From owner-freebsd-net@freebsd.org  Wed Jul  3 07:15:55 2019
Return-Path: <owner-freebsd-net@freebsd.org>
Delivered-To: freebsd-net@mailman.ysv.freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1])
 by mailman.ysv.freebsd.org (Postfix) with ESMTP id CB3AC15C9A4A
 for <freebsd-net@mailman.ysv.freebsd.org>;
 Wed,  3 Jul 2019 07:15:55 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
Received: from eg.sd.rdtc.ru (eg.sd.rdtc.ru [IPv6:2a03:3100:c:13::5])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (Client CN "eg.sd.rdtc.ru", Issuer "eg.sd.rdtc.ru" (not verified))
 by mx1.freebsd.org (Postfix) with ESMTPS id B3D928CF7B
 for <freebsd-net@freebsd.org>; Wed,  3 Jul 2019 07:15:44 +0000 (UTC)
 (envelope-from eugen@grosbein.net)
X-Envelope-From: eugen@grosbein.net
X-Envelope-To: freebsd-net@freebsd.org
Received: from [10.58.0.4] (dadv@[10.58.0.4])
 by eg.sd.rdtc.ru (8.15.2/8.15.2) with ESMTPS id x637FZup053632
 (version=TLSv1.2 cipher=DHE-RSA-AES128-SHA bits=128 verify=NOT);
 Wed, 3 Jul 2019 14:15:35 +0700 (+07)
 (envelope-from eugen@grosbein.net)
Subject: Re: Network issues while jails are starting
To: wishmaster <artemrts@ukr.net>, freebsd-net@freebsd.org
References: <1562134249.868399000.r0je57so@frv50.fwdcdn.com>
From: Eugene Grosbein <eugen@grosbein.net>
Message-ID: <2deee082-1dca-b93f-39f7-33d4c4f5b09d@grosbein.net>
Date: Wed, 3 Jul 2019 14:15:33 +0700
User-Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:45.0) Gecko/20100101
 Thunderbird/45.8.0
MIME-Version: 1.0
In-Reply-To: <1562134249.868399000.r0je57so@frv50.fwdcdn.com>
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Rspamd-Queue-Id: B3D928CF7B
X-Spamd-Bar: -
Authentication-Results: mx1.freebsd.org;
 spf=permerror (mx1.freebsd.org: domain of eugen@grosbein.net uses mechanism
 not recognized by this client) smtp.mailfrom=eugen@grosbein.net
X-Spamd-Result: default: False [-1.22 / 15.00]; ARC_NA(0.00)[];
 NEURAL_HAM_MEDIUM(-0.43)[-0.431,0];
 MX_INVALID(0.50)[greylisted]; FROM_HAS_DN(0.00)[];
 TO_DN_SOME(0.00)[]; NEURAL_HAM_LONG(-0.77)[-0.769,0];
 MIME_GOOD(-0.10)[text/plain]; DMARC_NA(0.00)[grosbein.net];
 TO_MATCH_ENVRCPT_SOME(0.00)[]; R_SPF_PERMFAIL(0.00)[];
 RCPT_COUNT_TWO(0.00)[2]; NEURAL_HAM_SHORT(-0.47)[-0.470,0];
 IP_SCORE(0.05)[asn: 29072(0.23), country: RU(0.01)];
 FREEMAIL_TO(0.00)[ukr.net]; FROM_EQ_ENVFROM(0.00)[];
 R_DKIM_NA(0.00)[]; MIME_TRACE(0.00)[0:+];
 ASN(0.00)[asn:29072, ipnet:2a03:3100::/32, country:RU];
 MID_RHS_MATCH_FROM(0.00)[]; RCVD_TLS_ALL(0.00)[];
 RCVD_COUNT_TWO(0.00)[2]
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <https://lists.freebsd.org/mailman/options/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net/>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <https://lists.freebsd.org/mailman/listinfo/freebsd-net>,
 <mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 03 Jul 2019 07:15:56 -0000

03.07.2019 14:08, wishmaster wrote:

> 
> Hi,
> 
> the office's server has 6 jails and 2 bhyve virtual servers.
> The problem is when I restart server, jails start for a long time (about 6 minutes). All this time the server does not acts as router, that is no packets between interfaces. From within the server packets are transmitted and received (ping works correctly), but from LAN - no.
> 
> I do not remember either this issue has appeared after upgrading to 12.0 or switching from STABLE to RELEASE branch, but this issue has been appearing for about half of year or little more.
> 
> Toggle sysctl net.inet.ip.forwarding while jails are starting don't help.
> 
> root@e-server: uname -a
> FreeBSD e-server 12.0-RELEASE-p3 FreeBSD 12.0-RELEASE-p3 GENERIC  amd64
> 
> jail_enable="YES"
> jail_parallel_start="NO"
> jail_list="basejail jdb jphp jwww jmail jdns"
> jail_reverse_stop="YES"
> Any advices?

Does your LAN use NAT service of the router and/or its DNS resolver?
You should uncomment /var/log/console.log in the /etc/syslog.conf,
create this file and reboot then read the file carefully and check whether
you NAT/DNS services start before jails.