Date: Sun, 18 Dec 2016 23:39:21 +0300 From: Beeblebrox <zaphod@berentweb.com> To: freebsd-pf@freebsd.org Subject: Re: PF TAGged jail traffic fails pass rule on egress Message-ID: <20161218233921.4455c466@rsbsd.rsb> In-Reply-To: <20161218163313.01fbc51e@rsbsd.rsb> References: <20161207171021.607579ea@rsbsd.rsb> <20161218163313.01fbc51e@rsbsd.rsb>
next in thread | previous in thread | raw e-mail | index | archive | help
Correction to previous message; should be: > After your ideA re "no actual packets on lo2" I ran tcpdump on that > interface; indeed no traffic shows up. I moved the jails to a new > vlan1 ON WAN0 (INSTEAD OF LO0) with /24 subnet, with x.x.0.1 empty and > jails starting from x.x.0.2/32. This obviously facilitates NAT from > pf in that NAT is now not needed for inter-jail communication. > However, nothing changes for the greater problem of packet tagging as > "tcpdump -i vlan1" shows no packet traversal as was the case on lo2. So now, jails are on a vlan hosted on wan0 (egress) but tcpdump still shows= no packet traversal on that interface. hardware driver is re : wan0: flags=3D8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=3D8209b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGI= C,LINKSTATE> inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255=20 media: Ethernet autoselect (100baseTX <full-duplex>) --=20 FreeBSD_amd64_11-Stable_RadeonKMS Please CC my email when responding, mail from list is not delivered.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20161218233921.4455c466>