FreeBSD 12.1, vnet jail, and internet access

David Mehler dave.mehler at gmail.com
Sat Jun 27 17:09:37 UTC 2020 

Hello,

I'm trying to get vnet jails going on FreeBSD 12.1-p6. I can start and
stop it and interfaces come up and go down, on the jail it can ping
the gateway but pings fail. Am I missing a step? I've got a single
IPv4 address and am using private IPv4 addresses. As of now I have not
set an IPv6 address to this jail. The routing tables all look good.
Here's my configuration:

On the host:
#ifconfig bridge0
ifconfig: interface bridge0 does not exist

#ifconfig epair0a
ifconfig: interface epair0a does not exist

#ifconfig epair0b
ifconfig: interface epair0b does not exist

#cat rc.conf
hostname="xxxxxxxxxxxxxx"
ifconfig_vtnet0="DHCP"
ifconfig_vtnet0_ipv6="inet6 accept_rtadv"
jail_enable="YES"

#ifconfig vtnet0
vtnet0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=6c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        ether f2:3c:92:bc:54:37
        inet6 fe80::f03c:92ff:febc:5437%vtnet0 prefixlen 64 scopeid 0x1
        inet6 xxx prefixlen 64 autoconf
        inet xxx.xxx.xxx.xxx netmask 0xffffff00 broadcast xxx.xxx.xxx.xxx
        media: Ethernet 10Gbase-T <full-duplex>
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>

#cat jail.conf
loghost {
host.hostname     = "loghost";
path              = "/jail/loghost";
mount.devfs;
devfs_ruleset     = "4";
exec.consolelog   = "/var/log/console.loghost";
vnet              = "new";
exec.clean;
vnet.interface    = "epair0b";
exec.prestart     = "ifconfig epair0  create up";
exec.prestart    += "ifconfig bridge0 create up";
exec.prestart    += "ifconfig bridge0 inet 192.168.122.1/24 addm vtnet0";
exec.prestart    += "ifconfig bridge0 addm epair0a";
exec.start        = "/bin/sh /etc/rc";
exec.start       += "ifconfig epair0b inet 192.168.122.50 netmask
255.255.255.0";
exec.start       += "route add default 192.168.122.1";
exec.stop         = "/bin/sh /etc/rc.shutdown";
exec.poststop     = "ifconfig epair0a destroy";
exec.poststop    += "ifconfig bridge0 deletem epair0a";
exec.poststop    += "ifconfig bridge0 destroy";
}

#service jail start
Starting jails: loghost.

#jls
   JID  IP Address      Hostname                      Path
     3                  loghost                       /jail/loghost

#ifconfig bridge0
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 02:bf:cf:92:2c:00
        inet 192.168.122.1 netmask 0xffffff00 broadcast 192.168.122.255
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 3 priority 128 path cost 2000
        member: vtnet0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 1 priority 128 path cost 2000
        groups: bridge
        nd6 options=1<PERFORMNUD>

#ifconfig epair0a
epair0a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:c0:11:e6:99:0a
        inet6 fe80::c0:11ff:fee6:990a%epair0a prefixlen 64 tentative scopeid 0x3
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

#ifconfig epair0b
ifconfig: interface epair0b does not exist

#netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            xxx.xxx.xxx.xxx       UGS      vtnet0
xxx.xxx.xxx.xxx/24     link#1             U        vtnet0
xxx.xxx.xxx.xxx      link#1             UHS         lo0
127.0.0.1          link#2             UH          lo0
192.168.122.0/24   link#5             U       bridge0
192.168.122.1      link#5             UHS         lo0

In the jail:
#jexec loghost /bin/tcsh
#ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=8<VLAN_MTU>
        ether 02:c0:11:e6:99:0b
        inet 192.168.122.50 netmask 0xffffff00 broadcast 192.168.122.255
        groups: epair
        media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>

#cat /etc/rc.conf
hostname="loghost"

#ping -c 1 192.168.122.1
PING 192.168.122.1 (192.168.122.1): 56 data bytes
64 bytes from 192.168.122.1: icmp_seq=0 ttl=64 time=0.111 ms

--- 192.168.122.1 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.111/0.111/0.111/0.000 ms

#ping -c 1 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes

--- 1.1.1.1 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss

#netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            192.168.122.1      UGS     epair0b
127.0.0.1          link#1             UH          lo0
192.168.122.0/24   link#2             U       epair0b
192.168.122.50     link#2             UHS         lo0

Am I missing a step with vnet? I was under the impression that vnet
jails have there own TCPIP stack separate from the host's stack.

Thanks.
Dave.

More information about the freebsd-jail mailing list