https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268717
--- Comment #2 from d...@rabson.org ---
Created attachment 239234
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=239234&action=edit
second test scenario showing redirect failing if both ends are on the same
bridge
--
You are rec
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268717
--- Comment #3 from d...@rabson.org ---
Further testing show more strangeness. If I add a second vnet jail on the same
bridge and attempt the telnet that should redirect, it also fails. The rule
matches when the host receives the SYN and is
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268717
--- Comment #4 from d...@rabson.org ---
The second scenario with two vnet jails on the same bridge is possibly the
bridge 'helping' by delivering the SYN+ACK reply directly, without allowing PF
to re-write. Adding debug printfs to pf seems t
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=268717
--- Comment #5 from d...@rabson.org ---
Turns out I was missing 'sysctl net.link.bridge.pfil_member=1' for the two
jails redirecting via a bridge scenario so ignore that part. Adding this
doesn't affect the original scenario with the host or
