From owner-freebsd-net@FreeBSD.ORG Sun Apr 7 09:15:23 2013 Return-Path: Delivered-To: freebsd-net@freebsd.org Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115]) by hub.freebsd.org (Postfix) with ESMTP id 694E228A; Sun, 7 Apr 2013 09:15:23 +0000 (UTC) (envelope-from cs@innolan.dk) Received: from serv.innomanslan.tf (0126800067.1.fullrate.dk [95.166.204.165]) by mx1.freebsd.org (Postfix) with ESMTP id DE3DA1F3F; Sun, 7 Apr 2013 09:15:22 +0000 (UTC) Received: from [192.168.44.228] (192.168.44.228) by serv.innomanslan.tf (Axigen) with ESMTP id 2F4E25; Sun, 7 Apr 2013 11:15:14 +0200 Message-ID: <51613922.6090408@innolan.dk> Date: Sun, 07 Apr 2013 11:15:14 +0200 From: Carsten Sonne Larsen User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:17.0) Gecko/20130324 Thunderbird/17.0.4 MIME-Version: 1.0 To: freebsd-jail@freebsd.org Subject: Re: Problems with network on host with jail. References: <65534.1365280473.6122751498602086400@ffe16.ukr.net> In-Reply-To: <65534.1365280473.6122751498602086400@ffe16.ukr.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-net@freebsd.org X-BeenThere: freebsd-net@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Networking and TCP/IP with FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 07 Apr 2013 09:15:23 -0000 Hi Vitaliy, One way could be to install arping from /ports/net/arping and see if you can reach the NIC on the border router from the LAN zone. Cheers, -- On 04/06/2013 22:34, wishmaster wrote: > Hi. > Since I setuped Jail for www stuff in server there are network problems. Router has 3 NIC's in bridge with aliases. > > cloned_interfaces="bridge0" > ifconfig_bridge0="addm rl1 addm rl2 addm rl3 up" > ifconfig_rl1="up -wol" > ifconfig_rl2="up -wol" > ifconfig_rl3="up -wol" > ifconfig_bridge0_alias0="inet 10.11.1.1 netmask 255.255.255.0" > ifconfig_bridge0_alias1="inet 10.12.1.1 netmask 255.255.255.0" > ifconfig_bridge0_alias2="inet 10.13.1.1 netmask 255.255.255.0" > ifconfig_bridge0_alias3="inet 10.14.1.1 netmask 255.255.255.192" > ifconfig_bridge0_alias4="inet 10.15.1.1 netmask 255.255.255.0" > > Also I use PF for filtering traffic. There are a lot of rules. In two words: it is unable to reach any host in LAN and also any IP addresses on router, allowed access to Internet only. In other words Jail in original DMZ zone with IP 10.15.1.1. > > In random time (about one incident per-(2|3)days) the strange situations is occur: I am unable to ping/ftp/http from jail or from LAN any host in Internet. From/to router - it's ok. Restarting PF and jail seems to have no effect, only router's reboot. > > From pftop I see traffic, coming from jail or LAN but in the other way - no. > > Anybody can give me some help in debugging this situation and figure out the problem? > > OS: FreeBSD 9.1-STABLE #0: Fri Feb 22 20:51:16 EET 2013 i386 > > Cheers, > Vitaliy > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to "freebsd-jail-unsubscribe@freebsd.org"