I went back to running my workstation and router in jails as opposed to having the workstation be the 'host' and the router the 'jail'. My motivation was to again minimize the number of times I need to reboot the physical host. I reboot so I can create a new Boot Environment (BE) and rollback to a known working state.
Upon startup, the host assigns all physical interfaces to the router jail. The workstation creates an epair interface, assigns an IP on the same subnet as the physical device, and then the other end gets added to the bridge in the router. Subsequently, the host system has an epair interface, IP assigned on the same subnet, and the other side of the interface gets added to the bridge in the router jail.
General Topology (not real IPs):
host: 192.168.1.102
workstation: 192.168.1.100
router: 192.168.1.1
The workstation jail gets out to the Internet fine and I can ping and SSH to the router jail from within the workstation jail. I can do the same from the router jail to the workstation jail. The host itself cannot get out to the Internet, it does have the default gateway as the router, but regardless, it cannot ping it.
The problem I have is that I am unable to ping or SSH to the host from within either the workstation or router jails. It has an IP assigned on the same subnet, and the default router is set to the router interface. When I try to ping, I get host is down. The host does not have pf running and I don't believe I have any rules restriction connectivity from the workstation or router to the base.
Any ideas on what I should look for?
As an aside, this has downstream implications:
1. host can no longer check for updates (and update jails).
2. host can no longer keep accurate time
Upon startup, the host assigns all physical interfaces to the router jail. The workstation creates an epair interface, assigns an IP on the same subnet as the physical device, and then the other end gets added to the bridge in the router. Subsequently, the host system has an epair interface, IP assigned on the same subnet, and the other side of the interface gets added to the bridge in the router jail.
General Topology (not real IPs):
host: 192.168.1.102
workstation: 192.168.1.100
router: 192.168.1.1
The workstation jail gets out to the Internet fine and I can ping and SSH to the router jail from within the workstation jail. I can do the same from the router jail to the workstation jail. The host itself cannot get out to the Internet, it does have the default gateway as the router, but regardless, it cannot ping it.
The problem I have is that I am unable to ping or SSH to the host from within either the workstation or router jails. It has an IP assigned on the same subnet, and the default router is set to the router interface. When I try to ping, I get host is down. The host does not have pf running and I don't believe I have any rules restriction connectivity from the workstation or router to the base.
Any ideas on what I should look for?
As an aside, this has downstream implications:
1. host can no longer check for updates (and update jails).
2. host can no longer keep accurate time