[Bug 229970] [ipfw] bridge(4) with physical member igb denies trafiic from jail/epair until first pinged
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Mon Jul 23 17:44:36 UTC 2018
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=229970
--- Comment #1 from O. Hartmann <ohartmann at walstatt.org> ---
I checked today on other systems I claimed having the very same configuration
successfully running. That wasn't true. In the other, working case, the
physical NIC, bge1 in one case and igbX in another case, the physical NICs are
not assigned with an IP address, they simply offer the physical access to the
network via switches. The main host carrying the jails itself is then attached
to another physical NIC, which doesn't route locally.
So, in the case I reported here, the jail-carrying host itself has physical NIC
igb0 as its NIC and applied with an IP address, but the jails and their epairs
are member of the same bridge, to which this physical NIC is also member - as
shown. Routing/gatewaying is disabled. All hosts do have a default router.
As reported, pinging from a jail running OPEN ipfw other epair members of the
same bridge, the outside world (i.e. 1.1.1.1) or the router/gateway, works
fine. Pinging from any jail on that bridge to which the physical NIC of the
host is member of doesn't work, UNTIL I ping from the host to which the NIC is
associated any of the jail's on the bridge - it seems ipfw (also running in
WORKSTATION mode on the host) is the opening the flow. From then on all network
traffic is possible and flowing.
I consider this bahviour a bug.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list