Please do not feel discouraged to read given what might look like a "complex" scheme. I'm pretty sure the solution is a simple as fixing a routing problem. Summary of the problem is the fact that I am unable to establish a connection between the gateway and my jails, although I am able to connect between the jails and each other.
I have a box with 5 physical interfaces, I am only working with three of them at the moment.
What I would like to ultimately achieve is the following scenario (gotta love the ascii):
Let's focus on the Cipher box, I am currently in the process of implementing this. I am using jails to create separate network stacks for each virtual interface inside the jails.
I currently have the two jails running, each jail having two interfaces only, the loopback interface and the s and i virtual interfaces. I have basically implemented everything in the right side of the IP cipher box.
With my current settings, I am able to establish a connection (using PING) between the jails using the s and i interfaces. However, although the bridge0 is supposed to be there to faciliate this connection, I am not able to ping to it, which makes me think that the echo replies I am getting are not from the correct jails.
In command line words, both of these commands:
would return echo replies
However, none of these commands would return anything:
There is no echo reply of any sort, not even host unreachable, It would just stay there until I CTRL+C when it would finally display 100.0% packet loss.
I am leaning to believe this is merely a routing problem rather than an implementation problem. I'm kind of a newb when it comes to routing, I'd appreciate any guidance.
UPDATE
after a little bit of tampering, running
returns
ifconfig msk0 shows that msk0 is active. Pinging the other interfaces from jail1 (192.168.1.10, 192.168.1.20, 192.168.1.1) still do not return anything.
Also, performing ping from the main box to both jails give
Edit
Here are my ifconfigs and netstats of the main host and the jails.
Executing netstat -rn in the jails returned the following error message:
I have a box with 5 physical interfaces, I am only working with three of them at the moment.
What I would like to ultimately achieve is the following scenario (gotta love the ascii):
Code:
____________________
| Cipher BOX |
| _________ |
| | | 0a
notebook <---> {red network} <-----> em0<->x jail1 s< |
10.0.0.3 | | | \ 1a
| |_________| > |
| msk0 <-----> {black network} <-----> same as left side}
| _________ > |
| | | / |
notebook <---> {red network} <-----> em1<->j jail2 i< |
172.16.0.3 | | | bridge0
| |_________| |
|____________________|
Physical Interfaces
em0 = IP Address is 10.0.0.5
em1 = IP address is 172.16.0.5
msk0 = IP address is 192.168.1.5
Virtual Interfaces
x = IP address is 10.0.0.2
s = epair0b = IP address is 192.168.1.2
j = IP address is 172.16.0.2
i = epair1b = IP address is 192.168.1.11
0a = epair0a = IP address is 192.168.1.10
1a = epair1a = IP address is 192.168.1.20
bridge0 = IP address is 192.168.1.1 (has members epair0a and epair1a)
Let's focus on the Cipher box, I am currently in the process of implementing this. I am using jails to create separate network stacks for each virtual interface inside the jails.
I currently have the two jails running, each jail having two interfaces only, the loopback interface and the s and i virtual interfaces. I have basically implemented everything in the right side of the IP cipher box.
With my current settings, I am able to establish a connection (using PING) between the jails using the s and i interfaces. However, although the bridge0 is supposed to be there to faciliate this connection, I am not able to ping to it, which makes me think that the echo replies I am getting are not from the correct jails.
In command line words, both of these commands:
# jexec 1 ping 192.168.1.11
# jexec 2 ping 192.168.1.2
would return echo replies
However, none of these commands would return anything:
# jexec 1 ping 192.168.1.5
# jexec 1 ping 192.168.1.10
# jexec 1 ping 192.168.1.20
# jexec 1 ping 192.168.1.1
There is no echo reply of any sort, not even host unreachable, It would just stay there until I CTRL+C when it would finally display 100.0% packet loss.
I am leaning to believe this is merely a routing problem rather than an implementation problem. I'm kind of a newb when it comes to routing, I'd appreciate any guidance.
UPDATE
after a little bit of tampering, running
# jexec 1 ping 192.168.1.5
returns
Code:
ping:sendto:Host is down.
Also, performing ping from the main box to both jails give
Code:
ping:sendto:Host is down.
Edit
Here are my ifconfigs and netstats of the main host and the jails.
# ifconfig
Code:
em0: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
ether 00:15:17:96:0d:08
media: Ethernet autoselect
status: no carrier
em1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
ether 00:15:17:96:0d:09
media: Ethernet autoselect
status: no carrier
em2: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
ether 00:15:17:96:0d:0a
media: Ethernet autoselect
status: no carrier
em3: flags=8802<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
ether 00:15:17:96:0d:0b
media: Ethernet autoselect
status: no carrier
msk0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=11a<TXCSUM,VLAN_MTU,VLAN_HWTAGGING,TSO4>
ether 00:1e:90:9d:ee:4e
inet 192.168.1.5 netmask 0xffffff00 broadcast 192.168.1.255
media: Ethernet autoselect (1000baseT <full-duplex,flag0,flag1,flag2>)
status: active
plip0: flags=8810<POINTOPOINT,SIMPLEX,MULTICAST> metric 0 mtu 1500
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x7
inet6 ::1 prefixlen 128
inet 127.0.0.1 netmask 0xff000000
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 3a:83:7f:af:12:a9
inet 192.168.1.1 netmask 0xffffff00 broadcast 192.168.1.255
id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdcnt 6 proto rstp maxaddr 100 timeout 1200
root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
member: epair1a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 11 priority 128 path cost 14183
member: epair0a flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
ifmaxaddr 0 port 10 priority 128 path cost 14183
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33200
epair0a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:c0:24:00:0a:0a
inet 192.168.1.10 netmask 0xffffff00 broadcast 192.168.1.255
epair1a: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:c0:24:00:0b:0a
inet 192.168.1.20 netmask 0xffffff00 broadcast 192.168.1.255
# jexec 1 ifconfig
Code:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
epair0b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:c0:24:00:0b:0b
inet6 fe80::c0:24ff:fe00:b0b%epair0b prefixlen 64 scopeid 0x2
inet 192.168.1.2 netmask 0xffffff00 broadcast 192.168.1.255
# jexec 2 ifconfig
Code:
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=3<RXCSUM,TXCSUM>
inet 127.0.0.1 netmask 0xff000000
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
epair1b: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
ether 02:c0:24:00:0c:0b
inet6 fe80::c0:24ff:fe00:c0b%epair1b prefixlen 64 scopeid 0x2
inet 192.168.1.11 netmask 0xffffff00 broadcast 192.168.1.255
# netstat -rn
Code:
Routing tables
Internet:
Destination Gateway Flags Refs Use Netif Expire
127.0.0.1 link#7 UH 0 0 lo0
192.168.1.0/24 link#5 U 0 46 msk0
192.168.1.1 link#8 UHS 0 0 lo0
192.168.1.5 link#5 UHS 0 0 lo0
192.168.1.10 link#10 UHS 0 0 lo0
192.168.1.20 link#11 UHS 0 0 lo0
Internet6:
Destination Gateway Flags Netif Expire
::1 ::1 UH lo0
fe80::%lo0/64 link#7 U lo0
fe80::1%lo0 link#7 UHS lo0
ff01:7::/32 fe80::1%lo0 U lo0
ff02::%lo0/32 fe80::1%lo0 U lo0
Executing netstat -rn in the jails returned the following error message:
Code:
netstat: kvm not available: /dev/mem: No such file or directory
Routing tables
rt_tables: symbol not in namelist