From owner-freebsd-net@FreeBSD.ORG  Sat Apr  6 20:54:52 2013
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@freebsd.org
Received: from mx1.freebsd.org (mx1.FreeBSD.org [8.8.178.115])
 by hub.freebsd.org (Postfix) with ESMTP id 32330F94;
 Sat,  6 Apr 2013 20:54:52 +0000 (UTC)
 (envelope-from artemrts@ukr.net)
Received: from ffe16.ukr.net (ffe16.ukr.net [195.214.192.51])
 by mx1.freebsd.org (Postfix) with ESMTP id E2D969C;
 Sat,  6 Apr 2013 20:54:51 +0000 (UTC)
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=ukr.net;
 s=ffe; 
 h=Date:Message-Id:From:To:Subject:Cc:Content-Type:Content-Transfer-Encoding:MIME-Version;
 bh=ow8wf/SxFBYVLzwwVH0q9Z76TYRH5uA/dOQP7D8/BNw=; 
 b=Wc6l0rDBfD5ih0K5eoqYYkksWKCyBWXuwa3170L1TCzsGNsqDaPCe+BvjryhPA+GfJ/jXynghVzjV6xyaVkR+QWjqlVI/nyNKE8nuqObeNhznBU77BUBjmT0Zd4Ruhlc7c4W2kEfjC16B49fnKoA+k44K/kVd6xq1iAAqHdljRk=;
Received: from mail by ffe16.ukr.net with local ID 1UOZon-000Izc-VI
 ; Sat, 06 Apr 2013 23:34:33 +0300
MIME-Version: 1.0
Content-Disposition: inline
Content-Transfer-Encoding: binary
Content-Type: text/plain; charset="windows-1251"
Subject: Problems with network on host with jail.
To: freebsd-jail@freebsd.org
From: "wishmaster" <artemrts@ukr.net>
X-Mailer: freemail.ukr.net 4.0
Message-Id: <65534.1365280473.6122751498602086400@ffe16.ukr.net>
Date: Sat, 06 Apr 2013 23:34:33 +0300
Cc: freebsd-net@freebsd.org
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.14
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 06 Apr 2013 20:54:52 -0000


 Hi.
Since I setuped Jail for www stuff in server  there are network problems. Router has 3 NIC's in bridge with aliases.

cloned_interfaces="bridge0"
ifconfig_bridge0="addm rl1 addm rl2 addm rl3 up"
ifconfig_rl1="up -wol"
ifconfig_rl2="up -wol"
ifconfig_rl3="up -wol"
ifconfig_bridge0_alias0="inet 10.11.1.1 netmask 255.255.255.0"
ifconfig_bridge0_alias1="inet 10.12.1.1 netmask 255.255.255.0"
ifconfig_bridge0_alias2="inet 10.13.1.1 netmask 255.255.255.0"
ifconfig_bridge0_alias3="inet 10.14.1.1 netmask 255.255.255.192"
ifconfig_bridge0_alias4="inet 10.15.1.1 netmask 255.255.255.0"

Also I use PF for filtering traffic. There are a lot of rules. In two words: it is unable to reach any host in LAN and also any IP addresses on router, allowed access to Internet only. In other words Jail in original DMZ zone with IP 10.15.1.1.

In random time (about one incident per-(2|3)days) the strange situations is occur: I am unable to ping/ftp/http from jail or from LAN any host in Internet. From/to router - it's ok. Restarting PF and jail seems to have no effect, only router's reboot.

>From pftop I see traffic, coming from jail or LAN but in the other way - no.

Anybody can give me some help in debugging this situation and figure out the problem?

OS: FreeBSD 9.1-STABLE #0: Fri Feb 22 20:51:16 EET 2013 i386

Cheers,
Vitaliy