems VNET jails aren't working anymore.
> >=20
> > I've got a bridge, bridge1, with an IP of 192.168.7.1. The VNET jai=
ls set
> > their default route to 192.168.7.1. The host simply NATs outbound f=
rom
> > 192.168.7.0/24 to the rest of the world. The various epairs get add=
ed to
> > bridge1 and assigned to each jail. Pretty simple setup. That worked=
 until
> > today. When I do tcpdump on my public-facing NIC, I see that NAT is=
n't
> > applied. When I run `ping 8.8.8.8` from the jail, the jail's
> > 192.168.7.0/24
> > address gets sent on the wire.
> >=20
> > Let me know what I can do to help debug this further.
>=20
> send the list your setup script/settings?

I'm using iocage to start up the jails. Here's a pasted output of `ioca=
ge get=20
all mutt-hardenedbsd`: http://ix.io/lLG

Thanks,

=2D-=20
Shawn Webb
HardenedBSD

GPG Key ID:                0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89  3D9E 6A84 658F 5245 6EEE
--nextPart1600692.zBKYFc2zeL
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: This is a digitally signed message part.
Content-Transfer-Encoding: 7Bit

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAABCAAGBQJWN2l5AAoJEGqEZY9SRW7u5NEP/Au+68ewv/9C4Nto9H/WBW5z
5xehbs28IBWAKpGJCbnrB7KebEKyZ3YHzwQIHS8oCJLhZkDMhQY6BoC1orSfTeHP
bAAEPCY92k0TIdD9l5ceDXjYKSyHewo3AgaLGZlF4tQaIkbi4gwqNOkIJe+9Ffnk
0G2JCKvaKn7rwFAGVwkwjKmbIVuke1dE8+fuqhLDak06kpjDAx1ZxjmoHMbIZ2yF
OVn2RFeF5Sku60H6pcKYuGDQjMqjw670M+3mLLnSVKXYD5GLB3xmNHWu3eb86c5P
fxn/oAoZC+RST63tM3RMb/KODgQwmShsLFrARORRe0lLA0ytwz9XHb1TYXSiqk2L
lnVJCC5xgpD1S4O+V2ZYhznJnIzmbAIXgoBqsfEgNWRE6XoqmbLXqFbxafvfBDjo
qqQcbMoM7ZFCPGXssNdpQbqXmB4QorjbX9Qzr1prelp5rMoWZqTo49JAx688t2QX
1VmGcN8BoT73wbGLaY/zqSSVnG3oB58Ezgt18sbjDqAcUJnD684bhnf9cBgQ4hFK
4QMKw+qIZ1NZSUeHOXDQvi69YttEMdmGmT2K0/xYg3PpeQqE/zBYQiYKwc/jtrFi
lL5VeNAD5OmZJy387Hw2eZkIdWjbvxFo1bIoUIkm/1NUxLzSzqL3o7hAupZ1lOtA
G/JzjedvLJLnU12Rnt2l
=kgcy
-----END PGP SIGNATURE-----

--nextPart1600692.zBKYFc2zeL--

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6607014.lfu2kQizLV>