Problems with network on host with jail.
Carsten Sonne Larsen
cs at innolan.dk
Sun Apr 7 09:15:23 UTC 2013
Hi Vitaliy,
One way could be to install arping from /ports/net/arping
and see if you can reach the NIC on the border router
from the LAN zone.
Cheers,
--
On 04/06/2013 22:34, wishmaster wrote:
> Hi.
> Since I setuped Jail for www stuff in server there are network problems. Router has 3 NIC's in bridge with aliases.
>
> cloned_interfaces="bridge0"
> ifconfig_bridge0="addm rl1 addm rl2 addm rl3 up"
> ifconfig_rl1="up -wol"
> ifconfig_rl2="up -wol"
> ifconfig_rl3="up -wol"
> ifconfig_bridge0_alias0="inet 10.11.1.1 netmask 255.255.255.0"
> ifconfig_bridge0_alias1="inet 10.12.1.1 netmask 255.255.255.0"
> ifconfig_bridge0_alias2="inet 10.13.1.1 netmask 255.255.255.0"
> ifconfig_bridge0_alias3="inet 10.14.1.1 netmask 255.255.255.192"
> ifconfig_bridge0_alias4="inet 10.15.1.1 netmask 255.255.255.0"
>
> Also I use PF for filtering traffic. There are a lot of rules. In two words: it is unable to reach any host in LAN and also any IP addresses on router, allowed access to Internet only. In other words Jail in original DMZ zone with IP 10.15.1.1.
>
> In random time (about one incident per-(2|3)days) the strange situations is occur: I am unable to ping/ftp/http from jail or from LAN any host in Internet. From/to router - it's ok. Restarting PF and jail seems to have no effect, only router's reboot.
>
> From pftop I see traffic, coming from jail or LAN but in the other way - no.
>
> Anybody can give me some help in debugging this situation and figure out the problem?
>
> OS: FreeBSD 9.1-STABLE #0: Fri Feb 22 20:51:16 EET 2013 i386
>
> Cheers,
> Vitaliy
> _______________________________________________
> freebsd-jail at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-jail
> To unsubscribe, send any mail to "freebsd-jail-unsubscribe at freebsd.org"
More information about the freebsd-net
mailing list