From owner-freebsd-jail@FreeBSD.ORG Mon Jun 18 11:07:51 2012 Return-Path: Delivered-To: freebsd-jail@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id C5205106564A for ; Mon, 18 Jun 2012 11:07:51 +0000 (UTC) (envelope-from owner-bugmaster@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id B00D08FC1D for ; Mon, 18 Jun 2012 11:07:51 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q5IB7pKf008030 for ; Mon, 18 Jun 2012 11:07:51 GMT (envelope-from owner-bugmaster@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q5IB7pW3008028 for freebsd-jail@FreeBSD.org; Mon, 18 Jun 2012 11:07:51 GMT (envelope-from owner-bugmaster@FreeBSD.org) Date: Mon, 18 Jun 2012 11:07:51 GMT Message-Id: <201206181107.q5IB7pW3008028@freefall.freebsd.org> X-Authentication-Warning: freefall.freebsd.org: gnats set sender to owner-bugmaster@FreeBSD.org using -f From: FreeBSD bugmaster To: freebsd-jail@FreeBSD.org Cc: Subject: Current problem reports assigned to freebsd-jail@FreeBSD.org X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2012 11:07:51 -0000 Note: to view an individual PR, use: http://www.freebsd.org/cgi/query-pr.cgi?pr=(number). The following is a listing of current problems submitted by FreeBSD users. These represent problem reports covering all versions including experimental development code and obsolete releases. S Tracker Resp. Description -------------------------------------------------------------------------------- o bin/167911 jail new jail(8) problem with removal, ifconfg -alias and k o kern/159918 jail [jail] inter-jail communication failure o kern/156111 jail [jail] procstat -b not supported in jail o misc/155765 jail [patch] `buildworld' does not honors WITHOUT_JAIL o conf/154246 jail [jail] [patch] Bad symlink created if devfs mount poin o conf/149050 jail [jail] rcorder ``nojail'' too coarse for Jail+VNET s conf/142972 jail [jail] [patch] Support JAILv2 and vnet in rc.d/jail o conf/141317 jail [patch] uncorrect jail stop in /etc/rc.d/jail o kern/133265 jail [jail] is there a solution how to run nfs client in ja o kern/119842 jail [smbfs] [jail] "Bad address" with smbfs inside a jail o bin/99566 jail [jail] [patch] fstat(1) according to specified jid o bin/32828 jail [jail] w(1) incorrectly handles stale utmp slots with 12 problems total. From owner-freebsd-jail@FreeBSD.ORG Mon Jun 18 14:20:26 2012 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id C80221065670; Mon, 18 Jun 2012 14:20:26 +0000 (UTC) (envelope-from gavin@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 9AE8F8FC14; Mon, 18 Jun 2012 14:20:26 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q5IEKQG0095925; Mon, 18 Jun 2012 14:20:26 GMT (envelope-from gavin@freefall.freebsd.org) Received: (from gavin@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q5IEKQ3t095916; Mon, 18 Jun 2012 14:20:26 GMT (envelope-from gavin) Date: Mon, 18 Jun 2012 14:20:26 GMT Message-Id: <201206181420.q5IEKQ3t095916@freefall.freebsd.org> To: gavin@FreeBSD.org, freebsd-bugs@FreeBSD.org, freebsd-jail@FreeBSD.org From: gavin@FreeBSD.org Cc: Subject: Re: kern/168678: [jail] raw sockets incorrectly choose source address when jail has multiple subnets X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 18 Jun 2012 14:20:26 -0000 Old Synopsis: Jails incorrectly choose source address New Synopsis: [jail] raw sockets incorrectly choose source address when jail has multiple subnets Responsible-Changed-From-To: freebsd-bugs->freebsd-jail Responsible-Changed-By: gavin Responsible-Changed-When: Mon Jun 18 14:16:53 UTC 2012 Responsible-Changed-Why: Fix assignment per submitter request http://www.freebsd.org/cgi/query-pr.cgi?pr=168678 