Solved No network access for all my jails.

Z

ZFS_HBG

So i just realized that i cant access any of my services on my jails and my jails cant get any updates from pkg.

ifconfig from the host:

ifconfig -a
em0: flags=1008943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=4e524bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,LRO,WOL_MAGIC,VLA
N_HWFILTER,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,HWSTATS,MEXTPG>
ether 90:xx:1c:9f:xx:9f
inet 192.x.x.10 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=1008049<UP,LOOPBACK,RUNNING,MULTICAST,LOWER_UP> metric 0 mtu 16384
options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
groups: lo
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
em0.5: flags=1008843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST,LOWER_UP> metric 0 mtu 1500
options=4600403<RXCSUM,TXCSUM,LRO,RXCSUM_IPV6,TXCSUM_IPV6,MEXTPG>
ether 90:x:1c:9f:x:9f
inet 10.x.x 2 netmask 0xffffffff broadcast 10.x.x.2
inet 10.x.x.4 netmask 0xffffffff broadcast 10.x.x.4
inet 10.x.x.5 netmask 0xffffffff broadcast 10.x.x.5
inet 10.x.x.6 netmask 0xffffffff broadcast 10.x.x.6
inet 10.x.x.7 netmask 0xffffffff broadcast 10.x.x.7
inet 10.x.x.8 netmask 0xffffffff broadcast 10.x.x.8
inet 10.x.x.9 netmask 0xffffffff broadcast 10.x.x.9
inet 10.x.x.10 netmask 0xffffffff broadcast 10.x.x.10
inet 10.x.x.11 netmask 0xffffffff broadcast 10.x.x.11
inet 10.x.x.12 netmask 0xffffffff broadcast 10.x.x.12
inet6 fe80::92b1:x:fe9f:x%em0.5 prefixlen 64 scopeid 0x3
inet6 2001:xx:28:xx::5 prefixlen 64
inet6 2001:xx:28:xx::6 prefixlen 128
inet6 2001:xx:28:xx::1337 prefixlen 128
groups: vlan
vlan: 5 vlanproto: 802.1q vlanpcp: 0 parent interface: em0
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>


My jail list:

jls
JID IP Address Hostname Path
12 10.x.x.2 unifi.local /usr/local/jails/unifi
13 10.x.x.4 bind.local /usr/local/jails/bind
14 10.x.x.5 mysql-1.local /usr/local/jails/mysql-1
15 10.x.x.6 apache-1.local /usr/local/jails/apache-1
16 10.x.x.7 apache-2.local /usr/local/jails/apache-2
17 10.x.x.8 zabbix.local /usr/local/jails/zabbix
18 10.x.x.9 minecraft.local /usr/local/jails/minecraft
19 10.x.x.10 apache-3.local /usr/local/jails/apache-3
20 /usr/local/jails/
21 10.x.x.11 clonetest1 /usr/local/jails/clonetest1
22 10.x.x.12 vaultwarden.local /usr/local/jails/vaultwarden



My route list:

netstat -nr
Routing tables

Internet:
Destination Gateway Flags Netif Expire
default 192.x.x.1 UGS em0
10.x.x.2 link#2 UH lo0
10.x.x.4 link#2 UH lo0
10.x.x.5 link#2 UH lo0
10.x.x.6 link#2 UH lo0
10.x.x.7 link#2 UH lo0
10.x.x.8 link#2 UH lo0
10.x.x.9 link#2 UH lo0
10.x.x.10 link#2 UH lo0
10.x.x.11 link#2 UH lo0
10.x.x.12 link#2 UH lo0
127.0.0.1 link#2 UH lo0
192.x.x.0/24 link#1 U em0
192.x.x.10 link#2 UHS lo0

