Shared IP jail and VNET jail cannot talk together through bridge

From: DaLynX <d_at_l.ynx.fr>
Date: Mon, 14 Oct 2024 14:47:04 UTC
Hello, 

I am running into a strange network issue with jails on one host and cannot figure out what I did wrong.

I have two jails:
- 104 is a shared IP jail (classic) with an alias on the host's em0
- 115 is a vnet jail with interface vnet0.192

There is a bridge0 bridge with em0 and vnet0.192 as members

I cannot have the two jails talk together.
More precisely, 115 -> 104 works, but not 104 -> 115.
I did tests with netcat and tcpdump on the host's bridge0.
I can see SYN packets from 104 getting sent repeatedly but no response.
If I initiate from 115, I cannot see the initiation packet (??) but I can see the SYN+ACK coming in repeatedly from 104 too.

Any idea what's wrong and how to fix it?

Kind regards, 
DaLynX