From owner-freebsd-jail@FreeBSD.ORG Tue Jun 19 08:56:46 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 742D01065673; Tue, 19 Jun 2012 08:56:46 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mail-ob0-f182.google.com (mail-ob0-f182.google.com [209.85.214.182]) by mx1.freebsd.org (Postfix) with ESMTP id 140AD8FC16; Tue, 19 Jun 2012 08:56:46 +0000 (UTC) Received: by obcni5 with SMTP id ni5so12417855obc.13 for ; Tue, 19 Jun 2012 01:56:45 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=9X8lTk8gfETGERa824kwI1C1bfgbD0dUC1NDJpPyB6I=; b=0B6NAG9yTyxj+Bm3YhOEYsUFiDe2hVUl8COP9LZruJGKUklI8wdqT4f0YABvORG+f/ 88Y7NypVOfGyVQJRswGFDF6reefpD0J5TLi1UA/8G3qwqGvdGmYspM9rZ3JoOLMIieNs L5OW4rN4bQESQ5UOBVAQbDNiHT0dRJGfB217yh2KjGuuT3b9mBk0fx8aIBR8q+uuwEBy e2XwxNWA8x4oDlobCw869DNJng4f/zynU058Vbf1u4UEJCFOs4BdhoZSyT7gGkaFzLK7 /JR0ycsCqzMiYym0YrwA/yGTQsqcds++TobIa+HU/k5OHyLXxqBijugswJ0P7aS+ia77 fDlA== MIME-Version: 1.0 Received: by 10.182.47.105 with SMTP id c9mr19261603obn.49.1340096205682; Tue, 19 Jun 2012 01:56:45 -0700 (PDT) Received: by 10.182.44.101 with HTTP; Tue, 19 Jun 2012 01:56:45 -0700 (PDT) Date: Tue, 19 Jun 2012 11:56:45 +0300 Message-ID: From: Sami Halabi To: freebsd-jail@freebsd.org, bz@freebsd.org, freebsd-ipfw@freebsd.org, freebsd-pf@freebsd.org Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: Subject: VNET X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2012 08:56:46 -0000 Hi, I want to ask aout VNET jails, i read somehwre that I'm able to run IPFW, but not PF firewall in a cnet jail. is that correct? i want a vnet jail basicly for nat, so natd with ipfw + ipdivert is my choice? or i can use pf somehow, I never used pf before, so i would like some advise here... Thanks in advance, -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert From owner-freebsd-jail@FreeBSD.ORG Tue Jun 19 12:35:47 2012 Return-Path: Delivered-To: freebsd-jail@hub.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 73A33106566B; Tue, 19 Jun 2012 12:35:47 +0000 (UTC) (envelope-from bz@FreeBSD.org) Received: from freefall.freebsd.org (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx1.freebsd.org (Postfix) with ESMTP id 478678FC16; Tue, 19 Jun 2012 12:35:47 +0000 (UTC) Received: from freefall.freebsd.org (localhost [127.0.0.1]) by freefall.freebsd.org (8.14.5/8.14.5) with ESMTP id q5JCZlS1092401; Tue, 19 Jun 2012 12:35:47 GMT (envelope-from bz@freefall.freebsd.org) Received: (from bz@localhost) by freefall.freebsd.org (8.14.5/8.14.5/Submit) id q5JCZl5V092397; Tue, 19 Jun 2012 12:35:47 GMT (envelope-from bz) Date: Tue, 19 Jun 2012 12:35:47 GMT Message-Id: <201206191235.q5JCZl5V092397@freefall.freebsd.org> To: bz@FreeBSD.org, freebsd-jail@FreeBSD.org, bz@FreeBSD.org From: bz@FreeBSD.org Cc: Subject: Re: kern/168678: [jail] raw sockets incorrectly choose source address when jail has multiple subnets X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 19 Jun 2012 12:35:47 -0000 Synopsis: [jail] raw sockets incorrectly choose source address when jail has multiple subnets Responsible-Changed-From-To: freebsd-jail->bz Responsible-Changed-By: bz Responsible-Changed-When: Tue Jun 19 12:33:35 UTC 2012 Responsible-Changed-Why: bz feels the bugs. The ping patch has been living in my browser window for weeks now; I should get the kernel fix done as well. http://people.freebsd.org/~bz/20120407-01-ping-source-addr.diff The problem is described here: http://svnweb.freebsd.org/base/head/sys/netinet/raw_ip.c?annotate=229265#l461 http://www.freebsd.org/cgi/query-pr.cgi?pr=168678 From owner-freebsd-jail@FreeBSD.ORG Wed Jun 20 14:46:44 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx2.freebsd.org (mx2.freebsd.org [IPv6:2001:4f8:fff6::35]) by hub.freebsd.org (Postfix) with ESMTP id 45FCA106566B; Wed, 20 Jun 2012 14:46:44 +0000 (UTC) (envelope-from melifaro@FreeBSD.org) Received: from dhcp170-36-red.yandex.net (freefall.freebsd.org [IPv6:2001:4f8:fff6::28]) by mx2.freebsd.org (Postfix) with ESMTP id 47197B295A; Wed, 20 Jun 2012 14:43:23 +0000 (UTC) Message-ID: <4FE1E175.4060005@FreeBSD.org> Date: Wed, 20 Jun 2012 18:43:01 +0400 From: "Alexander V. Chernikov" User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:12.0) Gecko/20120511 Thunderbird/12.0.1 MIME-Version: 1.0 To: Sami Halabi References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Cc: freebsd-ipfw@freebsd.org, bz@freebsd.org, freebsd-jail@freebsd.org, freebsd-pf@freebsd.org Subject: Re: VNET X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jun 2012 14:46:44 -0000 On 19.06.2012 12:56, Sami Halabi wrote: > Hi, > > I want to ask aout VNET jails, i read somehwre that I'm able to run IPFW, > but not PF firewall in a cnet jail. > is that correct? > > i want a vnet jail basicly for nat, so natd with ipfw + ipdivert is my 1) You can do nat without vnet. 2) ipfw nat is currently the easiest way to do nat. > choice? or i can use pf somehow, I never used pf before, > so i would like some advise here... > > Thanks in advance, > -- WBR, Alexander From owner-freebsd-jail@FreeBSD.ORG Wed Jun 20 17:51:28 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4DC001065747; Wed, 20 Jun 2012 17:51:28 +0000 (UTC) (envelope-from sodynet1@gmail.com) Received: from mail-yx0-f182.google.com (mail-yx0-f182.google.com [209.85.213.182]) by mx1.freebsd.org (Postfix) with ESMTP id 9AD628FC12; Wed, 20 Jun 2012 17:51:27 +0000 (UTC) Received: by yenl8 with SMTP id l8so7018352yen.13 for ; Wed, 20 Jun 2012 10:51:27 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=1Qbyx4a9apwgjwYMpP1el6H/cEoQk1RTv/I3MP2pVXM=; b=lb/INqYkpRREYLJG3+BcMafjA9adnEVg3PXrIO8QLCkR0pKbd26xphTJomiT8H41gP V0pFnGhwN09U7ixMqCIHtfntb+h3WViwhcwJR3CdpuyHukje3GTWVSQj9aNCTKqtAt5W S6YCwlW3hFDZ5Euy74c7LPCEcnNcM5fSKTLReM/kiN2m8aczyKGpe4+s6m/n5eZ4HNpW mnApAzFu78NHnURndnhbtgtA9EFFCkpUWFukPrW/IAehQcxmFE1rPVxkf7ZnX+CXgC9l 0KPAzoNgmv7IBWUEI9E6G3sTAZSocXAVHqxolgtN4TURlrBLUMIOniQyGLj8knW65jJC ntTw== MIME-Version: 1.0 Received: by 10.60.19.196 with SMTP id h4mr24360008oee.56.1340214686779; Wed, 20 Jun 2012 10:51:26 -0700 (PDT) Received: by 10.182.44.101 with HTTP; Wed, 20 Jun 2012 10:51:26 -0700 (PDT) In-Reply-To: <4FE1E175.4060005@FreeBSD.org> References: <4FE1E175.4060005@FreeBSD.org> Date: Wed, 20 Jun 2012 20:51:26 +0300 Message-ID: From: Sami Halabi To: "Alexander V. Chernikov" Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-ipfw@freebsd.org, bz@freebsd.org, freebsd-jail@freebsd.org, freebsd-pf@freebsd.org Subject: Re: VNET X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 20 Jun 2012 17:51:28 -0000 Thank you. I want to use vnet jail for a specific subnet that I need to seperate from the system. so basicly i create a vlan + a bridged interface to the public. these two (vlan+bridged interface- epair0a) will in in the vnet jail, so I can do NAT only for that vlan going out. This is the idea, as there are more interfaces in the system and there is only one interface out... so basicly it should be a firewall & Nat only between the specific lan and the outside world. Can this be accomplished otherway? Sami On Wed, Jun 20, 2012 at 5:43 PM, Alexander V. Chernikov < melifaro@freebsd.org> wrote: > On 19.06.2012 12:56, Sami Halabi wrote: > >> Hi, >> >> I want to ask aout VNET jails, i read somehwre that I'm able to run IPFW, >> but not PF firewall in a