Date: Tue, 11 May 2021 20:26:34 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 255685] PF: JAIL: fail to connect from jail to jail service when pf enabled Message-ID: <bug-255685-227-BhCQTW2Hil@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-255685-227@https.bugs.freebsd.org/bugzilla/> References: <bug-255685-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255685 Kristof Provost <kp@freebsd.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kp@freebsd.org --- Comment #2 from Kristof Provost <kp@freebsd.org> --- At this point I believe this isn't a pf bug, but a change in routing behavi= our. In 13 we route the alias address via em0, while we route it via lo0 on 12. = That means that on 12 the ssh traffic bypasses pf (because skip on lo0) and it doesn't on 13. On 12: Routing tables Internet: Destination Gateway Flags Netif Expire 127.0.0.1 link#2 UH lo0 192.168.1.100 link#1 UHS lo0 192.168.1.100/32 link#1 U em0 On 13: Routing tables Internet: Destination Gateway Flags Netif Expire default 192.168.183.1 UGS em0 127.0.0.1 link#2 UH lo0 192.168.1.100 link#1 UH em0 192.168.183.0/24 link#1 U em0 192.168.183.14 link#1 UHS lo0 (Look at the 192.168.1.100 route entry) Also, if I try to add a link route (after deleting the 192.168.1.100 route): sudo route add 192.168.1.100 -link lo0 route: writing to routing socket: Network is unreachable add host 192.168.1.100: gateway lo0 fib 0: Network is unreachable tl;dr: this looks like a routing issue, not a pf bug. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-255685-227-BhCQTW2Hil>