[Bug 234021] 12.0 gateway host with vnet jail running pf firewall & NAT has no internet access
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Sat Dec 15 01:53:18 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=234021
--- Comment #2 from Joe Barbish <qjail1 at a1poweruser.com> ---
(In reply to Kristof Provost from comment #1)
I am having a real hard time trying to understand your comments. Its my
understanding that because vnet jails have their own ip stack that's outside of
the hosts ip stack, that they act like individual computers. This is the only
difference between non-vnet jails and vnet jails. For network connectivity vnet
jails use the bridge/epair or netgraph methods. Non-vnet jails uses the host
network stack. This fact is well know by people who have read any of the vnet
jail documentation. The whole reason for changing ipfw and pf firewalls was
because vnet jails on gateway hosts need a vnet aware firewall to filter and
NAT their traffic.
Based on this information, I can not get a so configured vnet jail running on a
gateway host to access the public internet. To verify this problems exist is
the purpose of this bug report.
See /usr/share/examples/jails for details and who wrote the content of the
files.
>From your comments you seem to be implying this is untrue.
Please point me to vnet jail documentation that supports your position. I'm
always ready to learn new things about vnet jails. A example of a working vnet
jail setup environment would enable me to replicate it here.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list