> On 02 Nov 2015, at 14:47, Shawn Webb <shawn.webb_at_hardenedbsd.org> wrote: > > On Sunday, 01 November 2015 07:16:34 AM Julian Elischer wrote: >> On 11/1/15 2:50 AM, Shawn Webb wrote: >>> I'm at r290228 on amd64. I'm not sure which revision I was on last when it >>> last worked, but it seems VNET jails aren't working anymore. >>> >>> I've got a bridge, bridge1, with an IP of 192.168.7.1. The VNET jails set >>> their default route to 192.168.7.1. The host simply NATs outbound from >>> 192.168.7.0/24 to the rest of the world. The various epairs get added to >>> bridge1 and assigned to each jail. Pretty simple setup. That worked until >>> today. When I do tcpdump on my public-facing NIC, I see that NAT isn't >>> applied. When I run `ping 8.8.8.8` from the jail, the jail's >>> 192.168.7.0/24 >>> address gets sent on the wire. >>> >>> Let me know what I can do to help debug this further. >> >> send the list your setup script/settings? > > I'm using iocage to start up the jails. Here's a pasted output of `iocage get > all mutt-hardenedbsd`: http://ix.io/lLG Can you add your pf.conf too? I’ll try upgrading my machine to something beyond 290228 to see if I can reproduce it. It’s on r289635 now, and seems to be fine. My VNET jails certainly get their traffic NATed. Thanks, KristofReceived on Mon Nov 02 2015 - 12:59:10 UTC
This archive was generated by hypermail 2.4.0 : Wed May 19 2021 - 11:41:00 UTC