Networking – Unable to Access the Internet or the Default Ping Gateway From a FreeBSD Prison 12

I'm new to FreeBSD Prisons, everything (like ssh in jail from any network host) is working fine, except that I can not access the Internet gateway or ping by default from a FreeBSD 12 jail, help me to solve this problem

my configuration as follows

  • a laptop running Ubuntu 16.04.4 / Kernel 4.15.0-29-generic (172.20.0.2) is a 4G router connector (172.20.0.1) via wlan0

  • VirtualBox version 5.2.16 r123759 installed on the system

  • FreeBSD 12 runs on VirtualBox with an adapter bridged to wlan0
  • a prison under FreeBSD 12

diagram:

+ ------------------------------- +
| E5172Bs-925 4G router |
| |
+ ------------------------------- +
| 172.20.0.1
|
|
|
|
|
wlan0 | 172.20.0.2 gw: 172.20.0.1 Ubuntu 16.04.4 / Kernel 4.15.0-29-generic
+ ------------------------------------------------- ---- ---------- +
| | |
| | |
| | |
| FreeBSD 12 | 172.20.0.41 (connected to the bridge adapter) |
| + ----------- + gw: 172.20.0.1 --- + --------------- + |
| | | | |
| | | | |
| | | | |
| | + --------------------------- + -------- + | |
| | | prison: 172.20.0.110 | | |
| | | gw: 172.20.0.1 | | |
| | | | | |
| | | | | |
| | | | | |
| | | | | |
| | + ------------------------------------ + | |
| | | |
| + ------------------------------------------------- + |
+ ------------------------------------------------- ---- ---------- +

my jail.conf file (obtained from /usr/share/examples/jails/jail.xxx.conf)

rsnapshot {
host.hostname = "rsnapshot"; #hostname
path = "/ jails / rsnapshot"; # root directory

exec.clean;
exec.system_user = "root";
exec.jail_user = "root";

#
# NB: Less than 4 lines required
#
vnet;
# netgraph
# vnet.interface = "ng0_rsnapshot"; # vnet interface (s)
# exec.prestart + = "jng bridge rsnapshot em0"; # bridge interface (s)
# exec.poststop + = "jng shutdown rsnapshot"; # destroyed interface (s)
# if_bridge
vnet.interface = "e0b_rsnapshot"; # vnet interface (s)
exec.prestart + = "jib addm rsnapshot em0"; # bridge interface (s)
exec.poststop + = "jib destroy rsnapshot"; # destroyed interface (s)

# Standard recipe
exec.start + = "/ bin / sh / etc / rc";
exec.stop = "/ bin / sh /etc/rc.shutdown";
exec.consolelog = "/var/log/jail_rsnapshot_console.log";
mount.devfs; # mount devfs

# Optional (disabled by default)
#devfs_ruleset = "11"; # rule to display bpf for DHCP
# allow.mount; # mount /etc/fstab.rsnapshot
# allow.set_hostname = 1; # Allow the host name to change
# allow.sysvipc = 1; # Allow SysV Interprocess Comm.

}

ifconfig host

                em0: flags = 8943 metric 0 mtu 1500
options = 810099
    Ether 08: 00: 27: 9b: b8: c4
inet 172.20.0.41 network mask 0xffffff00 broadcast 172.20.0.255
support: Automatic Ethernet selection (1000baseT )
status: active
nd6 options = 29
lo0: flags = 8049 metric 0 mtu 16384
options = 680003
    inet6 :: 1 prefixlen 128
inet6 fe80 :: 1% lo0 prefixlen 64 scopeid 0x2
inet network mask 127.0.0.1 0xff000000
groups: lo
nd6 options = 21
em0bridge: flags = 8843 metric 0 mtu 1500
ether 02: d7: f0: 96: d8: 00
id 00: 00: 00: 00: 00: 00 priority 32768 hellotime 2 fwddelay 15
maxage 20 holdings 6 proto rstp maxaddr 2000 timeout 1200
root identifier 00: 00: 00: 00: 00: 00 priority 32768 ifcost 0 port 0
member: e0a_rsnapshot flags = 143
            ifmaxaddr 0 port 4 priority 128 path cost 2000
member: em0 flags = 143
            ifmaxaddr 0 port 1 priority 128 path cost 20000
groups: bridge
nd6 options = 1
e0a_rsnapshot: flags = 8943 metric 0 mtu 1500
options = 8
    ether 02: f8: e0: 9b: b8: c4
hour 02: 70: c5: 28: c6: 0a
groups: epair
Support: 10Gbase-T Ethernet (10Gbase-T) )
status: active
nd6 options = 29

ifconfig from prison

                lo0: flags = 8049 metric 0 mtu 16384
options = 680003
    inet6 :: 1 prefixlen 128
inet6 fe80 :: 1% lo0 prefixlen 64 scopeid 0x1
inet network mask 127.0.0.1 0xff000000
groups: lo
nd6 options = 21
e0b_rsnapshot: flags = 8843 metric 0 mtu 1500
options = 8
    ether 0e: f8: e0: 9b: b8: c4
02: 70: c5: 28: c6: 0b
inet 172.20.0.110 network mask 0xffffff00 broadcast 172.20.0.255
groups: epair
Support: 10Gbase-T Ethernet (10Gbase-T) )
status: active
nd6 options = 29

I can ping any host on my network from prison, but not by default or outside

tcpdump of wlan0 from my laptop shows as below, I can see the ICMP echo request but no response

                11: 03: 40.748008 IP (tos 0x0, ttl 64, id 52840, offset 0, flags) [none]proto ICMP (1), length 84)
172.20.0.110> 172.20.0.1: ICMP echo request, id 45323, seq 0, length 64
11: 03: 40.775639 ARP, Ethernet (len 6), IPv4 (len 4), request which has 172.20.0.110, say 172.20.0.1, length 28
11: 03: 40.776034 ARP, Ethernet (len 6), IPv4 (len 4), answer 172.20.0.110 is-at 0e: f8: e0: 9b: b8: c4, length of 28

If I ping my prison laptop,

    11: 31: 15.625571 IP (tos 0x0, ttl 64, id 52842, offset 0, flags) [none]proto ICMP (1), length 84)
172.20.0.110> 172.20.0.2: ICMP Echo Request, id 6668, seq 0, length 64
11: 31: 15.625629 IP (tos 0x0, ttl 64, id 2336, offset 0, flags) [none]proto ICMP (1), length 84)
172.20.0.2> 172.20.0.110: ICMP echo response, id 6668, seq 0, length 64

netstat -rn in prison

root @ freebsdjail1: / # netstat -rn
Routing tables

L & # 39; Internet:
Destination Netif Expire Bridge Flags
default 172.20.0.1 UGS e0b_rsna
127.0.0.1 link no. 1 UH lo0
172.20.0.0/24 link # 2 U e0b_rsna
172.20.0.110 link # 2 UHS lo0

Internet6:
Destination Netif Expire Bridge Flags
:: / 96 :: 1 UGRS lo0
:: 1 link # 1 UH lo0
:: ffff: 0.0.0.0/96 :: 1 UGRS lo0
fe80 :: / 10 :: 1 UGRS lo0
fe80 ::% lo0 / 64 link # 1 U lo0
fe80 :: 1% lo0 link # 1 UHS lo0
ff02 :: / 16 :: 1 UGRS lo0