Jail network connectivity issues

[Moritz Wilhelmy]

Hello,

I have a jail with a public IP address assigned to it on 10.0/amd64,
however both inbound and outbound connections randomly fail.

I'm using ipfilter as a packet filter but the issue persists when I
reboot without ipfilter enabled. Usually inbound connections work a
couple of times (around 4) and the 5th-ish attempt at establishing a TCP
connection fails with a connection timeout. From that point on it's
hit-and-miss. Nothing else on the system is listening on the port.

The timeouting connection does not show up in the host system, neither
in tcpdump or -- if enabled -- ipmon, the ipfilter monitoring utility.

When trying to telnet out of the box, the connection hangs before
"Trying <address>...", except sometimes when it works. Even then, the
connection is established excruciatingly slow, while outside the jail,
connections are established instantaneously.

On the host system, specifying the jail's IP as telnet's source IP via
-s works, so I doubt it's my ISP's fault.

To make sure the configuration in the jail tree isn't what's causing the
issues I created another jail with "/" as root directory and the jail's
IP assigned and /bin/sh as command. Same issue. This leads me to believe
that the jail subsystem is responsible somehow.

Any ideas what I might be missing?


Best,

Moritz

-- 
Die Beamten können nicht den ganzen Tag mit dem Grundgesetz unter dem Arm
herumlaufen.                                       -Hermann Höcherl, 1963