I have a VNET jail that uses epair interfaces and noticed I can ping to and from the jail without issues until I reboot the jail. After that I cannot ping anymore, but from inside the jail I can ping to the gateway or to other hosts on my network.
Pf is disabled on both sides.
Both are running 13.0-RELEASE.
Here's
And
Pf is disabled on both sides.
Both are running 13.0-RELEASE.
Here's
/etc/jail.conf:
Code:
honeypot {
vnet;
vnet.interface = "epair11b";
exec.prestart = "ifconfig epair11 create";
exec.prestart += "ifconfig epair11a up";
exec.prestart += "ifconfig bridge0 addm epair11a";
exec.prestop = "ifconfig epair11b -vnet $name";
exec.poststop = "ifconfig epair11a destroy";
host.hostname = "${name}.bsd.am";
exec.consolelog = "/var/log/jail-${name}.log";
persist;
allow.raw_sockets;
allow.set_hostname;
#securelevel = 2;
enforce_statfs = 2;
devfs_ruleset="5";
mount.devfs;
}And
ifconfig
Code:
re0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=82099<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,WOL_MAGIC,LINKSTATE>
ether b4:2e:99:ea:d3:6c
inet 192.168.100.111 netmask 0xffffff00 broadcast 192.168.100.255
inet 192.168.100.205 netmask 0xffffffff broadcast 192.168.100.205
inet 192.168.100.203 netmask 0xffffffff broadcast 192.168.100.203
media: Ethernet autoselect (100baseTX <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: vm-public
ether 58:9c:fc:10:8c:25
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: epair11a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 7 priority 128 path cost 2000
member: tap1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 6 priority 128 path cost 2000000
member: tap0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 5 priority 128 path cost 2000000
member: re0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 1 priority 128 path cost 55
groups: bridge vm-switch viid-4c918@
nd6 options=9<PERFORMNUD,IFDISABLED>
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.1.5 netmask 0xffffffff
inet 127.0.1.4 netmask 0xffffffff
inet 127.0.1.1 netmask 0xffffffff
inet6 fe80::1%lo1 prefixlen 64 scopeid 0x4
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
tap0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: vmnet-devel-0-public
options=80000<LINKSTATE>
ether 58:9c:fc:10:de:73
groups: tap vm-port
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Opened by PID 1688
tap1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
description: vmnet-senaite-0-public
options=80000<LINKSTATE>
ether 58:9c:fc:10:ff:fd
groups: tap vm-port
media: Ethernet autoselect
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
Opened by PID 1978
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
groups: pflog
epair11a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:56:0c:31:e4:0a
groups: epair
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>