Date: Sat, 24 Dec 2016 09:16:00 +0100 From: Alexander Leidinger <Alexander@leidinger.net> To: byrnejb@harte-lyne.ca Cc: freebsd-jail@freebsd.org Subject: Re: IP address assignments to jails using ezjail Message-ID: <20161224091600.Horde.Pou9f2cz-oaXnfRPcRSKxhW@webmail.leidinger.net> In-Reply-To: <a991de9aa44a7ae47b4810f8753ebe83.squirrel@webmail.harte-lyne.ca> References: <20161223152836.N26979@sola.nimnet.asn.au> <a991de9aa44a7ae47b4810f8753ebe83.squirrel@webmail.harte-lyne.ca>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --] Quoting "James B. Byrne via freebsd-jail" <freebsd-jail@freebsd.org> (from Fri, 23 Dec 2016 09:33:17 -0500): > I am experimenting with jails on a bhyve vm guest running FBSD-11.0 > using ezjail. I am having a problem with network connections to the > outside from within the jail. I have sshd configured and I can reach > the jail from the outside: > > $ ssh -vv 192.168.216.196 > OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 > debug1: Reading configuration data /etc/ssh/ssh_config > debug1: Applying options for * > debug2: ssh_connect: needpriv 0 > debug1: Connecting to 192.168.216.196 [192.168.216.196] port 22. > debug1: Connection established. > > But inside the jail I cannot connect out: > > ssh -vv 192.168.216.22 > OpenSSH_7.2p2, OpenSSL 1.0.2j-freebsd 26 Sep 2016 > debug1: Reading configuration data /etc/ssh/ssh_config > debug2: resolving "192.168.216.22" port 22 > debug2: ssh_connect_direct: needpriv 0 > debug1: Connecting to 192.168.216.22 [192.168.216.22] port 22. > debug1: connect to address 192.168.216.22 port 22: Operation timed out > ssh: connect to host 192.168.216.22 port 22: Operation timed out Where is this IP located. Not on the same FreeBSD host it seems (the IP is not in ifconfig output below). Do a packet trace on the network interface of the host, what do you see in terms of packets related to this (ARP + IP)? > On the host system I see this: > > # ifconfig > vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> > metric 0 mtu 1500 > options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE> > ether 00:a0:98:fa:aa:b6 > inet 216.185.71.16 netmask 0xffffff00 broadcast 216.185.71.255 > inet 192.168.216.16 netmask 0xffffff00 broadcast 192.168.216.255 A /24 network config... If this is the IP of a jail I suggest to give it a /32 netmask. IF this is a jail, then this may be the cause of what you see. > inet 192.168.216.196 netmask 0xffffffff broadcast 192.168.216.196 > nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> > media: Ethernet 10Gbase-T <full-duplex> > status: active > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> > inet6 ::1 prefixlen 128 > inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2 > inet 127.0.0.1 netmask 0xff000000 > nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> > groups: lo > lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> > inet 127.0.1.1 netmask 0xffffffff > nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> > groups: lo > pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160 > groups: pflog > > Inside the jail I see this: > > root@hlldrupal:~ # ifconfig > vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> > metric 0 mtu 1500 > options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE> > ether 00:a0:98:fa:aa:b6 > inet 192.168.216.196 netmask 0xffffffff broadcast 192.168.216.196 > media: Ethernet 10Gbase-T <full-duplex> > status: active > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> > groups: lo > lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> > inet 127.0.1.1 netmask 0xffffffff > groups: lo > pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160 > groups: pflog > > > Any ideas as to what I may have failed to do? Can you please provide the output of "jls -v"? for all involved jails? Bye, Alexander. -- http://www.Leidinger.net Alexander@Leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netchild@FreeBSD.org : PGP 0x8F31830F9F2772BF [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- iQIcBAABAgAGBQJYXi7AAAoJEKrxQhqFIICEUCUP/RUzZks5IAO9zkf69nSswCDQ NT8gNZZv6t0XFJjwRtvAcmxYkxvmqz/kpgiae7s5lN3n2pOWe9tKN9nAAZmyHsRv WwR6fGDB2qLvBuFfWF1Cx+o1yOAfbY6w1i9BfCyZtwm0t7oNMc7lcwe2KOPGtp7q HZh6wdh7nNCBnujI+wSJA5twl02sEh5t95P9QpVt9I4pl/TlE45XisKE+cljMDZZ N3tFIqwmRh3UQADb1k49aXkRbbyNd7UBJ9PPJf7vGLGOlcyQoL/4zCLhxF7w+rk8 HISEXa4Cc5CEcXU5DyTWQLJUTOJZzIQ5zCEd0WleHdiN5g+rGryt5iudKzvGsA0t mH9P8tPae7NQhmjp1Uy+A4GL3S33tZIurVEJIRq4XQ3OPUJHc6giEqeldgVcC/Y/ FCV+JNv3/BhRJCSR0gUSWAeG+kRGtFat/u9+PzvLuZNkM9/lJNl9N7fOmdGcPP3y /J9fWaa5M4/xK8bp5dcUaArGmIVM1LvFS767bBK3h3vF5uNzcgfVf9/BrhXNjlpo cp7xNX7rS+I/td/3ZsctPEdOgjUHF7WOxcQFARdQHRJcl+JoAxE/PoCverrAbC9A NSeaWasLU+j2H+5DG9q5vc5yScsAIo8FV7t4cazBQCK9XlMBEam0Z/3rzvM6ISMI WSgyO9GeCPBXAPmRVxYY =E/Ty -----END PGP SIGNATURE-----home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161224091600.Horde.Pou9f2cz-oaXnfRPcRSKxhW>