Re: epair and vnet jail loose connection.

Reply: Michael Gmelin : "Re: epair and vnet jail loose connection."
Reply: Johan Hendriks : "Re: epair and vnet jail loose connection."
In reply to: Johan Hendriks : "Re: epair and vnet jail loose connection."
Go to: [ bottom of page ] [ top of archives ] [ this month ]

From: Patrick M. Hausen <hausen_at_punkt.de>
Date: Sun, 13 Mar 2022 13:06:02 UTC

Hi all,

i was a bit puzzled by Michael using bhyve trying to reproduce.
Up until now I thought bhyve uses tap and not epair?

Anyway ...

> Am 13.03.2022 um 14:01 schrieb Johan Hendriks <joh.hendriks@gmail.com>:
> I have no idea why it does not work on my setup, which is nothing out of the ordinary i think, basic full jails connected to a bridge interface and one of them exposed to the world wide web using pf binat.

What we do is full exposed VNET jails connected to the bridge
on the external interface of the host. ipfw kernel module loaded
but not used in this case, i.e. only the "default to accept" rule active
in the jails.

I will probably downgrade the production host from 13.1-PRERELEASE
to 13.0-pX tomorrow and see if that changes anything.

Kind regards,
Patrick
-- 
punkt.de GmbH
Patrick M. Hausen
.infrastructure

Kaiserallee 13a
76133 Karlsruhe

Tel. +49 721 9109500

https://infrastructure.punkt.de
info@punkt.de

AG Mannheim 108285
Geschäftsführer: Jürgen Egeling, Daniel Lienert, Fabian Stein