Vnet Jail communication with the host system

Hello ,

does anyone uses vnet jails and can explain me why the communication from the host to the jail is not possible ?

all jails are connect via a bridge1 , the bridge is connected to my real network.

The Host and Jail1 knows each other , I can see the arp request an reply and they have the correct ip and mac address binding.

sharky@freebsd:~ $ sudo arp -a
? (192.168.10.100) at 52:54:00:a6:e8:eb on vtnet0 permanent [ethernet]
? (192.168.10.154) at 02:b5:98:56:4b:0b on vtnet0 expires in 1105 seconds [ethernet]

root@unbound:/ # ifconfig | grep 02:b5:98:56:4b:0b
ether 02:b5:98:56:4b:0b

root@unbound:/ # arp -a | grep 100
freebsd (192.168.10.100) at 52:54:00:a6:e8:eb on eth0 expires in 855 seconds [ethernet]



My test was an ssh connection or a dns request from the host to the jail . I can see the packet on the host system and also inside the jail ( tcpdump )

But the "application layer" aka unbound or ssh never receive the packet ? It is weird.... the unbound log does not get a dns request... .

What is also interesting is that ssh from jail to jail is possible. For me it looks like the the internal layer 2 forwarding is broken .
 
I have created a drawing . It would even help if someone could double check my jail config . Thank you !


Bildschirmfoto 2022-09-24 um 13.14.36.png
 
Top