No connection between jails

amiramix

Member

Reaction score: 4
Messages: 93

I have two jails in the same subnet on two different hosts:

Code:
HOST1 -- jail1
  |
  |
HOST2 - jail2
Code:
HOST1: 10.70.7.13/16
HOST2: 10.70.70.2/16
jail1: 10.70.5.2/32
jail2: 10.70.7.50/32
Default gateway in the network is 10.70.70.1 but I don't think it matters in this issue.

There is network connection between HOST1 and jail2, or HOST2 and jail1, or between any other host in the network and either jail1 or jail2, however there is no network connection between jail1 and jail2. By network connection I mean exchange of packets, e.g. telnet destination port. Both hosts and the default gateway are connected to the same physical switch.

There is actually more jails on HOST1 but the situation is analogous - no connection between jails on HOST1 and any jails on HOST2.

What am I missing?


Both hosts have gateway_enable="YES" in rc.conf ( net.inet.ip.forwarding: 1). I am not using VNET, jails are aliased directly in host's network interfaces ( lagg0 for HOST1 and em0 for HOST2).
 
OP
amiramix

amiramix

Member

Reaction score: 4
Messages: 93

Interestingly it started working when I added on both hosts routes to respective jails on the other hosts:

Code:
# on HOST1 (10.70.7.13)
route add 10.70.5.2 10.70.70.2

# on HOST2 (10.70.70.2)
route add 10.70.7.50 10.70.7.13
And now it still works after removing those routes. Looks like the broadcast wasn't properly handled by the hosts or the switch and the switch didn't route packets between ports belonging to those hosts. Is that possible? Does it suggest something is missing on the hosts related to handling broadcasts for the jail addresses?
 

Lamia

Aspiring Daemon

Reaction score: 130
Messages: 576

Interestingly it started working when I added on both hosts routes to respective jails on the other hosts:

Code:
# on HOST1 (10.70.7.13)
route add 10.70.5.2 10.70.70.2

# on HOST2 (10.70.70.2)
route add 10.70.7.50 10.70.7.13
And now it still works after removing those routes. Looks like the broadcast wasn't properly handled by the hosts or the switch and the switch didn't route packets between ports belonging to those hosts. Is that possible? Does it suggest something is missing on the hosts related to handling broadcasts for the jail addresses?
Add the route details in rc.local for it to be automagically added at startup. And you can use static_route in rc.conf to inform the hosts of the routes to the networks too.
 
OP
amiramix

amiramix

Member

Reaction score: 4
Messages: 93

Thanks Lamia. The problem is that the route shouldn't be needed since both jails are in the same subnet.
 
Top