From owner-freebsd-current@freebsd.org  Sat Oct 31 23:16:51 2015
Return-Path: <owner-freebsd-current@freebsd.org>
Delivered-To: freebsd-current@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id C18C9A22C35
 for <freebsd-current@mailman.ysv.freebsd.org>;
 Sat, 31 Oct 2015 23:16:51 +0000 (UTC)
 (envelope-from julian@freebsd.org)
Received: from vps1.elischer.org (vps1.elischer.org [204.109.63.16])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client did not present a certificate)
 by mx1.freebsd.org (Postfix) with ESMTPS id 9B8091C28
 for <freebsd-current@freebsd.org>; Sat, 31 Oct 2015 23:16:51 +0000 (UTC)
 (envelope-from julian@freebsd.org)
Received: from Julian-MBP3.local (ppp121-45-229-78.lns20.per1.internode.on.net
 [121.45.229.78]) (authenticated bits=0)
 by vps1.elischer.org (8.15.2/8.15.2) with ESMTPSA id t9VNGeDv029840
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO)
 for <freebsd-current@freebsd.org>; Sat, 31 Oct 2015 16:16:43 -0700 (PDT)
 (envelope-from julian@freebsd.org)
Subject: Re: pf NAT and VNET Jails
To: freebsd-current@freebsd.org
References: <CAExMvs=jVsASLyiqU9nTpir0Hy_s_DfChgf4XKeGWv-8yojNBw@mail.gmail.com>
From: Julian Elischer <julian@freebsd.org>
Message-ID: <56354BD2.5060608@freebsd.org>
Date: Sun, 1 Nov 2015 07:16:34 +0800
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:38.0)
 Gecko/20100101 Thunderbird/38.3.0
MIME-Version: 1.0
In-Reply-To: <CAExMvs=jVsASLyiqU9nTpir0Hy_s_DfChgf4XKeGWv-8yojNBw@mail.gmail.com>
Content-Type: text/plain; charset=windows-1252; format=flowed
Content-Transfer-Encoding: 7bit
X-BeenThere: freebsd-current@freebsd.org
X-Mailman-Version: 2.1.20
Precedence: list
List-Id: Discussions about the use of FreeBSD-current
 <freebsd-current.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-current/>
List-Post: <mailto:freebsd-current@freebsd.org>
List-Help: <mailto:freebsd-current-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-current>, 
 <mailto:freebsd-current-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 31 Oct 2015 23:16:51 -0000

On 11/1/15 2:50 AM, Shawn Webb wrote:
> I'm at r290228 on amd64. I'm not sure which revision I was on last when it
> last worked, but it seems VNET jails aren't working anymore.
>
> I've got a bridge, bridge1, with an IP of 192.168.7.1. The VNET jails set
> their default route to 192.168.7.1. The host simply NATs outbound from
> 192.168.7.0/24 to the rest of the world. The various epairs get added to
> bridge1 and assigned to each jail. Pretty simple setup. That worked until
> today. When I do tcpdump on my public-facing NIC, I see that NAT isn't
> applied. When I run `ping 8.8.8.8` from the jail, the jail's 192.168.7.0/24
> address gets sent on the wire.
>
> Let me know what I can do to help debug this further.

send the list your setup script/settings?
>
> Thanks,
>
> Shawn Webb
> _______________________________________________
> freebsd-current@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-current
> To unsubscribe, send any mail to "freebsd-current-unsubscribe@freebsd.org"
>