Hi all, I'm trying to deploy our "proServer" setup inside a VM that is unfortunately not controlled by us.
Problem is that I can connect to and ping the host (i.e. FreeBSD running in the hypervisor VM), but network connectivity to a jail using VIMAGE and a bridged interface with iocage is enervatingly flaky without a clearly visible pattern - at least to me. The VMware port group has forged transmits, MAC address changes and promiscuous mode in the guest allowed, of course. Symtoms are: * Jail booted - not reachable from the outside * Iocage console into the jail, ping system at some remote location - works * While that ping is running, connections from the outside *somewhat* work * Up to the point where you can SSH into the jail, but then suddenly packets are dropped again The admin of the central (Cisco ASA) firewall at the remote site was so cooperative as to open my host (VM) and the jail transparently and disable (so he said) all IDS/IPS/deep-whatever functions for my two target addresses. I suspect problems with ARP (all IPv4 over there :-/), but I can only tcpdump inside my VM, no access to a packet trace on the wire. We have that very same setup running in VMware in various environments. Some even maintained by someone else just like in this case. This is the first one not "just working". VMware multipathing getting in the way? I think I know my way around these issues quite well, so I'm rather puzzled now, and I start to think I'm missing something "too obvious". Has anybody ever seen a problem like this? I'm simply running out of ideas at the moment ... Thanks, Patrick -- punkt.de GmbH Internet - Dienstleistungen - Beratung Kaiserallee 13a Tel.: 0721 9109-0 Fax: -100 76133 Karlsruhe i...@punkt.de http://punkt.de AG Mannheim 108285 Gf: Juergen Egeling _______________________________________________ freebsd-net@freebsd.org mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-net To unsubscribe, send any mail to "freebsd-net-unsubscr...@freebsd.org"
