No network inside jail (not able to ping gateway)

L

lonelywolf

Hello,

I had a working jail setup for quite some time until I decided to upgrade my host. After the reboot I'm now unable to ping anything from my network when inside the jail, including the default gw.

I've pretty much covered most of the related posts, but I'm still unable to route traffic from the jail to anywhere.

Below is my current configuration, is anyone able to shed some light on what might be the problem?

Code: 
root@nas[~]# sysctl net.inet.ip.forwarding=1
net.inet.ip.forwarding: 1 -> 1


Code: 
root@nas[~]# iocage get all gateway
CONFIG_VERSION:28
allow_chflags:0
allow_mlock:0
allow_mount:0
allow_mount_devfs:0
allow_mount_fusefs:0
allow_mount_nullfs:0
allow_mount_procfs:0
allow_mount_tmpfs:0
allow_mount_zfs:0
allow_quotas:0
allow_raw_sockets:1
allow_set_hostname:1
allow_socket_af:0
allow_sysvipc:0
allow_tun:1
allow_vmm:0
assign_localhost:0
available:readonly
basejail:0
boot:1
bpf:1
children_max:0
cloned_release:13.2-RELEASE
comment:none
compression:lz4
compressratio:readonly
coredumpsize:eek:ff
count:1
cpuset:eek:ff
cputime:eek:ff
datasize:eek:ff
dedup:eek:ff
defaultrouter:172.16.2.1
defaultrouter6:auto
depends:none
devfs_ruleset:20
dhcp:0
enforce_statfs:2
exec_clean:1
exec_created:/usr/bin/true
exec_fib:0
exec_jail_user:root
exec_poststart:/usr/bin/true
exec_poststop:/usr/bin/true
exec_prestart:/usr/bin/true
exec_prestop:/usr/bin/true
exec_start:/bin/sh /etc/rc
exec_stop:/bin/sh /etc/rc.shutdown
exec_system_jail_user:0
exec_system_user:root
exec_timeout:60
host_domainname:none
host_hostname:gateway
host_hostuuid:gateway
host_time:1
hostid:74902500-e057-0706-0025-907457e00e0f
hostid_strict_check:0
interfaces:vnet0:bridge0
ip4:new
ip4_addr:vnet0|172.16.2.37/24
ip4_saddrsel:1
ip6:new
ip6_addr:none
ip6_saddrsel:1
ip_hostname:0
jail_zfs:0
jail_zfs_dataset:iocage/jails/gateway/data
jail_zfs_mountpoint:none
last_started:2024-07-09 16:35:05
localhost_ip:none
login_flags:-f root
mac_prefix:022590
maxproc:eek:ff
memorylocked:eek:ff
memoryuse:eek:ff
min_dyn_devfs_ruleset:1000
mount_devfs:1
mount_fdescfs:1
mount_linprocfs:0
mount_procfs:0
mountpoint:readonly
msgqqueued:eek:ff
msgqsize:eek:ff
nat:0
nat_backend:ipfw
nat_forwards:none
nat_interface:none
nat_prefix:172.16
nmsgq:eek:ff
notes:none
nsem:eek:ff
nsemop:eek:ff
nshm:eek:ff
nthr:eek:ff
openfiles:eek:ff
origin:readonly
owner:root
pcpu:eek:ff
plugin_name:none
plugin_repository:none
priority:99
pseudoterminals:eek:ff
quota:none
readbps:eek:ff
readiops:eek:ff
release:13.2-RELEASE-p3
reservation:none
resolver:/etc/resolv.conf
rlimits:eek:ff
rtsold:0
securelevel:2
shmsize:eek:ff
stacksize:eek:ff
state:up
stop_timeout:30
swapuse:eek:ff
sync_state:none
sync_target:none
sync_tgt_zpool:none
sysvmsg:new
sysvsem:new
sysvshm:new
template:0
type:jail
used:readonly
vmemoryuse:eek:ff
vnet:1
vnet0_mac:022590a7a321 022590a7a322
vnet0_mtu:auto
vnet1_mac:none
vnet1_mtu:auto
vnet2_mac:none
vnet2_mtu:auto
vnet3_mac:none
vnet3_mtu:auto
vnet_default_interface:em1
vnet_default_mtu:1500
vnet_interfaces:none
wallclock:eek:ff
writebps:eek:ff
writeiops:eek:ff

Code: 
root@gateway:~ # netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            172.16.2.1         UGS     epair0b
127.0.0.1          link#1             UH          lo0
172.16.2.0/24      link#3             U       epair0b
172.16.2.37        link#3             UHS         lo0

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
::1                               link#1                        UHS         lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%lo0/64                     link#1                        U           lo0
fe80::1%lo0                       link#1                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0

Code: 
root@gateway:~ # ipfw list
65535 allow ip from any to any

Code: 
root@gateway:~ # drill google.com
Error: error sending query: Error creating socket

Code: 
root@gateway:~ # ping 172.16.2.1
PING 172.16.2.1 (172.16.2.1): 56 data bytes
ping: sendto: Host is down
ping: sendto: Host is down
ping: sendto: Host is down


Code: 
root@gateway:~ # ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
^C
--- 1.1.1.1 ping statistics ---
1 packets transmitted, 0 packets received, 100.0% packet loss
 
Yes, I can reach it easily at the host level, but not at the jail level.

Code: 
root@nas[~]# host google.com 172.16.2.1
Using domain server:
Name: 172.16.2.1
Address: 172.16.2.1#53
Aliases:

google.com has address 142.250.179.206
google.com has IPv6 address 2a00:1450:400e:805::200e
google.com mail is handled by 10 smtp.google.com.

Code: 
root@nas[~]# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            172.16.2.1         UGS         em1
127.0.0.1          link#3             UH          lo0
172.16.2.0/24      link#2             U           em1
172.16.2.30        link#2             UHS         lo0

Internet6:
Destination                       Gateway                       Flags     Netif Expire
::/96                             ::1                           UGRS        lo0
::1                               link#3                        UHS         lo0
::ffff:0.0.0.0/96                 ::1                           UGRS        lo0
fe80::/10                         ::1                           UGRS        lo0
fe80::%lo0/64                     link#3                        U           lo0
fe80::1%lo0                       link#3                        UHS         lo0
ff02::/16                         ::1                           UGRS        lo0
 
You said you upgraded your host but from what to what?
Can you give us the outputs of ifconfig both from the host and the jail?
 
Well, I'm not really sure what happened, but a reboot fixed the problem and connectivity is now restored. I'm able to ping and connect from inside the jail.

Pls ignore the problem and thank you for your support!
 
I suspect the jail wasn't attached to a bridge, or the bridge wasn't attached to em1 on the host. I'm not sure how iocage sets this up. The reboot probably made everything attach properly again.
 
I've also confirmed this while troubleshooting and specifically set the bridge interface from 'auto' to 'em1' (main interface) to be on the safe side. So I am not sure.
 
lonelywolf said:
Well, I'm not really sure what happened, but a reboot fixed the problem and connectivity is now restored. I'm able to ping and connect from inside the jail.

Pls ignore the problem and thank you for your support!
Click to expand...
You don't reboot during or after an upgrade? :oops:
If so, be prepared to some others weirdnesses...
 
You must log in or register to reply here.
Back
Top