Can't make requests using host's alias IP address

[patmaddox]

(I had originally asked about jails, but no longer think it's a jail issue. I've moved the original info to the bottom of the post for context)

I am new to setting up jails and networking.

I have created a GCE instance with FreeBSD 13.0, and assigned a second private IP via the GCP console. The host recognizes both IPs automatically:

# ifconfig
vtnet0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1460
    options=4c07bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,LRO,VLAN_HWTSO,LINKSTATE,TXCSUM_IPV6>
    ether 42:01:0a:8a:0f:d9
    inet6 fe80::4001:aff:fe8a:fd9%vtnet0 prefixlen 64 scopeid 0x1
    inet 10.138.15.217 netmask 0xffffffff broadcast 10.138.15.217
    inet 10.138.15.218 netmask 0xffffffff broadcast 10.138.15.218

I don't seem to be able to make network requests from the second IP:

$ ping -S 10.138.15.217 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 10.138.15.217: 56 data bytes
64 bytes from 8.8.8.8: icmp_seq=0 ttl=115 time=0.938 ms
64 bytes from 8.8.8.8: icmp_seq=1 ttl=115 time=1.010 ms
^C
--- 8.8.8.8 ping statistics ---
2 packets transmitted, 2 packets received, 0.0% packet loss

$ ping -S 10.138.15.218 8.8.8.8
PING 8.8.8.8 (8.8.8.8) from 10.138.15.218: 56 data bytes
^C
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 0 packets received, 100.0% packet loss

$ netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags     Netif Expire
default            10.138.0.1         UGS      vtnet0
10.138.0.1         link#1             UHS      vtnet0
10.138.15.217      link#1             UH       vtnet0
10.138.15.218      link#1             UH       vtnet0
127.0.0.1          link#2             UH          lo0

What do I need to do to get that second IP working?

---

(old post)

When I configure a jail to use the first IP, the networking works fine:

# iocage set ip4_addr=10.138.15.217 ts2
# iocage console ts2
root@ts2:~ # curl https://www.google.com # this succeeds

When I configure the jail to use the second IP, requests time out:

# iocage set ip4_addr=10.138.15.218 ts2
# iocage console ts2
root@ts2:~ # curl https://www.google.com # this times out
^C

Clearly I am misunderstanding something here. How can I bind the jail to the second IP address - and be able to make network requests?

 

[sidetone]

See if the IP alias for the jail can be set to one that's not already set on the host with the iocage command. On mine that's Bastille, I don't turn on the IP alias from the host system. It turns on when the jail is started.

Also, see if there's a jail.conf in the local directory for iocage of your jail. On other jail programs, IP aliases and interfaces can be set here.

After either of these, the jail needs to be restarted.