Hi,
I've made a simple setup:
EM0 - main network interface with public IP
VLAN0 on EM0
bridge0
epair interface for jail with internal IP
rc.conf
In the jail.conf i'm creating epair**b device and assigning an internal address to it.
Here is interface configuration on HOST
Here is interface on jail
So I'm trying to connect to nginx which is started in jail. What I'm getting is strange chksum which prevent from connection (tcpdump -nnn -e -vv inside jail):
Interesting is that, ICMP is working as expected
If I add EM0 to Bridge0, everything starts working, however, I can't establish any connection in/out on host with world - so this is more annoying.
I've made a simple setup:
EM0 - main network interface with public IP
VLAN0 on EM0
bridge0
epair interface for jail with internal IP
rc.conf
Code:
ifconfig_vlan0="inet 10.0.1.1 netmask 255.255.255.0 vlan 6 vlandev em0
ifconfig_bridge0="addm vlan0 up"
In the jail.conf i'm creating epair**b device and assigning an internal address to it.
Here is interface configuration on HOST
Code:
vlan0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=103<RXCSUM,TXCSUM,TSO4>
ether c8:60:00:bd:ad:cf
inet 10.0.1.1 netmask 0xffffff00 broadcast 10.0.1.255
inet6 fe80::ca60:ff:febd:adcf%vlan0 prefixlen 64 scopeid 0x7
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
vlan: 6 vlanpcp: 0 parent interface: em0
groups: vlan
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:33:dd:4d:5f:00
nd6 options=1<PERFORMNUD>
groups: bridge
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: epair15a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 13 priority 128 path cost 2000
member: vlan0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 7 priority 128 path cost 2000000
epair15a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ff:50:00:0d:0a
inet6 fe80::ff:50ff:fe00:d0a%epair15a prefixlen 64 scopeid 0xd
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
Here is interface on jail
Code:
epair15b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=8<VLAN_MTU>
ether 02:ff:a0:00:0f:0b
inet6 fe80::ff:a0ff:fe00:f0b%epair15b prefixlen 64 tentative scopeid 0x5
inet 10.0.1.15 netmask 0xffffff00 broadcast 10.0.1.255
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T (10Gbase-T <full-duplex>)
status: active
groups: epair
So I'm trying to connect to nginx which is started in jail. What I'm getting is strange chksum which prevent from connection (tcpdump -nnn -e -vv inside jail):
Code:
16:05:59.264390 c8:60:00:bd:ad:cf > 02:ff:a0:00:0f:0b, ethertype IPv4 (0x0800), length 74: (tos 0x10, ttl 128, id 0, offset 0, flags [DF], proto TCP (6), length 60)
10.0.1.1.46306 > 10.0.1.15.80: Flags , cksum 0x163e (incorrect -> 0x3a15), seq 542855385, win 8192, options [mss 1460,nop,wscale 6,sackOK,TS val 70561089 ecr 0], length 0
Interesting is that, ICMP is working as expected
Code:
16:10:27.836088 c8:60:00:bd:ad:cf > 02:ff:a0:00:0f:0b, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 128, id 8649, offset 0, flags [none], proto ICMP (1), length 84)
10.0.1.1 > 10.0.1.15: ICMP echo request, id 42854, seq 0, length 64
16:10:27.836098 02:ff:a0:00:0f:0b > c8:60:00:bd:ad:cf, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 64, id 16829, offset 0, flags [none], proto ICMP (1), length 84)
10.0.1.15 > 10.0.1.1: ICMP echo reply, id 42854, seq 0, length 64
If I add EM0 to Bridge0, everything starts working, however, I can't establish any connection in/out on host with world - so this is more annoying.