From owner-freebsd-questions@freebsd.org  Thu May 31 14:40:12 2018
Return-Path: <owner-freebsd-questions@freebsd.org>
Delivered-To: freebsd-questions@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 34CC5FD4584
 for <freebsd-questions@mailman.ysv.freebsd.org>;
 Thu, 31 May 2018 14:40:12 +0000 (UTC)
 (envelope-from herbert@gojira.at)
Received: from mail.bsd4all.net (mail.bsd4all.net [IPv6:2a01:4f8:191:217b::25])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "mail.bsd4all.net",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id CB7E6693A8
 for <freebsd-questions@freebsd.org>; Thu, 31 May 2018 14:40:11 +0000 (UTC)
 (envelope-from herbert@gojira.at)
Date: Thu, 31 May 2018 16:32:28 +0200
Message-ID: <876033dhfn.wl-herbert@gojira.at>
From: "Herbert J. Skuhra" <herbert@gojira.at>
To: freebsd-questions@freebsd.org
Subject: Re: What have I neglected to do in order to get networking in a jail?
In-Reply-To: <3f375650dfee47082e77cba953961a3f.squirrel@webmail.harte-lyne.ca>
References: <mailman.92.1527768001.7501.freebsd-questions@freebsd.org>
 <3f375650dfee47082e77cba953961a3f.squirrel@webmail.harte-lyne.ca>
User-Agent: Wanderlust/2.15.9 (Almost Unreal) SEMI-EPG/1.14.7 (Harue)
 FLIM/1.14.9 (=?ISO-8859-4?Q?Goj=F2?=) APEL/10.8 EasyPG/1.0.0 Emacs/27.0
 (x86_64-pc-linux-gnu) MULE/6.0 (HANACHIRUSATO)
MIME-Version: 1.0 (generated by SEMI-EPG 1.14.7 - "Harue")
Content-Type: text/plain; charset=US-ASCII
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.26
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions/>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
 <mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2018 14:40:12 -0000

On Thu, 31 May 2018 15:15:11 +0200, "James B. Byrne via freebsd-questions" wrote:
> 
> On Thu, May 31, 2018 04:55, Herbert J. Skuhra wrote:
> > On Wed, 30 May 2018 17:24:03 +0200, "James B. Byrne via
> 
> >> root@mx31:~ # ifconfig
> >> vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
> >> metric 0 mtu 1500
> >>         options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
> >>         ether 58:9c:fc:0e:cd:bb
> >>         hwaddr 58:9c:fc:0e:cd:bb
> >>         inet 218.185.71.31 netmask 0xffffffff broadcast 218.185.71.31
> >>
> >> Why does this jail not have a network connection?
> >
> > After a quick check I guess you are missing NAT on the host (pf or
> > ipfw)?
> 
> One does not require NAT when one has a public IP address assigned to
> the I/F.   The jail network traffic is not getting off the host system
> as I have determined from tcpdump.
> 
> I have set jails up before on a similarly configured host and have
> gotten them to work, albeit always with some difficulty or other.

OK, you are obviously smarter than me (or a magician). I'll continue
using NAT in such a setup. Adding the follwing to /etc/pf.conf works for me:

nat on $ext_if inet from 127.0.32.1/32 to any -> $ext_ip

--
Herbert