From owner-freebsd-questions@freebsd.org Thu May 31 13:51:27 2018 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id B3480FCA367 for ; Thu, 31 May 2018 13:51:27 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from bede.qeng-ho.org (bede.qeng-ho.org [217.155.128.241]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 57AB78675F for ; Thu, 31 May 2018 13:51:27 +0000 (UTC) (envelope-from freebsd@qeng-ho.org) Received: from arthur.home.qeng-ho.org (arthur.home.qeng-ho.org [172.23.1.2]) by bede.qeng-ho.org (Postfix) with ESMTP id 6356210669; Thu, 31 May 2018 14:40:53 +0100 (BST) Subject: Re: What have I neglected to do in order to get networking in a jail? To: byrnejb@harte-lyne.ca Cc: freebsd-questions@freebsd.org References: <3f375650dfee47082e77cba953961a3f.squirrel@webmail.harte-lyne.ca> From: Arthur Chance Message-ID: Date: Thu, 31 May 2018 14:40:53 +0100 User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:52.0) Gecko/20100101 Thunderbird/52.7.0 MIME-Version: 1.0 In-Reply-To: <3f375650dfee47082e77cba953961a3f.squirrel@webmail.harte-lyne.ca> Content-Type: text/plain; charset=utf-8 Content-Language: en-GB Content-Transfer-Encoding: 7bit X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 31 May 2018 13:51:27 -0000 On 31/05/2018 14:15, James B. Byrne via freebsd-questions wrote: > On Thu, May 31, 2018 04:55, Herbert J. Skuhra wrote: >> On Wed, 30 May 2018 17:24:03 +0200, "James B. Byrne via > >>> root@mx31:~ # ifconfig >>> vtnet0: flags=8943 >>> metric 0 mtu 1500 >>> options=80028 >>> ether 58:9c:fc:0e:cd:bb >>> hwaddr 58:9c:fc:0e:cd:bb >>> inet 218.185.71.31 netmask 0xffffffff broadcast 218.185.71.31 >>> >>> Why does this jail not have a network connection? >> >> After a quick check I guess you are missing NAT on the host (pf or >> ipfw)? > > One does not require NAT when one has a public IP address assigned to > the I/F. The jail network traffic is not getting off the host system > as I have determined from tcpdump. > > I have set jails up before on a similarly configured host and have > gotten them to work, albeit always with some difficulty or other. > > I've just taken another look at your original mail. I think the key might be in this > [root@host:~]# jls > JID IP Address Hostname Path > 1 127.0.31.1 mx31 /usr/jails/mx31 Note address ^^^^^ > > root@mx31:~ # ifconfig > vtnet0: flags=8943 > metric 0 mtu 1500 > options=80028 > ether 58:9c:fc:0e:cd:bb > hwaddr 58:9c:fc:0e:cd:bb > inet 218.185.71.31 netmask 0xffffffff broadcast 218.185.71.31 > inet 192.168.216.31 netmask 0xffffffff broadcast 192.168.216.31 > media: Ethernet 10Gbase-T > status: active > lo0: flags=8049 metric 0 mtu 16384 > options=600003 > groups: lo > lo1: flags=8049 metric 0 mtu 16384 > options=600003 > inet 127.0.31.1 netmask 0xffffffff > groups: lo > lo2: flags=8049 metric 0 mtu 16384 > options=600003 > groups: lo Whatever you think is happening this shows your jail is using a loopback address on a loopback socket. Packets sent from loopback devices or from loopback addresses are simply not going to get off the box. -- An amusing coincidence: log2(58) = 5.858 (to 0.0003% accuracy).