IP address assignments to jails using ezjail
Alexander Leidinger
Alexander at leidinger.net
Sat Dec 24 08:26:15 UTC 2016
Quoting "James B. Byrne via freebsd-jail" <freebsd-jail at freebsd.org>
(from Fri, 23 Dec 2016 09:33:17 -0500):
> I am experimenting with jails on a bhyve vm guest running FBSD-11.0
> using ezjail. I am having a problem with network connections to the
> outside from within the jail. I have sshd configured and I can reach
> the jail from the outside:
>
> $ ssh -vv 192.168.216.196
> OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug1: Applying options for *
> debug2: ssh_connect: needpriv 0
> debug1: Connecting to 192.168.216.196 [192.168.216.196] port 22.
> debug1: Connection established.
>
> But inside the jail I cannot connect out:
>
> ssh -vv 192.168.216.22
> OpenSSH_7.2p2, OpenSSL 1.0.2j-freebsd 26 Sep 2016
> debug1: Reading configuration data /etc/ssh/ssh_config
> debug2: resolving "192.168.216.22" port 22
> debug2: ssh_connect_direct: needpriv 0
> debug1: Connecting to 192.168.216.22 [192.168.216.22] port 22.
> debug1: connect to address 192.168.216.22 port 22: Operation timed out
> ssh: connect to host 192.168.216.22 port 22: Operation timed out
Where is this IP located. Not on the same FreeBSD host it seems (the
IP is not in ifconfig output below). Do a packet trace on the network
interface of the host, what do you see in terms of packets related to
this (ARP + IP)?
> On the host system I see this:
>
> # ifconfig
> vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
> metric 0 mtu 1500
> options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
> ether 00:a0:98:fa:aa:b6
> inet 216.185.71.16 netmask 0xffffff00 broadcast 216.185.71.255
> inet 192.168.216.16 netmask 0xffffff00 broadcast 192.168.216.255
A /24 network config... If this is the IP of a jail I suggest to give
it a /32 netmask.
IF this is a jail, then this may be the cause of what you see.
> inet 192.168.216.196 netmask 0xffffffff broadcast 192.168.216.196
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> media: Ethernet 10Gbase-T <full-duplex>
> status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> inet6 ::1 prefixlen 128
> inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
> inet 127.0.0.1 netmask 0xff000000
> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
> groups: lo
> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> inet 127.0.1.1 netmask 0xffffffff
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> groups: lo
> pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
> groups: pflog
>
> Inside the jail I see this:
>
> root at hlldrupal:~ # ifconfig
> vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
> metric 0 mtu 1500
> options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
> ether 00:a0:98:fa:aa:b6
> inet 192.168.216.196 netmask 0xffffffff broadcast 192.168.216.196
> media: Ethernet 10Gbase-T <full-duplex>
> status: active
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> groups: lo
> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> inet 127.0.1.1 netmask 0xffffffff
> groups: lo
> pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
> groups: pflog
>
>
> Any ideas as to what I may have failed to do?
Can you please provide the output of "jls -v"? for all involved jails?
Bye,
Alexander.
--
http://www.Leidinger.net Alexander at Leidinger.net: PGP 0x8F31830F9F2772BF
http://www.FreeBSD.org netchild at FreeBSD.org : PGP 0x8F31830F9F2772BF
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 801 bytes
Desc: Digitale PGP-Signatur
URL: <http://lists.freebsd.org/pipermail/freebsd-jail/attachments/20161224/42d54eaf/attachment.sig>
More information about the freebsd-jail
mailing list