Internet6:
Destination Gateway Flags Netif Expire
::/96 link#2 URS lo0
default 2001:x:28:x::1 UGS em0.5
::1 link#2 UHS lo0
::ffff:0.0.0.0/96 link#2 URS lo0
2001:x:28:x::/64 link#3 U em0.5
2001:x:28:x::5 link#2 UHS lo0
2001:x:28:x::6 link#2 UHS lo0
2001:x:28:x::1337 link#2 UHS lo0
fe80::%lo0/10 link#2 URS lo0
fe80::%lo0/64 link#2 U lo0
fe80::1%lo0 link#2 UHS lo0
fe80::%em0.5/64 link#3 U em0.5
fe80::92b1:x:fe9f:6e9f%lo0 link#2 UHS lo0
ff02::/16 link#2 URS lo0


My jail.conf:

cat /etc/jail.conf
# /etc/jail.conf

# Global settings applied to all jails.

exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
host.hostname = "$name.local";
path = "/usr/local/jails/$name";

interface = "em0.5";
exec.clean;
mount.devfs;
allow.chflags;

# The jail definition for unifi
unifi {
ip4.addr = 10.x.x.2;

}


# The jail definition for test
bind {
ip4.addr = 10.x.x.4;

}
mysql-1 {
ip4.addr = 10.x.x.5;

sysvsem = new;
sysvshm = new;
allow.raw_sockets=1;
# sysvipc_allowed=1:
}
apache-1 {
ip4.addr = 10.x.x.6;

ip6.addr = 2001:x:28:x::6;

}

apache-2 {
ip4.addr = 10.x.x.7;

}

zabbix {
ip4.addr = 10.x.x.8;
allow.raw_sockets=1;
sysvshm = new;
sysvsem = new;
}
minecraft {
ip4.addr = 10.x.x.9;

}

apache-3 {
ip4.addr = 10.x.x.10;

}


clonetest1 {
ip4.addr = 10.x.x.11;
}
vaultwarden {
ip4.addr = 10.x.x.12;
}



My rc.conf:

cat /etc/rc.conf
zfs_enable="YES"
# -- sysinstall generated deltas -- # Wed Sep 7 23:55:46 2011
keymap=se
hostname="Backup.local"
sshd_enable="YES"

#Adding swapfile
swapfile="/usr/home/drift/swap/swap.bin"

#cpu microcode updates
microcode_update_enable="YES"

cpupdate_enable="YES"

#Samba_config

samba_server_enable="YES"
#samba_enable="YES"

#Rsync -daemon

rsyncd_enable="NO"

#NFS utdelning

#nfs_server_enable="YES"
#nfs_server_flags="-u -t -n 4"
rpcbind_flags="-h 192.x.x.10"
rpcbind_enable="YES"

#mountd_flags="-r"
mountd_enable="NO"

#Sendmail
sendmail_enable="NO";
sendmail_submit_enable="NO";
sendmail_outbound_enable="NO";
sendmail_msp_queue_enable="NO";

#SSMTP
ssmtp_enable="YES"


#NTP
ntpd_enable="YES";
#ntpdate_enable="YES";
NTP_HOSTS="0.se.pool.ntp.org";


#inetd
inetd_enable="NO";
#inetd_flags="-wW -a 192.x.x.10";

#Smartd
smartd_enable="YES";
#smartd_flasg="-1 local2 --insterval=300";

# -- sysinstall generated deltas -- # Wed Oct 10 21:46:21 2012
ifconfig_em0="inet 192.x.x.10 netmask 255.255.255.0"

defaultrouter="192.x.x.1"
hostname="Backup.local"

vlans_em0="5"
ifconfig_em0_5="inet 10.x.x.10/24"

#IPv6


ipv6_defaultrouter="2001:x:28:x::1"
ifconfig_em0_5_ipv6="inet6 2001:x:28:x::5 prefixlen 64"

#ipv6_network_interfaces="em0"

#ifconfig_em0_5_ipv6="inet6 accept_rtadv"

#rtsold_enable="YES"



#NFS

nfs_client_enable="NO"

#Virtualbox

vboxnet_enable="YES"

#headless

vboxheadless_enable="YES"

# VMs to start (whitespace-separated list):
vboxheadless_machines="DebianUcrm_1upgradera librenms home_assistent"

# Users

# Virtualbox "asterisk"

#vboxheadless_freepbxsenaste_name="freepbxsenaste"
#vboxheadless_freepbxsenaste_user="drift"
#vboxheadless_freepbxsenaste_stop="acpipowerbutton"

