Jail source address selection broken, patch for ping

Mark Felder feld at feld.me
Tue Apr 10 22:14:37 UTC 2012


On Tue, 10 Apr 2012 04:03:22 -0500, Anders Hagman  
<anders.hagman at netplex.se> wrote:

> I have used vnet jail to get your own IP stack.
> One strange thing is that tcpdump on the host can not see the packets.


Yes, vnet avoids this issue. You shouldn't be able to tcpdump on the host  
to see the packets; those interfaces are now entirely owned by the jail.

Unfortunately we cannot use vnet because it is very experimental still and  
I have been able to cause it to panic many times.


More information about the freebsd-jail mailing list