> On 02 Nov 2015, at 14:47, Shawn Webb <shawn.w...@hardenedbsd.org> wrote: > > On Sunday, 01 November 2015 07:16:34 AM Julian Elischer wrote: >> On 11/1/15 2:50 AM, Shawn Webb wrote: >>> I'm at r290228 on amd64. I'm not sure which revision I was on last when it >>> last worked, but it seems VNET jails aren't working anymore. >>> >>> I've got a bridge, bridge1, with an IP of 192.168.7.1. The VNET jails set >>> their default route to 192.168.7.1. The host simply NATs outbound from >>> 192.168.7.0/24 to the rest of the world. The various epairs get added to >>> bridge1 and assigned to each jail. Pretty simple setup. That worked until >>> today. When I do tcpdump on my public-facing NIC, I see that NAT isn't >>> applied. When I run `ping 8.8.8.8` from the jail, the jail's >>> 192.168.7.0/24 >>> address gets sent on the wire. >>> >>> Let me know what I can do to help debug this further. >> >> send the list your setup script/settings? > > I'm using iocage to start up the jails. Here's a pasted output of `iocage get > all mutt-hardenedbsd`: http://ix.io/lLG
Can you add your pf.conf too? I’ll try upgrading my machine to something beyond 290228 to see if I can reproduce it. It’s on r289635 now, and seems to be fine. My VNET jails certainly get their traffic NATed. Thanks, Kristof _______________________________________________ freebsd-current@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-current To unsubscribe, send any mail to "freebsd-current-unsubscr...@freebsd.org"
