Solved jail can only reach the bridge (not internet)

[RazAquato]

ok, so I'm about to give up here.. banging my head against the wall
the answer is probably obvious, but for a newbie this is... frustrating
I've tried to follow a bunch of tutorials but for the life of me, I can't get my jails to reach the internet
need some advice
This is on a fresh install of FreeBSD 13RC4, no firewall configured:

/etc/sysctl.conf on host:

security.jail.allow_raw_sockets=1

/etc/rc.conf on host:

hostname             ="freeBSD-server"
ifconfig_em0        ="192.168.1.140 netmask 255.255.255.0"
defaultrouter        ="192.168.1.1"
jail_enable           ="YES"
cloned_interfaces="bridge0"
ifconfig_bridge0   ="inet 10.0.100.1 netmask 255.255.255.0 descr jails-bridge"

/etc/jail.conf on host:

testjail {
host.hostname ="vnet_testjail";
path                  = /jails/demo2";
vnet                  = "new";
vnet.interface   ="epair1b";
exec.prestart    = "ifconfig epair1 create up";
exec.prestart  += "ifconfig epair1a up descr vnet-testjail";
exec.prestart  += "ifconfig bridge0 addm epair1a";
exec.start         = "/bin/sh /etc/rc";
exec.start       +="ifconfig epair1b inet 10.0.100.55 netmask 255.255.255.0";
exec.start       += "route add default 10.0.100.1":
}

output on ifconfig from host shows that bridge0 has the ip 10.0.100.1 netmask 0xffffff00 broadcast 10.0.100.255
output on ifconfig from jail shows epair1b with inet 10.0.100.55 netmask 0xffffff00 broadcast 10.0.100.255'

both host and jail can ping each other (10.0.100.1 and 10.0.100.55), but the jail can't reach the internet (or other machines on my 192. network)

(I tried setting the IP addresses to 192.0.1.x but that didn't work either)

please advice?

 

[ccammack]

Is your FreeBSD installation on real hardware or is it a VM?

 

[RazAquato]

Real hardware

 

[RazAquato]

following this tutorial made it work

 

[SirDice]

/etc/sysctl.conf on host:

Note that the global sysctl security.jail.allow_raw_sockets is deprecated, you should set this per jail:

             allow.raw_sockets
                     The jail root is allowed to create raw sockets.  Setting
                     this parameter allows utilities like ping(8) and
                     traceroute(8) to operate inside the jail.  If this is
                     set, the source IP addresses are enforced to comply with
                     the IP address bound to the jail, regardless of whether
                     or not the IP_HDRINCL flag has been set on the socket.
                     Since raw sockets can be used to configure and interact
                     with various network subsystems, extra caution should be
                     used where privileged access to jails is given out to
                     untrusted parties.