# Virtualbox "op5"

#vboxheadless_op5kanskebra_name="op5kanskebra"
#vboxheadless_op5kanskebra_user="drift"
#vboxheadless_op5kanskebra_stop="acpipowerbutton"


# Virtualbox "windowsserver2019"

#vboxheadless_windowsserver_name="windowsserver2019"
#vboxheadless_windowsserver_user="drift"
#vboxheadless_windowsserver_stop="acpipowerbutton"


# Virtualbox "unifi"

#vboxheadless_unifi_name="unifi"
#vboxheadless_unifi_user="drift"
#vboxheadless_unifi_stop="acpipowerbutton"

# Virtualbox "debian DebianUcrm_1upgradera"

vboxheadless_DebianUcrm_1upgradera_name="DebianUcrm_1upgradera"
vboxheadless_DebianUcrm_1upgradera_user="drift"
vboxheadless_DebianUcrm_1upgradera_stop="acpipowerbutton"


# Virtualbox "librenms"

vboxheadless_librenms_name="librenms"
vboxheadless_librenms_user="drift"
vboxheadless_librenms_stop="acpipowerbutton"

# Virtualbox "home_assistent"

vboxheadless_home_assistent_name="home_assistent"
vboxheadless_home_assistent_user="drift"
vboxheadless_home_assistent_stop="acpipowerbutton"

# Virtualbox "debian_bitwarden"
vboxheadless_debian_bitwarden_name="debian_bitwarden"
vboxheadless_debian_bitwarden_user="drift"
vboxheadless_debian_bitwarden_stop="acpipowerbutton"


#Snmpd

snmpd_enable="YES"

#Snmptrapd

snmptrapd_enable="YES"

#bsnmpd

bsnmpd_enable="YES"

#Accounting

accounting_enable="yes"

#JAIL

jail_enable="YES"

jail_sysipc_allow="YES"

sshd_dsa_enable="no"
sshd_ecdsa_enable="no"
sshd_ed25519_enable="yes"
sshd_rsa_enable="yes"


My virtual machines are having working network.

The error when i am trying to work with pkg in the jails:

pkg -d audit -F
DBG(1)[23604]> (fetch) Request to fetch https://vuxml.freebsd.org/freebsd/vuln.xml.xz
DBG(1)[23604]> (fetch) Fetch: fetcher used: https
pkg: An error occured while fetching package: No error
pkg: cannot fetch vulnxml file


pkg -d update
Updating FreeBSD repository catalogue...
DBG(1)[23688]> PkgRepo: verifying update for FreeBSD
DBG(1)[23688]> Pkgrepo, begin update of '/var/db/pkg/repos/FreeBSD/db'
DBG(1)[23688]> (fetch) Request to fetch pkg+https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly/meta.c
onf
DBG(1)[23688]> (fetch) Fetch: fetcher used: pkg+https
pkg: An error occured while fetching package: No error
DBG(1)[23688]> (fetch) Request to fetch pkg+https://pkg.FreeBSD.org/FreeBSD:14:amd64/quarterly/meta.t
xz
DBG(1)[23688]> (fetch) Fetch: fetcher used: pkg+https


My resolv.conf:

cat /etc/resolv.conf
domain local

nameserver 8.8.8.8



I am thankful for any help anyone can provide in problem!
 
Last edited:
The problem was the update of pfsense to 2.8 which changed "Firewall State Policy" from "Floating states" to "Interface bound states" which stopped the traffic to my jails.
When i changed it back to Floating state everything just started working again.
 
Last edited:
Thanks for the info.

Did not have any problem on my jails since pfsense upgrade.
Maybe because they are on the same subnet than the host.
 
Emrion said:
Thanks for the info.

Did not have any problem on my jails since pfsense upgrade.
Maybe because they are on the same subnet than the host.
Click to expand...
You mean same as em0 even when they are on em0.5 as on vlan 5 ?
My question is when how do i do to make the new Firewall setting work with my jails ?
 
You must log in or register to reply here.
Back
Top