From nobody Sun Mar 13 13:06:02 2022 X-Original-To: freebsd-net@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 1F5971A04875 for ; Sun, 13 Mar 2022 13:06:13 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from mail.punkt.de (mail.punkt.de [217.29.41.227]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 4KGg0M6F2kz4nyb; Sun, 13 Mar 2022 13:06:11 +0000 (UTC) (envelope-from hausen@punkt.de) Received: from smtpclient.apple (unknown [IPv6:2003:a:d59:3800:c584:89e9:c52c:dae4]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.punkt.de (Postfix) with ESMTPSA id 9709423C15; Sun, 13 Mar 2022 14:06:03 +0100 (CET) Content-Type: text/plain; charset=utf-8 List-Id: Networking and TCP/IP with FreeBSD List-Archive: https://lists.freebsd.org/archives/freebsd-net List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-freebsd-net@freebsd.org Mime-Version: 1.0 (Mac OS X Mail 15.0 \(3693.60.0.1.1\)) Subject: Re: epair and vnet jail loose connection. From: "Patrick M. Hausen" In-Reply-To: <810820a6-e319-fa78-72a3-3d1cb43f3af3@gmail.com> Date: Sun, 13 Mar 2022 14:06:02 +0100 Cc: Kristof Provost , Michael Gmelin , freeBSD-net Content-Transfer-Encoding: quoted-printable Message-Id: <7DD42D89-7706-47C2-B8B6-82A29DE9D351@punkt.de> References: <94B8885D-F63F-40C3-9E7E-158CC252FF9A@FreeBSD.org> <95793CDF-6E72-4FAB-8BF5-F2E67D3F69CD@freebsd.org> <810820a6-e319-fa78-72a3-3d1cb43f3af3@gmail.com> To: Johan Hendriks X-Mailer: Apple Mail (2.3693.60.0.1.1) X-Rspamd-Queue-Id: 4KGg0M6F2kz4nyb X-Spamd-Bar: / Authentication-Results: mx1.freebsd.org; dkim=none; dmarc=none; spf=pass (mx1.freebsd.org: domain of hausen@punkt.de designates 217.29.41.227 as permitted sender) smtp.mailfrom=hausen@punkt.de X-Spamd-Result: default: False [0.61 / 15.00]; RCVD_TLS_ALL(0.00)[]; RCVD_VIA_SMTP_AUTH(0.00)[]; MID_RHS_MATCH_FROM(0.00)[]; FROM_HAS_DN(0.00)[]; RCPT_COUNT_THREE(0.00)[4]; MV_CASE(0.50)[]; R_SPF_ALLOW(-0.20)[+ip4:217.29.32.0/20]; TAGGED_RCPT(0.00)[]; MIME_GOOD(-0.10)[text/plain]; ARC_NA(0.00)[]; NEURAL_SPAM_MEDIUM(0.91)[0.912]; DMARC_NA(0.00)[punkt.de]; NEURAL_HAM_LONG(-1.00)[-1.000]; TO_MATCH_ENVRCPT_SOME(0.00)[]; TO_DN_ALL(0.00)[]; NEURAL_HAM_SHORT(-1.00)[-1.000]; MLMMJ_DEST(0.00)[freebsd-net]; FREEMAIL_TO(0.00)[gmail.com]; FROM_EQ_ENVFROM(0.00)[]; R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+]; ASN(0.00)[asn:16188, ipnet:217.29.32.0/20, country:DE]; RCVD_COUNT_TWO(0.00)[2]; SUSPICIOUS_RECIPS(1.50)[] X-ThisMailContainsUnwantedMimeParts: N Hi all, i was a bit puzzled by Michael using bhyve trying to reproduce. Up until now I thought bhyve uses tap and not epair? Anyway ... > Am 13.03.2022 um 14:01 schrieb Johan Hendriks = : > I have no idea why it does not work on my setup, which is nothing out = of the ordinary i think, basic full jails connected to a bridge = interface and one of them exposed to the world wide web using pf binat. What we do is full exposed VNET jails connected to the bridge on the external interface of the host. ipfw kernel module loaded but not used in this case, i.e. only the "default to accept" rule active in the jails. I will probably downgrade the production host from 13.1-PRERELEASE to 13.0-pX tomorrow and see if that changes anything. Kind regards, Patrick --=20 punkt.de GmbH Patrick M. Hausen .infrastructure Kaiserallee 13a 76133 Karlsruhe Tel. +49 721 9109500 https://infrastructure.punkt.de info@punkt.de AG Mannheim 108285 Gesch=C3=A4ftsf=C3=BChrer: J=C3=BCrgen Egeling, Daniel Lienert, Fabian = Stein