From owner-freebsd-net@freebsd.org Wed Jul 3 08:19:38 2019 Return-Path: Delivered-To: freebsd-net@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2730415CBA40 for ; Wed, 3 Jul 2019 08:19:38 +0000 (UTC) (envelope-from eugen@grosbein.net) Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13::5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "eg.sd.rdtc.ru", Issuer "eg.sd.rdtc.ru" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 409258F343 for ; Wed, 3 Jul 2019 08:19:35 +0000 (UTC) (envelope-from eugen@grosbein.net) X-Envelope-From: eugen@grosbein.net X-Envelope-To: freebsd-net@freebsd.org Received: from [10.58.0.4] ([10.58.0.4]) by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id x638JPZO067742 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT); Wed, 3 Jul 2019 15:19:25 +0700 (+07) (envelope-from eugen@grosbein.net) Subject: Re: Network issues while jails are starting To: wishmaster References: <1562134249.868399000.r0je57so@frv50.fwdcdn.com> <2deee082-1dca-b93f-39f7-33d4c4f5b09d@grosbein.net> <1562138561.380322000.k6ndni22@frv50.fwdcdn.com> <00f0cbdf-b68f-bb6e-c9d9-1abf735cdf19@grosbein.net> <1562140717.195877000.tur1x9sh@frv50.fwdcdn.com> Cc: freebsd-net@freebsd.org From: Eugene Grosbein Message-ID: <9ee5bcf8-b792-a8a0-f021-60564e54479b@grosbein.net> Date: Wed, 3 Jul 2019 15:19:18 +0700 User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0 MIME-Version: 1.0 In-Reply-To: <1562140717.195877000.tur1x9sh@frv50.fwdcdn.com> Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Rspamd-Queue-Id: 409258F343 X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism not recognized by this client) smtp.mailfrom=eugen@grosbein.net X-Spamd-Result: default: False [-0.51 / 15.00]; ARC_NA(0.00)[]; NEURAL_HAM_MEDIUM(-0.42)[-0.424,0]; MX_INVALID(0.50)[cached]; FROM_HAS_DN(0.00)[]; TO_DN_SOME(0.00)[]; NEURAL_SPAM_SHORT(0.26)[0.261,0]; NEURAL_HAM_LONG(-0.79)[-0.790,0]; MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net]; TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[]; RCPT_COUNT_TWO(0.00)[2]; IP_SCORE(0.05)[asn: 29072(0.22), country: RU(0.01)]; FREEMAIL_TO(0.00)[ukr.net]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:29072, ipnet:2a03:3100::/32, country:RU]; MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[]; RCVD_COUNT_TWO(0.00)[2] X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 03 Jul 2019 08:19:38 -0000 03.07.2019 15:05, wishmaster wrote: >>> jail_enable="YES" >>> jail_parallel_start="NO" >>> jail_list="basejail jdb jphp jwww jmail jdns" >>> jail_reverse_stop="YES" >>> Any advices? >> >> Does your LAN use NAT service of the router and/or its DNS resolver? You have not provided an answer. >> I check Internet connection w/o DNS services. While traffic does not flow to WAN you should run two instances of tcpdump for internal and external interfaces same time, start ping from inside host to some outside IP and check what tcpdump shows you: does it show incoming packets and does it show them forwarded via external interface? If NAT is involved, is source IP address translated right?