cnet jail. >> is that correct? >> >> i want a vnet jail basicly for nat, so natd with ipfw + ipdivert is my >> > 1) You can do nat without vnet. > 2) ipfw nat is currently the easiest way to do nat. > > > choice? or i can use pf somehow, I never used pf before, >> so i would like some advise here... >> >> Thanks in advance, >> >> > > -- > WBR, Alexander > -- Sami Halabi Information Systems Engineer NMS Projects Expert FreeBSD SysAdmin Expert From owner-freebsd-jail@FreeBSD.ORG Thu Jun 21 15:03:12 2012 Return-Path: Delivered-To: freebsd-jail@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 805111065670 for ; Thu, 21 Jun 2012 15:03:12 +0000 (UTC) (envelope-from anders.hagman@netplex.se) Received: from smtp-out11.han.skanova.net (smtp-out11.han.skanova.net [195.67.226.200]) by mx1.freebsd.org (Postfix) with ESMTP id 11D848FC1D for ; Thu, 21 Jun 2012 15:03:11 +0000 (UTC) Received: from macen.halleforshunden.org (31.210.252.116) by smtp-out11.han.skanova.net (8.5.133) (authenticated as u48002568) id 4FA80EAF00FF8342 for freebsd-jail@freebsd.org; Thu, 21 Jun 2012 17:02:31 +0200 Content-Type: text/plain; charset=windows-1252 Mime-Version: 1.0 (Apple Message framework v1278) From: Anders Hagman In-Reply-To: Date: Thu, 21 Jun 2012 17:02:30 +0200 Content-Transfer-Encoding: quoted-printable Message-Id: <1CB97103-00FC-4B8A-BF82-519F39DA3DC1@netplex.se> References: <4FE1E175.4060005@FreeBSD.org> To: freebsd-jail@freebsd.org X-Mailer: Apple Mail (2.1278) Subject: Re: VNET X-BeenThere: freebsd-jail@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: "Discussion about FreeBSD jail\(8\)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Jun 2012 15:03:12 -0000 Hi 20 jun 2012 kl. 19:51 skrev Sami Halabi: > Thank you. >=20 > I want to use vnet jail for a specific subnet that I need to seperate = from > the system. If you want total separation from the main system you need vnet jail to = be able to have a separate routing table and default gateway. > so basicly i create a vlan + a bridged interface to the public. You don't need to create a bridge, just create a vlan interface and move = it to the jail. > these two (vlan+bridged interface- epair0a) will in in the vnet jail, = so I > can do NAT only for that vlan going out. > This is the idea, as there are more interfaces in the system and there = is > only one interface out=85 I do this to be able to use the same hardware for inside server and DMZ = server. Have been working for two month without any problem. >=20 > so basicly it should be a firewall & Nat only between the specific lan = and > the outside world. >=20 > Can this be accomplished otherway? >=20 > Sami >=20 > On Wed, Jun 20, 2012 at 5:43 PM, Alexander V. Chernikov < > melifaro@freebsd.org> wrote: >=20 >> On 19.06.2012 12:56, Sami Halabi wrote: >>=20 >>> Hi, >>>=20 >>> I want to ask aout VNET jails, i read somehwre that I'm able to run = IPFW, >>> but not PF firewall in a cnet jail. >>> is that correct? >>>=20 >>> i want a vnet jail basicly for nat, so natd with ipfw + ipdivert is = my >>>=20 >> 1) You can do nat without vnet. >> 2) ipfw nat is currently the easiest way to do nat. >>=20 >>=20 >> choice? or i can use pf somehow, I never used pf before, >>> so i would like some advise here... >>>=20 >>> Thanks in advance, >>>=20 >>>=20 >>=20 >> -- >> WBR, Alexander >>=20 >=20 >=20 >=20 > --=20 > Sami Halabi > Information Systems Engineer > NMS Projects Expert > FreeBSD SysAdmin Expert > _______________________________________________ > freebsd-jail@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-jail > To unsubscribe, send any mail to = "freebsd-jail-unsubscribe@freebsd.org"