From owner-freebsd-jail@freebsd.org Mon Oct 23 11:59:06 2017 Return-Path: Delivered-To: freebsd-jail@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 9F557E49568 for ; Mon, 23 Oct 2017 11:59:06 +0000 (UTC) (envelope-from marko.cupac@mimar.rs) Received: from mail.mimar.rs (tazar.mimar.rs [193.53.106.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 597186DBAB for ; Mon, 23 Oct 2017 11:59:05 +0000 (UTC) (envelope-from marko.cupac@mimar.rs) Received: from tazar.mimar.rs (localhost [127.0.2.132]) by mail.mimar.rs (Postfix) with ESMTP id D52D2620C0B8; Mon, 23 Oct 2017 13:58:56 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mimar.rs; h= content-transfer-encoding:content-type:content-type:mime-version :x-mailer:organization:references:in-reply-to:message-id:subject :subject:from:from:date:date:received:received; s=mimar-0901; t= 1508759929; x=1510574330; bh=+qNFyvRPmggyA1795SwVIBzVk4CDohgUnLg EZNkZW8s=; b=2YEASjD3cBf8EPa7jI0WZVyZiiztid3a05Zxb85hNplmBwL2sFO kxbrJcTb/TCVYpfcinXwMdEyrCWl6kNPXOVdXlfLJQ+zWIpVtEecUYlQEUmj4yua 6UmEvZWAwvxbX/0386/ocPR3MAYfb2yA+LLTcOEDE0sPu/Xv4kxd/Nxc= X-Virus-Scanned: amavisd-new at mimar.rs Received: from mail.mimar.rs ([127.0.2.132]) by tazar.mimar.rs (amavis.mimar.rs [127.0.2.132]) (amavisd-new, port 10026) with LMTP id yscitK4BZQyt; Mon, 23 Oct 2017 13:58:49 +0200 (CEST) Received: from efreet-freebsd.kappastar.com (nat-nat.kappastar.com [193.53.106.34]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: marko.cupac) by mail.mimar.rs (Postfix) with ESMTPSA id A2996620C0B6; Mon, 23 Oct 2017 13:58:49 +0200 (CEST) Date: Mon, 23 Oct 2017 13:58:49 +0200 From: Marko =?UTF-8?B?Q3VwYcSH?= To: Andrew Hotlab Cc: "freebsd-jail@freebsd.org" Subject: Re: setfib (ez)jails and wierd routing Message-ID: <20171023135849.63832543@efreet-freebsd.kappastar.com> In-Reply-To: References: <20170929103258.2f912308@efreet-freebsd.kappastar.com> <20171016161844.7ddb1fe7@efreet-freebsd.kappastar.com> Organization: Mimar X-Mailer: Claws Mail 3.15.1 (GTK+ 2.24.31; amd64-portbld-freebsd11.1) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 23 Oct 2017 11:59:06 -0000 On Tue, 17 Oct 2017 15:17:16 +0000 Andrew Hotlab wrote: > root@BSD11:~ # cat /etc/jail.conf=20 > exec.start =3D "/bin/sh /etc/rc"; > exec.stop =3D "/bin/sh /etc/rc.shutdown"; > exec.clean; > mount.devfs; > jtest01 { > host.hostname =3D "jtest01.test.lab"; > path =3D /usr/jails/jtest01; > ip4.addr =3D "em0|172.21.10.101/32"; > persist; > allow.raw_sockets; > exec.fib =3D "1"; > } Andrew, do you have the ability to remove allow.raw_sockets line from jtest01 jail and try to ping it while tcpdumping icmp on em1? You should see reply packets leaving em1. Thank you in advance. --=20 Before enlightenment - chop wood, draw water. After enlightenment - chop wood, draw water. Marko Cupa=C4=87 https://www.mimar.rs/