Re: iocage, vnet jail does not go outside
Date: Sat, 24 Jul 2021 11:38:16 UTC
Le vendredi 23 juil. 2021 à 23:06:41 (+0200), infoomatic à écrit: Hello Robert, Thanks for your answer. > iocage autoatically creates a bridge with your physical interface and > the vnet interface. Imho this is wrong behaviour so I quit using iocage, > however, there is a workaround, for more info see [1] I read carfully the issue your pointed and it appears that the vnet_default_interface parameter set to auto, em0 is added to the bridge, set to none, em0 is not added to the bridge. So I stopped my jail, destroy bridge0 interface, set vnet_default_interface to none and restart the jail. As exepected em0 is not in the bridge any more: bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 description: jails-bridge ether 58:9c:fc:10:ed:66 inet 10.0.10.1 netmask 0xffffff00 broadcast 10.0.10.255 id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15 maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200 root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0 member: vnet0.657 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP> ifmaxaddr 0 port 6 priority 128 path cost 2000 groups: bridge nd6 options=9<PERFORMNUD,IFDISABLED> Since from the jail I cannot ping anything, from outside I cannot connect to the jail and from the jail I cannot connect to outside host. In fact, see quickly, the situation is worst. I did not look at the routing tables yet (too many other things to do). As I understood your did not use iocage any more. Did you use the "raw" method (ie /etc/jail.conf)? If yes, I am really interested of "picture" of your configurætion. To be honest, I used to try the "raw" method whithout success before tring iocage. Thanks for your time and advices. -- Jacques Foucry