pf NAT and VNET Jails
Shawn Webb
shawn.webb at hardenedbsd.org
Mon Nov 2 13:47:47 UTC 2015
On Sunday, 01 November 2015 07:16:34 AM Julian Elischer wrote:
> On 11/1/15 2:50 AM, Shawn Webb wrote:
> > I'm at r290228 on amd64. I'm not sure which revision I was on last when it
> > last worked, but it seems VNET jails aren't working anymore.
> >
> > I've got a bridge, bridge1, with an IP of 192.168.7.1. The VNET jails set
> > their default route to 192.168.7.1. The host simply NATs outbound from
> > 192.168.7.0/24 to the rest of the world. The various epairs get added to
> > bridge1 and assigned to each jail. Pretty simple setup. That worked until
> > today. When I do tcpdump on my public-facing NIC, I see that NAT isn't
> > applied. When I run `ping 8.8.8.8` from the jail, the jail's
> > 192.168.7.0/24
> > address gets sent on the wire.
> >
> > Let me know what I can do to help debug this further.
>
> send the list your setup script/settings?
I'm using iocage to start up the jails. Here's a pasted output of `iocage get
all mutt-hardenedbsd`: http://ix.io/lLG
Thanks,
--
Shawn Webb
HardenedBSD
GPG Key ID: 0x6A84658F52456EEE
GPG Key Fingerprint: 2ABA B6BD EF6A F486 BE89 3D9E 6A84 658F 5245 6EEE
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freebsd.org/pipermail/freebsd-current/attachments/20151102/5f6d22d4/attachment.bin>
More information about the freebsd-current
mailing list