Date: Sat, 27 Jun 2020 13:09:34 -0400 From: David Mehler <dave.mehler@gmail.com> To: freebsd-jail <freebsd-jail@freebsd.org> Subject: FreeBSD 12.1, vnet jail, and internet access Message-ID: <CAPORhP7mU=4gMYWhkLPK-Sdyxcuhry4YTM%2B-vXOs27qeAc2a2Q@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hello,
I'm trying to get vnet jails going on FreeBSD 12.1-p6. I can start and
stop it and interfaces come up and go down, on the jail it can ping
the gateway but pings fail. Am I missing a step? I've got a single
IPv4 address and am using private IPv4 addresses. As of now I have not
set an IPv6 address to this jail. The routing tables all look good.
Here's my configuration:
On the host:
#ifconfig bridge0
ifconfig: interface bridge0 does not exist
#ifconfig epair0a
ifconfig: interface epair0a does not exist
#ifconfig epair0b
ifconfig: interface epair0b does not exist
#cat rc.conf
hostname="xxxxxxxxxxxxxx"
ifconfig_vtnet0="DHCP"
ifconfig_vtnet0_ipv6="inet6 accept_rtadv"
jail_enable="YES"
#ifconfig vtnet0
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
ether f2:3c:92:bc:54:37
inet6 fe80::f03c:92ff:febc:5437%vtnet0 prefixlen 64 scopeid 0x1
inet6 xxx prefixlen 64 autoconf
inet xxx.xxx.xxx.xxx netmask 0xffffff00 broadcast xxx.xxx.xxx.xxx
media: Ethernet 10Gbase-T <full-duplex>
status: active
nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
#cat jail.conf
loghost {
host.hostname = "loghost";
path = "/jail/loghost";
mount.devfs;
devfs_ruleset = "4";
exec.consolelog = "/var/log/console.loghost";
vnet = "new";
exec.clean;
vnet.interface = "epair0b";
exec.prestart = "ifconfig epair0 create up";
exec.prestart += "ifconfig bridge0 create up";
exec.prestart += "ifconfig bridge0 inet 192.168.122.1/24 addm vtnet0";
exec.prestart += "ifconfig bridge0 addm epair0a";
exec.start = "/bin/sh /etc/rc";
exec.start += "ifconfig epair0b inet 192.168.122.50 netmask
255.255.255.0";
exec.start += "route add default 192.168.122.1";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.poststop = "ifconfig epair0a destroy";
exec.poststop += "ifconfig bridge0 deletem epair0a";
exec.poststop += "ifconfig bridge0 destroy";
}
#service jail start
Starting jails: loghost.
#jls
JID IP Address Hostname Path
3 loghost /jail/loghost
#ifconfig bridge0
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:bf:cf:92:2c:00
inet 192.168.122.1 netmask 0xffffff00 broadcast 192.168.122.255
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 3 priority 128 path cost 2000
member: vtnet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 2000
groups: bridge
nd6 options=1<PERFORMNUD>
#ifconfig epair0a
epair0a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:c0:11:e6:99:0a
inet6 fe80::c0:11ff:fee6:990a%epair0a prefixlen 64 tentative scopeid 0x3
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
#ifconfig epair0b
ifconfig: interface epair0b does not exist
#netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default xxx.xxx.xxx.xxx UGS vtnet0
xxx.xxx.xxx.xxx/24 link#1 U vtnet0
xxx.xxx.xxx.xxx link#1 UHS lo0
127.0.0.1 link#2 UH lo0
192.168.122.0/24 link#5 U bridge0
192.168.122.1 link#5 UHS lo0
In the jail:
#jexec loghost /bin/tcsh
#ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:c0:11:e6:99:0b
inet 192.168.122.50 netmask 0xffffff00 broadcast 192.168.122.255
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
#cat /etc/rc.conf
hostname="loghost"
#ping -c 1 192.168.122.1
PING 192.168.122.1 (192.168.122.1): 56 data bytes
64 bytes from 192.168.122.1: icmp_seq=0 ttl=64 time=0.111 ms
--- 192.168.122.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.111/0.111/0.111/0.000 ms
#ping -c 1 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
--- 1.1.1.1 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
#netstat -rn
Routing tables
Internet:
Destination Gateway Flags Netif Expire
default 192.168.122.1 UGS epair0b
127.0.0.1 link#1 UH lo0
192.168.122.0/24 link#2 U epair0b
192.168.122.50 link#2 UHS lo0
Am I missing a step with vnet? I was under the impression that vnet
jails have there own TCPIP stack separate from the host's stack.
Thanks.
Dave.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAPORhP7mU=4gMYWhkLPK-Sdyxcuhry4YTM%2B-vXOs27qeAc2a2Q>