I am experimenting with jails on a bhyve vm guest running FBSD-11.0 using ezjail. I am having a problem with network connections to the outside from within the jail. I have sshd configured and I can reach the jail from the outside:$ ssh -vv 192.168.216.196 OpenSSH_5.3p1, OpenSSL 1.0.1e-fips 11 Feb 2013 debug1: Reading configuration data /etc/ssh/ssh_config debug1: Applying options for * debug2: ssh_connect: needpriv 0 debug1: Connecting to 192.168.216.196 [192.168.216.196] port 22. debug1: Connection established. But inside the jail I cannot connect out: ssh -vv 192.168.216.22 OpenSSH_7.2p2, OpenSSL 1.0.2j-freebsd 26 Sep 2016 debug1: Reading configuration data /etc/ssh/ssh_config debug2: resolving "192.168.216.22" port 22 debug2: ssh_connect_direct: needpriv 0 debug1: Connecting to 192.168.216.22 [192.168.216.22] port 22. debug1: connect to address 192.168.216.22 port 22: Operation timed out ssh: connect to host 192.168.216.22 port 22: Operation timed out
Where is this IP located. Not on the same FreeBSD host it seems (the IP is not in ifconfig output below). Do a packet trace on the network interface of the host, what do you see in terms of packets related to this (ARP + IP)?
On the host system I see this:
# ifconfig
vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
ether 00:a0:98:fa:aa:b6
inet 216.185.71.16 netmask 0xffffff00 broadcast 216.185.71.255
inet 192.168.216.16 netmask 0xffffff00 broadcast 192.168.216.255
A /24 network config... If this is the IP of a jail I suggest to give it a /32 netmask.
IF this is a jail, then this may be the cause of what you see.
inet 192.168.216.196 netmask 0xffffffff broadcast 192.168.216.196
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
media: Ethernet 10Gbase-T <full-duplex>
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet6 ::1 prefixlen 128
inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
inet 127.0.0.1 netmask 0xff000000
nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
groups: lo
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.1.1 netmask 0xffffffff
nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
groups: lo
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
groups: pflog
Inside the jail I see this:
root@hlldrupal:~ # ifconfig
vtnet0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST>
metric 0 mtu 1500
options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
ether 00:a0:98:fa:aa:b6
inet 192.168.216.196 netmask 0xffffffff broadcast 192.168.216.196
media: Ethernet 10Gbase-T <full-duplex>
status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
groups: lo
lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
inet 127.0.1.1 netmask 0xffffffff
groups: lo
pflog0: flags=141<UP,RUNNING,PROMISC> metric 0 mtu 33160
groups: pflog
Any ideas as to what I may have failed to do?
Can you please provide the output of "jls -v"? for all involved jails? Bye, Alexander. -- http://www.Leidinger.net alexan...@leidinger.net: PGP 0x8F31830F9F2772BF http://www.FreeBSD.org netch...@freebsd.org : PGP 0x8F31830F9F2772BF
pgpp_Gq6IESFJ.pgp
Description: Digitale PGP-Signatur
