Date: Sun, 29 Dec 2013 00:16:12 +0000 From: Nikolay Denev <nike_d@cytexbg.com> To: Andrew Klaus <andrewklaus@gmail.com> Cc: "freebsd-net@freebsd.org" <freebsd-net@freebsd.org> Subject: Re: Issues putting jails on their own subnet Message-ID: <CA%2BP_MZEg2XhghMiM7TNyev2_5KsNG6iGyR6y0zbxSdiBznCpGw@mail.gmail.com> In-Reply-To: <CAKA4ij9FLJA7Un8gA-Jv17Xfi9DG7Xi0qMKRwK3vUedvXKxngA@mail.gmail.com> References: <CAKA4ij9FLJA7Un8gA-Jv17Xfi9DG7Xi0qMKRwK3vUedvXKxngA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi Andrew, Actually you should be able to override this routing entry by just deleting it, or you can also check if "net.add_addr_allfibs" sysctl can help you. --Nikolay On Sat, Dec 28, 2013 at 10:05 PM, Andrew Klaus <andrewklaus@gmail.com>wrote: > Hello, > > I'm trying to segregate some of my jails onto their own (DMZ) subnet. > > Internal subnet: 10.0.3.0/24 > DMZ subnet: 10.0.4.0/24 > > Both of these subnets are on my FreeBSD host, but I'm using a second > routing table for my DMZ jails as seen here: > > --------------- > setfib 1 netstat -rn > Routing tables > > Internet: > Destination Gateway Flags Refs Use Netif Expire > default 10.0.4.1 UGS 0 2393945 vlan4 > 10.0.3.0/24 link#12 U 0 0 vlan3 > ---------------- > > The problem I'm facing, is when I try to connect to the DMZ'd jail from the > 10.0.3.0 network, traffic comes in on vlan4 like it's supposed to, but > replies back through on the vlan3 interface. I guess this makes sense, > because of that second route entry (that I can't override). > > I've tried using PF to force the packets back through to 10.0.4.1, but it > doesn't seem to want to work. Is the only other way to use the > experimental vnet/vimage? > > Any ideas would be helpful. > > Thanks, > > Andrew > _______________________________________________ > freebsd-net@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-net > To unsubscribe, send any mail to "freebsd-net-unsubscribe@freebsd.org" >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CA%2BP_MZEg2XhghMiM7TNyev2_5KsNG6iGyR6y0zbxSdiBznCpGw>