Skip site navigation (1)Skip section navigation (2) 
Date:      Sun, 2 Aug 2020 13:55:31 -0400
From:      Dan Langille <dan@langille.org>
To:        Ernie Luzar <luzar722@gmail.com>
Cc:        "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org>, "freebsd-jail@freebsd.org" <freebsd-jail@FreeBSD.org>
Subject:   Re: jail(8) bug with vnet & non-vnet jails running at same time?
Message-ID:  <CA09E7B9-6D66-4AF6-B3F0-760B517E3038@langille.org>
In-Reply-To: <5F26FC5B.6030706@gmail.com>
References:  <5F26FC5B.6030706@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
> On Aug 2, 2020, at 1:48 PM, Ernie Luzar <luzar722@gmail.com> wrote:
>=20
> Hello list;
> Please review configuration looking for something I may have missed. =
Hopping someone can suggest something that will change the behavior =
eliminating the problem.
>=20
>=20
> Equipment. Real hardware, 12.1 release, amd64 dual cpu.
>=20
> Description;
> non-vnet jails and vnet jails using the bridge/epair method can ping =
the public internet when only non-vnet jails are started at a time or =
when only vnet jails are started at a time. But when both non-vnet jails =
and vnet jails are started together then neither one can ping the public =
internet. The order of the jails definitions in the jail.conf file has =
no effect on changing what is happening.
>=20
> Bug description:
> When non-vnet jails are started their ip addresses are added to the =
NIC facing the public AFTER the public ip address and the non-vnet jail =
has access to the public internet. But when both non-vnet jails and vnet =
jails are started at the same time then the non-vnet jails ip addresses =
gets added before the public ip address of the NIC facing the public =
internet causing the host to lose all access to the public internet. =
This seems to be a jail(8) bug.
>=20
> It makes no difference which command method is used to start and stop =
the jails.
> Service jail onestart jailname   or  jail =E2=80=93cv jailname

This may be related to my twitter rant about vnet problems in my own =
jails:

  https://twitter.com/DLangille/status/1289944047763693569

The symptoms you describe to similar to my own.  I cannot access ports =
on jails on the same host, but I can access ports on other hosts.

--=20
Dan Langille - BSDCan / PGCon
dan@langille.org

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA09E7B9-6D66-4AF6-B3F0-760B517E3038>