Problems with network on host with jail.
wishmaster
artemrts at ukr.net
Sat Apr 6 20:54:52 UTC 2013
Hi.
Since I setuped Jail for www stuff in server there are network problems. Router has 3 NIC's in bridge with aliases.
cloned_interfaces="bridge0"
ifconfig_bridge0="addm rl1 addm rl2 addm rl3 up"
ifconfig_rl1="up -wol"
ifconfig_rl2="up -wol"
ifconfig_rl3="up -wol"
ifconfig_bridge0_alias0="inet 10.11.1.1 netmask 255.255.255.0"
ifconfig_bridge0_alias1="inet 10.12.1.1 netmask 255.255.255.0"
ifconfig_bridge0_alias2="inet 10.13.1.1 netmask 255.255.255.0"
ifconfig_bridge0_alias3="inet 10.14.1.1 netmask 255.255.255.192"
ifconfig_bridge0_alias4="inet 10.15.1.1 netmask 255.255.255.0"
Also I use PF for filtering traffic. There are a lot of rules. In two words: it is unable to reach any host in LAN and also any IP addresses on router, allowed access to Internet only. In other words Jail in original DMZ zone with IP 10.15.1.1.
In random time (about one incident per-(2|3)days) the strange situations is occur: I am unable to ping/ftp/http from jail or from LAN any host in Internet. From/to router - it's ok. Restarting PF and jail seems to have no effect, only router's reboot.
>From pftop I see traffic, coming from jail or LAN but in the other way - no.
Anybody can give me some help in debugging this situation and figure out the problem?
OS: FreeBSD 9.1-STABLE #0: Fri Feb 22 20:51:16 EET 2013 i386
Cheers,
Vitaliy
More information about the freebsd-net
mailing list