From owner-freebsd-jail@FreeBSD.ORG  Tue Dec 16 17:35:30 2014
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org
 [IPv6:2001:1900:2254:206a::19:1])
 (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
 (No client certificate requested)
 by hub.freebsd.org (Postfix) with ESMTPS id EC6EAD69
 for <freebsd-jail@freebsd.org>; Tue, 16 Dec 2014 17:35:29 +0000 (UTC)
Received: from mail-ig0-x22e.google.com (mail-ig0-x22e.google.com
 [IPv6:2607:f8b0:4001:c05::22e])
 (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits))
 (Client CN "smtp.gmail.com",
 Issuer "Google Internet Authority G2" (verified OK))
 by mx1.freebsd.org (Postfix) with ESMTPS id B5926100
 for <freebsd-jail@freebsd.org>; Tue, 16 Dec 2014 17:35:29 +0000 (UTC)
Received: by mail-ig0-f174.google.com with SMTP id hn15so7284284igb.1
 for <freebsd-jail@freebsd.org>; Tue, 16 Dec 2014 09:35:29 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=mime-version:from:date:message-id:subject:to:content-type;
 bh=MNJ0z9dsbJsnnPL8DwmHRSlzVqI0Q/rY4vWfLIEbP3Q=;
 b=in1rRw64XCJtyAEalUs6bWxnYRBui/eb0lc/l/wl922HPqJJt6LuKDSdLNgl49hAL9
 FS5qMgmSURB2ycrrxrEwq1QQPNGYtz5TNlwVdis5L6j5e6FYIcqCpJo2RE88cOFwBHIX
 iTOfZoKlgB0aaDzZhSdeHecyfEBMyEJOVasD9B44PayxlMx3T6fFLEflSKoxfVti9pOR
 ocFxd9DjRvApBBGt47elP4vXu8ytAqwqI/cyihW3v3fuTh3Wi7kIxtdFOxw7hJX1uV7Z
 0uAOpvSO3wBehC4a5+/D21BvsDCe4Cn7GXerUaEppMFLr7L7CcwiMJdllVpawphEnBFT
 X+Sg==
X-Received: by 10.43.142.13 with SMTP id jg13mr32989735icc.93.1418751329057;
 Tue, 16 Dec 2014 09:35:29 -0800 (PST)
MIME-Version: 1.0
Received: by 10.50.252.39 with HTTP; Tue, 16 Dec 2014 09:35:08 -0800 (PST)
From: Alexander Lunev <sol289@gmail.com>
Date: Tue, 16 Dec 2014 20:35:08 +0300
Message-ID: <CABk4_A61y1m8hXXkOPEKSbzf74j64MNtYhfV59enVuJfPwQApQ@mail.gmail.com>
Subject: only lo0 interface inside jail, no default gw
To: freebsd-jail@freebsd.org
Content-Type: text/plain; charset=UTF-8
X-Content-Filtered-By: Mailman/MimeDel 2.1.18-1
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail/>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
 <mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 16 Dec 2014 17:35:30 -0000

Hello everyone.

I'm trying to build jail environment on a new server with 10.1-R. I've did
that before on 9.2-R, but now i'm stuck with strange network problem: no
matter how i configure jail (old way through rc.conf jail_* variables or
via /etc/jail.conf), i don't see default gateway in jail's routing table.
At first i started with more complex config using separate fib for jail,
but it's not working even without fibs (or in fib 0). So, here's what i
have in the host system:

# netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags      Netif Expire
default            10.1.1.1           UGS       em0.4
10.1.1.0/24        link#4             U         em0.4
10.1.1.205         link#4             UHS         lo0
10.1.1.206         link#4             UHS         lo0
127.0.0.1          link#3             UH          lo0
127.0.0.2          link#3             UH          lo0

# ifconfig
em0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500

options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
        ether 00:30:48:c1:e1:b4
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x3
        inet 127.0.0.1 netmask 0xff000000
        inet 127.0.0.2 netmask 0xff000000
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
em0.4: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=103<RXCSUM,TXCSUM,TSO4>
        ether 00:30:48:c1:e1:b4
        inet 10.1.1.205 netmask 0xffffff00 broadcast 10.1.1.255
        inet 10.1.1.206 netmask 0xffffff00 broadcast 10.1.1.255
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        media: Ethernet autoselect (1000baseT <full-duplex>)
        status: active
        vlan: 4 parent interface: em0

I can ping internet from a host via gateway 10.1.1.1

And here's what i have in jail:

====== BOF /etc/jail.conf =========
exec.start = "/bin/sh /etc/rc";
exec.stop = "/bin/sh /etc/rc.shutdown";
mount.devfs;
allow.raw_sockets;
path = "/usr/jails/$name";

template {
    jid = 1;
    ip4.addr = "em0.4|10.1.1.206/24";
    ip4.addr += "lo0|127.0.0.2/8";
    host.hostname = template;
}
====== EOF /etc/jail.conf =========

# jexec 1 netstat -rn
Routing tables

Internet:
Destination        Gateway            Flags      Netif Expire
10.1.1.206         link#4             UHS         lo0
127.0.0.2          link#3             UH          lo0

I can ping gateway from jail

# jexec 1 ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1): 56 data bytes
64 bytes from 10.1.1.1: icmp_seq=0 ttl=64 time=0.366 ms
^C

But not the Internet or anything via routing.

I have no default gateway in jail - why? What have i missed in this new
jail implementation since 9.2-R?

-- 
your sweet isn't ready yet