Date: Tue, 11 May 2021 20:26:34 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 255685] PF: JAIL: fail to connect from jail to jail service when pf enabled Message-ID: <bug-255685-227-BhCQTW2Hil@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-255685-227@https.bugs.freebsd.org/bugzilla/>
index | next in thread | previous in thread | raw e-mail
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255685 Kristof Provost <kp@freebsd.org> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |kp@freebsd.org --- Comment #2 from Kristof Provost <kp@freebsd.org> --- At this point I believe this isn't a pf bug, but a change in routing behaviour. In 13 we route the alias address via em0, while we route it via lo0 on 12. That means that on 12 the ssh traffic bypasses pf (because skip on lo0) and it doesn't on 13. On 12: Routing tables Internet: Destination Gateway Flags Netif Expire 127.0.0.1 link#2 UH lo0 192.168.1.100 link#1 UHS lo0 192.168.1.100/32 link#1 U em0 On 13: Routing tables Internet: Destination Gateway Flags Netif Expire default 192.168.183.1 UGS em0 127.0.0.1 link#2 UH lo0 192.168.1.100 link#1 UH em0 192.168.183.0/24 link#1 U em0 192.168.183.14 link#1 UHS lo0 (Look at the 192.168.1.100 route entry) Also, if I try to add a link route (after deleting the 192.168.1.100 route): sudo route add 192.168.1.100 -link lo0 route: writing to routing socket: Network is unreachable add host 192.168.1.100: gateway lo0 fib 0: Network is unreachable tl;dr: this looks like a routing issue, not a pf bug. -- You are receiving this mail because: You are the assignee for the bug.help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-255685-227-BhCQTW2Hil>