Hello ,
does anyone uses vnet jails and can explain me why the communication from the host to the jail is not possible ?
all jails are connect via a bridge1 , the bridge is connected to my real network.
The Host and Jail1 knows each other , I can see the arp request an reply and they have the correct ip and mac address binding.
sharky@freebsd:~ $ sudo arp -a
? (192.168.10.100) at 52:54:00:a6:e8:eb on vtnet0 permanent [ethernet]
? (192.168.10.154) at 02:b5:98:56:4b:0b on vtnet0 expires in 1105 seconds [ethernet]
root@unbound:/ # ifconfig | grep 02:b5:98:56:4b:0b
ether 02:b5:98:56:4b:0b
root@unbound:/ # arp -a | grep 100
freebsd (192.168.10.100) at 52:54:00:a6:e8:eb on eth0 expires in 855 seconds [ethernet]
My test was an ssh connection or a dns request from the host to the jail . I can see the packet on the host system and also inside the jail ( tcpdump )
But the "application layer" aka unbound or ssh never receive the packet ? It is weird.... the unbound log does not get a dns request... .
What is also interesting is that ssh from jail to jail is possible. For me it looks like the the internal layer 2 forwarding is broken .
does anyone uses vnet jails and can explain me why the communication from the host to the jail is not possible ?
all jails are connect via a bridge1 , the bridge is connected to my real network.
The Host and Jail1 knows each other , I can see the arp request an reply and they have the correct ip and mac address binding.
sharky@freebsd:~ $ sudo arp -a
? (192.168.10.100) at 52:54:00:a6:e8:eb on vtnet0 permanent [ethernet]
? (192.168.10.154) at 02:b5:98:56:4b:0b on vtnet0 expires in 1105 seconds [ethernet]
root@unbound:/ # ifconfig | grep 02:b5:98:56:4b:0b
ether 02:b5:98:56:4b:0b
root@unbound:/ # arp -a | grep 100
freebsd (192.168.10.100) at 52:54:00:a6:e8:eb on eth0 expires in 855 seconds [ethernet]
My test was an ssh connection or a dns request from the host to the jail . I can see the packet on the host system and also inside the jail ( tcpdump )
But the "application layer" aka unbound or ssh never receive the packet ? It is weird.... the unbound log does not get a dns request... .
What is also interesting is that ssh from jail to jail is possible. For me it looks like the the internal layer 2 forwarding is broken .