Strange issue with jail networking

T

tom_h

Hi, Im working with a new type of network config for my jails that ive never used before, and am getting some interesting functionality from it. so, the jail is able to ping some things such as 1.1.1.1, 8.8.8.8 and 8.8.4.4, as well as the local networks and all that. But it cant ping domains, and cant install packages . :

Code: 
root@myjail3:/ # ping google.com
ping: Unknown host

Im really lost as to whats causing this issue, ill provide some of my config files and maybe someone will have an idea lol.

Hosts rc.conf:

Code: 
ifconfig_vmx1="inet 10.8.0.31 netmask 255.255.255.0"
ifconfig_vmx2="inet 10.1.0.148 netmask 255.255.255.0"
ifconfig_vmx3="inet 10.40.0.15/24"
ifconfig_ngeth0="inet 10.8.0.41 netmask 255.255.255.0"
defaultrouter="10.8.0.1"

sshd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
gateway_enable="YES"
natd_enable="YES"
zfs_enable="YES"
jail_enable="YES"
ezjail_enable="YES"
# firewall_enable="NO"
# firewall_type="open"
# firewall_nat_enable="YES"
# firewall_script="/etc/rc.firewall"
natd_interface="vmx1"


cloned_interfaces="bridge0 lo1"
ifconfig_bridge0="inet 10.8.0.40 netmask 255.255.255.0"

So, the firewall here isnt being used i dont think, i say i dont think because i wasnt the one who set it up, however im getting the same functionality if its enabled or disabled anyways.

host jail.conf:

Code: 
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
exec.clean;
mount.devfs;

myjail3 {
    path = /usr/local/jails/myjail3;
    host.hostname = myjail3;
    vnet;
    vnet.interface = ngeth1;
    allow.raw_sockets;
    interface = ngeth0;
}

Jails rc.conf:

Code: 
sshd_enable="YES"
# Set dumpdev to "AUTO" to enable crash dumps, "NO" to disable
dumpdev="AUTO"
ifconfig_ngeth1="inet 10.8.0.35 netmask 255.255.255.0"

defaultrouter="10.8.0.40"

jails resolv.conf:

Code: 
nameserver 8.8.8.8
nameserver 8.8.4.4

I think thats all the relivent stuff, if you think you may be able to help just let me know if you would need to see any extra files. thanks.
 
This is the hosts "ifconfig"

Code: 
vmx0: flags=8822<BROADCAST,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4e403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
        ether 00:50:56:91:12:76
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vmx1: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4a400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6,NOMAP>
        ether 00:50:56:91:0f:63
        inet 10.8.0.31 netmask 0xffffff00 broadcast 10.8.0.255
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vmx2: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4a400b9<RXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,VLAN_HWTSO,RXCSUM_IPV6,NOMAP>
        ether 00:50:56:91:9a:25
        inet 10.1.0.148 netmask 0xffffff00 broadcast 10.1.0.255
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
vmx3: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4e403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
        ether 00:50:56:91:e1:c6
        inet 10.40.0.15 netmask 0xffffff00 broadcast 10.40.0.255
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x5
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ngeth0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=28<VLAN_MTU,JUMBO_MTU>
        ether 58:9c:fc:10:ff:d8
        inet 10.8.0.41 netmask 0xffffff00 broadcast 10.8.0.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
ngeth2: flags=8902<BROADCAST,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=28<VLAN_MTU,JUMBO_MTU>
        ether 58:9c:fc:10:ff:c9
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
bridge0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        ether 58:9c:fc:10:af:10
        inet 10.8.0.40 netmask 0xffffff00 broadcast 10.8.0.255
        id 00:00:00:00:00:00 priority 32768 hellotime 2 fwddelay 15
        maxage 20 holdcnt 6 proto rstp maxaddr 2000 timeout 1200
        root id 00:00:00:00:00:00 priority 32768 ifcost 0 port 0
        member: ngeth0 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 8 priority 128 path cost 20000
        member: vmx2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 3 priority 128 path cost 2000
        member: ngeth2 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 9 priority 128 path cost 20000
        member: vmx1 flags=143<LEARNING,DISCOVER,AUTOEDGE,AUTOPTP>
                ifmaxaddr 0 port 2 priority 128 path cost 2000
        groups: bridge
        nd6 options=9<PERFORMNUD,IFDISABLED>
lo1: flags=8008<LOOPBACK,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

and this the jails one:

Code: 
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
ngeth1: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=28<VLAN_MTU,JUMBO_MTU>
        ether 58:9c:fc:10:8b:13
        inet 10.8.0.35 netmask 0xffffff00 broadcast 10.8.0.255
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
 
bridge0, vmx1 and ngeth0 are all on the same 10.8.0.0/24 subnet. Never put more than one interface on a subnet, as this will cause various routing issues.
 
SirDice said:
bridge0, vmx1 and ngeth0 are all on the same 10.8.0.0/24 subnet. Never put more than one interface on a subnet, as this will cause various routing issues.
Click to expand...
right ok cool, so you think thatll be the main issue then? and do forgive me lol im not exactly great at this stuff, but how would i go about fixing this without breaking everything, every time i touch vmx1 i just lock myself out haha
 
tom_h said:
right ok cool, so you think thatll be the main issue then? and do forgive me lol im not exactly great at this stuff, but how would i go about fixing this without breaking everything, every time i touch vmx1 i just lock myself out haha
Click to expand...
Then don't touch vmx1 ?
Changing things on bridge and the jail related interfaces (ngethX) should do the trick.
 
You must log in or register to reply here.
Back
Top