Date: Fri, 07 May 2021 16:13:11 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 255685] PF: JAIL: fail to connect from jail to jail service when pf enabled Message-ID: <bug-255685-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255685 Bug ID: 255685 Summary: PF: JAIL: fail to connect from jail to jail service when pf enabled Product: Base System Version: 13.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: manu@freebsd.org Created attachment 224752 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D224752&action= =3Dedit script to reproduce the issue After upgrading some of my servers to 13.0-RELEASE I had this weird behavio= r, I couldn't connect (atleast tcp) to the service running in the jail from the = jail itself. The jails are using ip alias, not much else. With a simple pf.conf that just block in it's not possible to either connect from the host to the jail or even from the jail to the jail. I've attached a simple script that can reproduce the issue. Obviously don't run it on a production machine as it will screw your pf.conf and jail.conf :) There is a few variable at the beginning that should be updated (like ip address of the machine etc ...) For reason yet unknown the quirk rule that I added on my servers which fix = the issue doesn't work when I tried to reproduce on a machine locally here with= a reduced test case. I'll dig more into this later. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-255685-227>