Hello, with 8.2 I could "ssh IPofTheJail" inside the jail and got connected to the sshd in the corresponding jail. Same with "ssh localhost". With 9.1, it's not possible anymore. I have assigned a different FIB to my jail in both cases. The picture is different for IPv6. "ping6 IPofTheJail" does work! I have more oddities I wanted to check with jails and lagg-interfaces together with VLANs, but I have no idea why I can't connect from one jail to it's own IP(v4) anymore! Was there any special security-extension added after 8.2? Thanks, -Harry -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 196 bytes Desc: OpenPGP digital signature URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20121219/a4713c0b/attachment.sig>
Harald Schmalzbauer
2012-Dec-19 11:56 UTC
FIB and jail regression [Was: can't reach jails own ipv4 from inside anymore]
schrieb Harald Schmalzbauer am 19.12.2012 12:19 (localtime):> Hello, > > with 8.2 I could "ssh IPofTheJail" inside the jail and got connected to > the sshd in the corresponding jail. Same with "ssh localhost". > > With 9.1, it's not possible anymore. > I have assigned a different FIB to my jail in both cases. > > The picture is different for IPv6. "ping6 IPofTheJail" does work! > > I have more oddities I wanted to check with jails and lagg-interfaces > together with VLANs, but I have no idea why I can't connect from one > jail to it's own IP(v4) anymore!Found out that defining a different FIB causes that behaviour in 9.1. But using a different FIB doesn't caus the same in 8.2! Can anybody tell me what has changed regarding FIBs after 8.2? Thanks, -Harry -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 196 bytes Desc: OpenPGP digital signature URL: <http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20121219/fba2e9d3/attachment.sig>