Date: Sat, 15 Dec 2018 01:53:16 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 234021] 12.0 gateway host with vnet jail running pf firewall & NAT has no internet access Message-ID: <bug-234021-227-LJhhPETAR4@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-234021-227@https.bugs.freebsd.org/bugzilla/> References: <bug-234021-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D234021 --- Comment #2 from Joe Barbish <qjail1@a1poweruser.com> --- (In reply to Kristof Provost from comment #1) I am having a real hard time trying to understand your comments. Its my understanding that because vnet jails have their own ip stack that's outsid= e of the hosts ip stack, that they act like individual computers. This is the on= ly difference between non-vnet jails and vnet jails. For network connectivity = vnet jails use the bridge/epair or netgraph methods. Non-vnet jails uses the host network stack. This fact is well know by people who have read any of the vn= et jail documentation. The whole reason for changing ipfw and pf firewalls was because vnet jails on gateway hosts need a vnet aware firewall to filter and NAT their traffic. Based on this information, I can not get a so configured vnet jail running = on a gateway host to access the public internet. To verify this problems exist is the purpose of this bug report.=20 See /usr/share/examples/jails for details and who wrote the content of the files. >From your comments you seem to be implying this is untrue. Please point me to vnet jail documentation that supports your position. I'm always ready to learn new things about vnet jails. A example of a working v= net jail setup environment would enable me to replicate it here. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-234021-227-LJhhPETAR4>