From owner-freebsd-pf@freebsd.org Sun Dec 18 20:39:28 2016 Return-Path: Delivered-To: freebsd-pf@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 092D1C87602 for ; Sun, 18 Dec 2016 20:39:28 +0000 (UTC) (envelope-from zaphod@berentweb.com) Received: from mail-wm0-x241.google.com (mail-wm0-x241.google.com [IPv6:2a00:1450:400c:c09::241]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id A6A1913CA for ; Sun, 18 Dec 2016 20:39:27 +0000 (UTC) (envelope-from zaphod@berentweb.com) Received: by mail-wm0-x241.google.com with SMTP id u144so15257242wmu.0 for ; Sun, 18 Dec 2016 12:39:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=berentweb-com.20150623.gappssmtp.com; s=20150623; h=sender:date:from:to:subject:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=KhE4per+sXaYauz8vxFmoKkrcaoEsKUZqitwo5JUmgE=; b=TgxXhuATpvQ1BAyYx3XL+AMOV2bMhoZNOk45oTjejc6T48DpdknSDZ/kxprOnBTxQu +JMd4ip+Ub9T/MWRUgSwWq9SoyRXk7O26mrtdFKEVbraO0YtY5E8RyHCf35xABeK89av jPfU5t/pGbTBuo8aF7B2fBvmNbW8G5hZCd3U0RN+minSDV1WRWOHZdSHNRnP/qfq/t/B t/1zvDOLI10vHCrXWuiVuTyApA3D5Cc1UhWjuksoTziO2P8RKf4kQheiyqxAkUzcHn6Q enWU/obEeam6mOJGkRfcJGKRRl2fvHpWknh+cP23mWG//6Rr4B5UzCwlZT7ceUH5ZCP7 IyUw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:date:from:to:subject:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=KhE4per+sXaYauz8vxFmoKkrcaoEsKUZqitwo5JUmgE=; b=acjFrFaFQ2PO3qp5gUKie4c5vo99xY5OXdE7ooQnrVtjMIh4qhgce+rTmDd3aD98bB fLPliDX+z7vOiFSnAPs481Ylx+fTWMC0KQTN48HhxfbBaJRQt2n1zoOrZ5t4nozy+y22 5ZUxbTy2yt4kMk7nntf25u0v+gyvHQgXti43cAOkQsrQHmSeVTqEFjuxmmR2f6A8bNeY zWBp+lzGVLc0DWBXhdTKK2F/L0MJpgNFT1P8aMEuXov3Go1d91rdustvGiJ45vabjbBt vmhyOJKtngVobcPh6W7ozkcAw/0DJhDHo7OszP8thL0kmT9OZQfQY+jpxbQjgrxbyln6 jMcw== X-Gm-Message-State: AIkVDXIFVcX7pAIZDC778HgD0b16mXE0YuBhJZIxriwq4GXXn0F9oAHYI32Ixaa7LSB0EA== X-Received: by 10.28.60.194 with SMTP id j185mr10212244wma.33.1482093564584; Sun, 18 Dec 2016 12:39:24 -0800 (PST) Received: from rsbsd.rsb ([78.183.218.80]) by smtp.gmail.com with ESMTPSA id r138sm13973158wme.9.2016.12.18.12.39.22 for (version=TLS1_2 cipher=ECDHE-RSA-CHACHA20-POLY1305 bits=256/256); Sun, 18 Dec 2016 12:39:23 -0800 (PST) Sender: "Raif S. Berent" Date: Sun, 18 Dec 2016 23:39:21 +0300 From: Beeblebrox To: freebsd-pf@freebsd.org Subject: Re: PF TAGged jail traffic fails pass rule on egress Message-ID: <20161218233921.4455c466@rsbsd.rsb> In-Reply-To: <20161218163313.01fbc51e@rsbsd.rsb> References: <20161207171021.607579ea@rsbsd.rsb> <20161218163313.01fbc51e@rsbsd.rsb> MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-pf@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Technical discussion and general questions about packet filter \(pf\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 18 Dec 2016 20:39:28 -0000 Correction to previous message; should be: > After your ideA re "no actual packets on lo2" I ran tcpdump on that > interface; indeed no traffic shows up. I moved the jails to a new > vlan1 ON WAN0 (INSTEAD OF LO0) with /24 subnet, with x.x.0.1 empty and > jails starting from x.x.0.2/32. This obviously facilitates NAT from > pf in that NAT is now not needed for inter-jail communication. > However, nothing changes for the greater problem of packet tagging as > "tcpdump -i vlan1" shows no packet traversal as was the case on lo2. So now, jails are on a vlan hosted on wan0 (egress) but tcpdump still shows= no packet traversal on that interface. hardware driver is re : wan0: flags=3D8843 metric 0 mtu 1500 options=3D8209b inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255=20 media: Ethernet autoselect (100baseTX ) --=20 FreeBSD_amd64_11-Stable_RadeonKMS Please CC my email when responding, mail from list is not delivered.