From owner-freebsd-bugs@freebsd.org  Sat Dec 15 01:53:18 2018
Return-Path: <owner-freebsd-bugs@freebsd.org>
Delivered-To: freebsd-bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id 85A17132AD7B
 for <freebsd-bugs@mailman.ysv.freebsd.org>;
 Sat, 15 Dec 2018 01:53:18 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::50:5])
 by mx1.freebsd.org (Postfix) with ESMTP id 13CD8763DA
 for <freebsd-bugs@freebsd.org>; Sat, 15 Dec 2018 01:53:18 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: by mailman.ysv.freebsd.org (Postfix)
 id CB504132AD79; Sat, 15 Dec 2018 01:53:17 +0000 (UTC)
Delivered-To: bugs@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id B9BA3132AD78
 for <bugs@mailman.ysv.freebsd.org>; Sat, 15 Dec 2018 01:53:17 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from mxrelay.ysv.freebsd.org (mxrelay.ysv.freebsd.org
 [IPv6:2001:1900:2254:206a::19:3])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 server-signature RSA-PSS (4096 bits)
 client-signature RSA-PSS (4096 bits) client-digest SHA256)
 (Client CN "mxrelay.ysv.freebsd.org",
 Issuer "Let's Encrypt Authority X3" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id 50A16763D4
 for <bugs@FreeBSD.org>; Sat, 15 Dec 2018 01:53:17 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org (kenobi.freebsd.org
 [IPv6:2001:1900:2254:206a::16:76])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mxrelay.ysv.freebsd.org (Postfix) with ESMTPS id 930A7727C
 for <bugs@FreeBSD.org>; Sat, 15 Dec 2018 01:53:16 +0000 (UTC)
 (envelope-from bugzilla-noreply@freebsd.org)
Received: from kenobi.freebsd.org ([127.0.1.118])
 by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id wBF1rG4F002464
 for <bugs@FreeBSD.org>; Sat, 15 Dec 2018 01:53:16 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
Received: (from www@localhost)
 by kenobi.freebsd.org (8.15.2/8.15.2/Submit) id wBF1rGvV002463
 for bugs@FreeBSD.org; Sat, 15 Dec 2018 01:53:16 GMT
 (envelope-from bugzilla-noreply@freebsd.org)
X-Authentication-Warning: kenobi.freebsd.org: www set sender to
 bugzilla-noreply@freebsd.org using -f
From: bugzilla-noreply@freebsd.org
To: bugs@FreeBSD.org
Subject: [Bug 234021] 12.0 gateway host with vnet jail running pf firewall &
 NAT has no internet access
Date: Sat, 15 Dec 2018 01:53:16 +0000
X-Bugzilla-Reason: AssignedTo
X-Bugzilla-Type: changed
X-Bugzilla-Watch-Reason: None
X-Bugzilla-Product: Base System
X-Bugzilla-Component: kern
X-Bugzilla-Version: 12.0-STABLE
X-Bugzilla-Keywords: 
X-Bugzilla-Severity: Affects Only Me
X-Bugzilla-Who: qjail1@a1poweruser.com
X-Bugzilla-Status: New
X-Bugzilla-Resolution: 
X-Bugzilla-Priority: ---
X-Bugzilla-Assigned-To: bugs@FreeBSD.org
X-Bugzilla-Flags: 
X-Bugzilla-Changed-Fields: 
Message-ID: <bug-234021-227-LJhhPETAR4@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-234021-227@https.bugs.freebsd.org/bugzilla/>
References: <bug-234021-227@https.bugs.freebsd.org/bugzilla/>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/
Auto-Submitted: auto-generated
MIME-Version: 1.0
X-BeenThere: freebsd-bugs@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Bug reports <freebsd-bugs.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-bugs/>
List-Post: <mailto:freebsd-bugs@freebsd.org>
List-Help: <mailto:freebsd-bugs-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-bugs>,
 <mailto:freebsd-bugs-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 15 Dec 2018 01:53:18 -0000

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D234021

--- Comment #2 from Joe Barbish <qjail1@a1poweruser.com> ---
(In reply to Kristof Provost from comment #1)

I am having a real hard time trying to understand your comments. Its my
understanding that because vnet jails have their own ip stack that's outsid=
e of
the hosts ip stack, that they act like individual computers. This is the on=
ly
difference between non-vnet jails and vnet jails. For network connectivity =
vnet
jails use the bridge/epair or netgraph methods. Non-vnet jails uses the host
network stack. This fact is well know by people who have read any of the vn=
et
jail documentation. The whole reason for changing ipfw and pf firewalls was
because vnet jails on gateway hosts need a vnet aware firewall to filter and
NAT their traffic.

Based on this information, I can not get a so configured vnet jail running =
on a
gateway host to access the public internet. To verify this problems exist is
the purpose of this bug report.=20

See /usr/share/examples/jails for details and who wrote the content of the
files.

>From your comments you seem to be implying this is untrue.

Please point me to vnet jail documentation that supports your position. I'm
always ready to learn new things about vnet jails. A example of a working v=
net
jail setup environment would enable me to replicate it here.

--=20
You are receiving this mail because:
You are the assignee for the bug.=