From owner-freebsd-net@freebsd.org Wed Oct 21 10:13:50 2020 Return-Path: Delivered-To: freebsd-net@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id DB30C44860F for ; Wed, 21 Oct 2020 10:13:50 +0000 (UTC) (envelope-from ml@netfence.it) Received: from soth.netfence.it (net-2-44-121-52.cust.vodafonedsl.it [2.44.121.52]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "mailserver.netfence.it", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4CGRCx1CWHz47M5 for ; Wed, 21 Oct 2020 10:13:48 +0000 (UTC) (envelope-from ml@netfence.it) Received: from alamar.ventu (alamar.local.netfence.it [10.1.2.18]) (authenticated bits=0) by soth.netfence.it (8.16.1/8.15.2) with ESMTPSA id 09LADeYl010101 (version=TLSv1.3 cipher=TLS_AES_128_GCM_SHA256 bits=128 verify=NO) for ; Wed, 21 Oct 2020 12:13:40 +0200 (CEST) (envelope-from ml@netfence.it) X-Authentication-Warning: soth.netfence.it: Host alamar.local.netfence.it [10.1.2.18] claimed to be alamar.ventu From: Andrea Venturoli Subject: Help with VNET To: freebsd-net@freebsd.org Message-ID: Date: Wed, 21 Oct 2020 12:13:38 +0200 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:78.0) Gecko/20100101 Thunderbird/78.3.2 MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8; format=flowed Content-Language: en-US Content-Transfer-Encoding: 7bit X-Rspamd-Queue-Id: 4CGRCx1CWHz47M5 X-Spamd-Bar: -- Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=pass (policy=none) header.from=netfence.it; spf=pass (mx1.freebsd.org: domain of ml@netfence.it designates 2.44.121.52 as permitted sender) smtp.mailfrom=ml@netfence.it X-Spamd-Result: default: False [-2.88 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; R_SPF_ALLOW(-0.20)[+ip4:2.44.121.52]; MIME_GOOD(-0.10)[text/plain]; PREVIOUSLY_DELIVERED(0.00)[freebsd-net@freebsd.org]; HAS_XAW(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM_LONG(-0.93)[-0.929]; TO_DN_NONE(0.00)[]; NEURAL_HAM_SHORT(-0.15)[-0.146]; DMARC_POLICY_ALLOW(-0.50)[netfence.it,none]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-1.01)[-1.005]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:30722, ipnet:2.44.0.0/16, country:IT]; RCVD_COUNT_TWO(0.00)[2]; MAILMAN_DEST(0.00)[freebsd-net] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.33 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 21 Oct 2020 10:13:50 -0000 Hello. I've been using jails for years with ezjail. Now I'm trying to experiment with VNET. I've looked for a tutorial, but found scarce (and possibly outdated) info. Box is a 12.1/amd64. Basic configuration involves wlan0 configured via DHCP (192.168.133.26). Host networking works. For a start, let's get IPFW out of the way: #ipfw add 1 pass ip from any to any Then I setup the host: # ifconfig epair create (Now I see epair0a and epair0b) # ifconfig bridge create up # ifconfig bridge0 addm wlan0 addm epair0a Now I start the jail and I don't see epair0b anymore on the host. In the jail I issue: #ipfw add 1 pass ip from any to any #ifconfig epair0b 192.168.133.27 Now: _ pinging the host from the jail works; _ pinging the jail from the host works; _ pinging another host from the base system works; _ pinging another host from the jail does NOT work. tcpdump on wlan0 shows ARP packets from the jail (who tries to get the MAC address of the external host), but these do not reach the network (a tcpdump on the external host doesn't show them). IPFW logging shows that it's not blocking anything. Any hint? bye & Thanks av.