From owner-freebsd-jail@FreeBSD.ORG  Thu Apr 30 17:31:33 2009
Return-Path: <owner-freebsd-jail@FreeBSD.ORG>
Delivered-To: freebsd-jail@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 2DE19106566B
	for <freebsd-jail@freebsd.org>; Thu, 30 Apr 2009 17:31:33 +0000 (UTC)
	(envelope-from stefan.lambrev@moneybookers.com)
Received: from blah.sun-fish.com (blah.sun-fish.com [217.18.249.150])
	by mx1.freebsd.org (Postfix) with ESMTP id 762998FC19
	for <freebsd-jail@freebsd.org>; Thu, 30 Apr 2009 17:31:32 +0000 (UTC)
	(envelope-from stefan.lambrev@moneybookers.com)
Received: by blah.sun-fish.com (Postfix, from userid 1002)
	id E08DB1B13A03; Thu, 30 Apr 2009 19:31:30 +0200 (CEST)
X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on malcho.cmotd.com
X-Spam-Level: 
X-Spam-Status: No, score=-10.6 required=5.0 tests=ALL_TRUSTED,BAYES_00,
	HTML_MESSAGE autolearn=ham version=3.2.5
Received: from postal.dev.moneybookers.net (postal.dev.moneybookers.net
	[192.168.3.200])
	by blah.sun-fish.com (Postfix) with ESMTP id 43DBD1B12BFD;
	Thu, 30 Apr 2009 19:31:07 +0200 (CEST)
Received: from localhost (localhost [127.0.0.1])
	by postal.dev.moneybookers.net (Postfix) with ESMTP id 3E8B39367CD;
	Thu, 30 Apr 2009 19:30:19 +0200 (CEST)
X-Virus-Scanned: amavisd-new at moneybookers.com
Received: from postal.dev.moneybookers.net ([127.0.0.1])
	by localhost (postal.dev.moneybookers.net [127.0.0.1]) (amavisd-new,
	port 10024)
	with LMTP id fqWWxmQ1hSPs; Thu, 30 Apr 2009 19:30:16 +0200 (CEST)
Received: from hater.cmotd.com (hater.cmotd.com [192.168.3.125])
	by postal.dev.moneybookers.net (Postfix) with ESMTP id E94B7935FAA;
	Thu, 30 Apr 2009 19:30:16 +0200 (CEST)
Message-Id: <2FFE746D-9F46-4405-9CCE-01B3EF055EA0@moneybookers.com>
From: Stefan Lambrev <stefan.lambrev@moneybookers.com>
To: Miroslav Lachman <000.fbsd@quip.cz>
In-Reply-To: <49EF7D57.9010307@quip.cz>
Mime-Version: 1.0 (Apple Message framework v930.3)
Date: Thu, 30 Apr 2009 20:31:04 +0300
References: <20090207174104.Y93725@maildrop.int.zabbadoz.net>
	<C967B08C-6674-49EA-8ACD-172B3A2B830C@moneybookers.com>
	<49EF7D57.9010307@quip.cz>
X-Mailer: Apple Mail (2.930.3)
X-Virus-Scanned: ClamAV 0.94/9307/Thu Apr 30 13:49:56 2009 on blah.cmotd.com
X-Virus-Status: Clean
Content-Type: text/plain;
	charset=US-ASCII;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: 7bit
X-Content-Filtered-By: Mailman/MimeDel 2.1.5
Cc: freebsd-jail@freebsd.org
Subject: Re: HEADS UP: multi-IPv4/v6/no-IP jails now in 7-STABLE
X-BeenThere: freebsd-jail@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussion about FreeBSD jail\(8\)" <freebsd-jail.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-jail>
List-Post: <mailto:freebsd-jail@freebsd.org>
List-Help: <mailto:freebsd-jail-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-jail>,
	<mailto:freebsd-jail-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Apr 2009 17:31:33 -0000

Hi,

On Apr 22, 2009, at 11:25 PM, Miroslav Lachman wrote:

> Stefan Lambrev wrote:
>> Hi,
>> Does this allow multiple network interfaces to be used by a single   
>> jail instance?
>
> Yes, I am using it.
>
- cut -

Basically it works, but I found another problem.
I have created on two servers jails with 2 IPs on different interfaces.
First IP is on "external" interface and second IP is on internal  
interface.
As expected if I send packets from the host (outside jail) their  
source address match the IP of the interface (from which they are  
leaving the machine),
but if I send packets from jail they always go out with source address  
equal to the first IP of the jail even when they are going out
through the second interface.

I do not know if this matters but in my case, internal interface have  
few vlans and the IP is set on the vlan not directly on the interface.

Here is some output from the jail which can be useful:

igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu  
1500
	options=19b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4>
	ether 00:30:48:9c:3a:0a
	inet 192.168.3.100 netmask 0xffffffff broadcast 192.168.3.100
	media: Ethernet autoselect (100baseTX <full-duplex>)
	status: active

igb1.2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0  
mtu 1500
	options=3<RXCSUM,TXCSUM>
	ether 00:30:48:9c:3a:0b
	inet 10.35.1.1 netmask 0xffffff00 broadcast 10.35.1.255
	media: Ethernet autoselect (1000baseTX <full-duplex>)
	status: active
	vlan: 2 parent interface: igb1

And here is the tcpdump from igb1.2 when trying to ping 10.35.1.2 from  
inside jail:

17:20:04.109972 IP 192.168.3.100 > 10.35.1.2: ICMP echo request, id  
28421, seq 0, length 64
17:20:05.110321 IP 192.168.3.100 > 10.35.1.2: ICMP echo request, id  
28421, seq 1, length 64

Any idea how this can be fixed?

P.S. I know I can rewrite outgoing packets with firewall, but it's not  
performance wise,
and I expect lot of udp multicast through igb1.2, that's why this  
doesn't look like a proper solution for me.

--
Best Wishes,
Stefan Lambrev
ICQ# 24134177